Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xymon-4.3.30/lib/osdefs.c
Examining data/xymon-4.3.30/lib/sha1.c
Examining data/xymon-4.3.30/lib/rmdconst.h
Examining data/xymon-4.3.30/lib/notifylog.h
Examining data/xymon-4.3.30/lib/availability.c
Examining data/xymon-4.3.30/lib/memory.c
Examining data/xymon-4.3.30/lib/osdefs.h
Examining data/xymon-4.3.30/lib/calc.c
Examining data/xymon-4.3.30/lib/sha2.h
Examining data/xymon-4.3.30/lib/holidays.h
Examining data/xymon-4.3.30/lib/xymond_ipc.c
Examining data/xymon-4.3.30/lib/strfunc.h
Examining data/xymon-4.3.30/lib/xymond_ipc.h
Examining data/xymon-4.3.30/lib/xymonrrd.c
Examining data/xymon-4.3.30/lib/digest.h
Examining data/xymon-4.3.30/lib/memory.h
Examining data/xymon-4.3.30/lib/readmib.h
Examining data/xymon-4.3.30/lib/cgiurls.c
Examining data/xymon-4.3.30/lib/xymond_buffer.c
Examining data/xymon-4.3.30/lib/errormsg.h
Examining data/xymon-4.3.30/lib/stackio.h
Examining data/xymon-4.3.30/lib/url.h
Examining data/xymon-4.3.30/lib/color.c
Examining data/xymon-4.3.30/lib/environ.h
Examining data/xymon-4.3.30/lib/loadhosts.h
Examining data/xymon-4.3.30/lib/netservices.c
Examining data/xymon-4.3.30/lib/links.c
Examining data/xymon-4.3.30/lib/headfoot.h
Examining data/xymon-4.3.30/lib/ripemd.h
Examining data/xymon-4.3.30/lib/htmllog.c
Examining data/xymon-4.3.30/lib/ipaccess.c
Examining data/xymon-4.3.30/lib/md5.h
Examining data/xymon-4.3.30/lib/locator.c
Examining data/xymon-4.3.30/lib/digest.c
Examining data/xymon-4.3.30/lib/holidays.c
Examining data/xymon-4.3.30/lib/loadcriticalconf.c
Examining data/xymon-4.3.30/lib/timing.c
Examining data/xymon-4.3.30/lib/acknowledgementslog.c
Examining data/xymon-4.3.30/lib/readmib.c
Examining data/xymon-4.3.30/lib/rmd160c.h
Examining data/xymon-4.3.30/lib/loadhosts.c
Examining data/xymon-4.3.30/lib/tree.h
Examining data/xymon-4.3.30/lib/clientlocal.h
Examining data/xymon-4.3.30/lib/eventlog.c
Examining data/xymon-4.3.30/lib/misc.c
Examining data/xymon-4.3.30/lib/clientlocal.c
Examining data/xymon-4.3.30/lib/tree.c
Examining data/xymon-4.3.30/lib/loadalerts.c
Examining data/xymon-4.3.30/lib/loadhosts_file.c
Examining data/xymon-4.3.30/lib/netservices.h
Examining data/xymon-4.3.30/lib/eventlog.h
Examining data/xymon-4.3.30/lib/headfoot.c
Examining data/xymon-4.3.30/lib/test-endianness.c
Examining data/xymon-4.3.30/lib/msort.h
Examining data/xymon-4.3.30/lib/acklog.h
Examining data/xymon-4.3.30/lib/run.h
Examining data/xymon-4.3.30/lib/crondate.h
Examining data/xymon-4.3.30/lib/notifylog.c
Examining data/xymon-4.3.30/lib/stackio.c
Examining data/xymon-4.3.30/lib/htmllog.h
Examining data/xymon-4.3.30/lib/xymonrrd.h
Examining data/xymon-4.3.30/lib/cgi.c
Examining data/xymon-4.3.30/lib/sig.c
Examining data/xymon-4.3.30/lib/errormsg.c
Examining data/xymon-4.3.30/lib/environ.c
Examining data/xymon-4.3.30/lib/cgi.h
Examining data/xymon-4.3.30/lib/encoding.h
Examining data/xymon-4.3.30/lib/availability.h
Examining data/xymon-4.3.30/lib/sha1.h
Examining data/xymon-4.3.30/lib/loadhosts_net.c
Examining data/xymon-4.3.30/lib/timefunc.c
Examining data/xymon-4.3.30/lib/loadcriticalconf.h
Examining data/xymon-4.3.30/lib/color.h
Examining data/xymon-4.3.30/lib/encoding.c
Examining data/xymon-4.3.30/lib/timing.h
Examining data/xymon-4.3.30/lib/calc.h
Examining data/xymon-4.3.30/lib/webaccess.h
Examining data/xymon-4.3.30/lib/ipaccess.h
Examining data/xymon-4.3.30/lib/matching.h
Examining data/xymon-4.3.30/lib/strfunc.c
Examining data/xymon-4.3.30/lib/xymond_buffer.h
Examining data/xymon-4.3.30/lib/timefunc.h
Examining data/xymon-4.3.30/lib/rmd160c.c
Examining data/xymon-4.3.30/lib/webaccess.c
Examining data/xymon-4.3.30/lib/misc.h
Examining data/xymon-4.3.30/lib/links.h
Examining data/xymon-4.3.30/lib/suid.h
Examining data/xymon-4.3.30/lib/sendmsg.c
Examining data/xymon-4.3.30/lib/matching.c
Examining data/xymon-4.3.30/lib/url.c
Examining data/xymon-4.3.30/lib/acklog.c
Examining data/xymon-4.3.30/lib/files.h
Examining data/xymon-4.3.30/lib/msort.c
Examining data/xymon-4.3.30/lib/reportlog.h
Examining data/xymon-4.3.30/lib/cgiurls.h
Examining data/xymon-4.3.30/lib/reportlog.c
Examining data/xymon-4.3.30/lib/sendmsg.h
Examining data/xymon-4.3.30/lib/run.c
Examining data/xymon-4.3.30/lib/rmd_locl.h
Examining data/xymon-4.3.30/lib/locator.h
Examining data/xymon-4.3.30/lib/md5.c
Examining data/xymon-4.3.30/lib/loadalerts.h
Examining data/xymon-4.3.30/lib/suid.c
Examining data/xymon-4.3.30/lib/crondate.c
Examining data/xymon-4.3.30/lib/sig.h
Examining data/xymon-4.3.30/lib/sha2.c
Examining data/xymon-4.3.30/lib/files.c
Examining data/xymon-4.3.30/lib/acknowledgementslog.h
Examining data/xymon-4.3.30/web/csvinfo.c
Examining data/xymon-4.3.30/web/chpasswd.c
Examining data/xymon-4.3.30/web/showgraph.c
Examining data/xymon-4.3.30/web/cgiwrap.c
Examining data/xymon-4.3.30/web/report.c
Examining data/xymon-4.3.30/web/boilerplate.c
Examining data/xymon-4.3.30/web/criticaleditor.c
Examining data/xymon-4.3.30/web/acknowledgements.c
Examining data/xymon-4.3.30/web/svcstatus-info.h
Examining data/xymon-4.3.30/web/eventlog.c
Examining data/xymon-4.3.30/web/xymonpage.c
Examining data/xymon-4.3.30/web/svcstatus.c
Examining data/xymon-4.3.30/web/notifications.c
Examining data/xymon-4.3.30/web/history.c
Examining data/xymon-4.3.30/web/snapshot.c
Examining data/xymon-4.3.30/web/datepage.c
Examining data/xymon-4.3.30/web/ghostlist.c
Examining data/xymon-4.3.30/web/hostgraphs.c
Examining data/xymon-4.3.30/web/criticalview.c
Examining data/xymon-4.3.30/web/confreport.c
Examining data/xymon-4.3.30/web/svcstatus-trends.h
Examining data/xymon-4.3.30/web/svcstatus-info.c
Examining data/xymon-4.3.30/web/acknowledge.c
Examining data/xymon-4.3.30/web/perfdata.c
Examining data/xymon-4.3.30/web/ackinfo.c
Examining data/xymon-4.3.30/web/svcstatus-trends.c
Examining data/xymon-4.3.30/web/enadis.c
Examining data/xymon-4.3.30/web/hostlist.c
Examining data/xymon-4.3.30/web/appfeed.c
Examining data/xymon-4.3.30/web/findhost.c
Examining data/xymon-4.3.30/web/useradm.c
Examining data/xymon-4.3.30/web/reportlog.c
Examining data/xymon-4.3.30/web/statusreport.c
Examining data/xymon-4.3.30/xymonproxy/xymoncgimsg.c
Examining data/xymon-4.3.30/xymonproxy/xymonproxy.c
Examining data/xymon-4.3.30/client/netbsd-meminfo.c
Examining data/xymon-4.3.30/client/hpux-meminfo.c
Examining data/xymon-4.3.30/client/msgcache.c
Examining data/xymon-4.3.30/client/clientupdate.c
Examining data/xymon-4.3.30/client/openbsd-meminfo.c
Examining data/xymon-4.3.30/client/orcaxymon.c
Examining data/xymon-4.3.30/client/freebsd-meminfo.c
Examining data/xymon-4.3.30/client/logfetch.c
Examining data/xymon-4.3.30/include/libxymon.h
Examining data/xymon-4.3.30/include/version.h
Examining data/xymon-4.3.30/xymonnet/contest.c
Examining data/xymon-4.3.30/xymonnet/httpcookies.h
Examining data/xymon-4.3.30/xymonnet/xymonnet.h
Examining data/xymon-4.3.30/xymonnet/httpcookies.c
Examining data/xymon-4.3.30/xymonnet/ldaptest.c
Examining data/xymon-4.3.30/xymonnet/contest.h
Examining data/xymon-4.3.30/xymonnet/dns2.c
Examining data/xymon-4.3.30/xymonnet/dns.h
Examining data/xymon-4.3.30/xymonnet/xymonping.c
Examining data/xymon-4.3.30/xymonnet/httpresult.h
Examining data/xymon-4.3.30/xymonnet/dns.c
Examining data/xymon-4.3.30/xymonnet/dns2.h
Examining data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c
Examining data/xymon-4.3.30/xymonnet/beastat.c
Examining data/xymon-4.3.30/xymonnet/httpresult.c
Examining data/xymon-4.3.30/xymonnet/httptest.h
Examining data/xymon-4.3.30/xymonnet/httptest.c
Examining data/xymon-4.3.30/xymonnet/ldaptest.h
Examining data/xymon-4.3.30/xymonnet/xymonnet.c
Examining data/xymon-4.3.30/xymond/rrdcachectl.c
Examining data/xymon-4.3.30/xymond/trimhistory.c
Examining data/xymon-4.3.30/xymond/xymond_filestore.c
Examining data/xymon-4.3.30/xymond/xymond_rrd.h
Examining data/xymon-4.3.30/xymond/xymond_rrd.c
Examining data/xymon-4.3.30/xymond/xymonfetch.c
Examining data/xymon-4.3.30/xymond/xymond_channel.c
Examining data/xymon-4.3.30/xymond/xymond_distribute.c
Examining data/xymon-4.3.30/xymond/rrd/do_getvis.c
Examining data/xymon-4.3.30/xymond/rrd/do_mailq.c
Examining data/xymon-4.3.30/xymond/rrd/do_netstat.c
Examining data/xymon-4.3.30/xymond/rrd/do_temperature.c
Examining data/xymon-4.3.30/xymond/rrd/do_la.c
Examining data/xymon-4.3.30/xymond/rrd/do_external.c
Examining data/xymon-4.3.30/xymond/rrd/do_fd_lib.c
Examining data/xymon-4.3.30/xymond/rrd/do_paging.c
Examining data/xymon-4.3.30/xymond/rrd/do_iishealth.c
Examining data/xymon-4.3.30/xymond/rrd/do_counts.c
Examining data/xymon-4.3.30/xymond/rrd/do_xymonnet.c
Examining data/xymon-4.3.30/xymond/rrd/do_snmpmib.c
Examining data/xymon-4.3.30/xymond/rrd/do_beastat.c
Examining data/xymon-4.3.30/xymond/rrd/do_xymonproxy.c
Examining data/xymon-4.3.30/xymond/rrd/do_xymongen.c
Examining data/xymon-4.3.30/xymond/rrd/do_dbcheck.c
Examining data/xymon-4.3.30/xymond/rrd/do_asid.c
Examining data/xymon-4.3.30/xymond/rrd/do_trends.c
Examining data/xymon-4.3.30/xymond/rrd/do_xymond.c
Examining data/xymon-4.3.30/xymond/rrd/do_apache.c
Examining data/xymon-4.3.30/xymond/rrd/do_ntpstat.c
Examining data/xymon-4.3.30/xymond/rrd/do_ncv.c
Examining data/xymon-4.3.30/xymond/rrd/do_net.c
Examining data/xymon-4.3.30/xymond/rrd/do_vmstat.c
Examining data/xymon-4.3.30/xymond/rrd/do_devmon.c
Examining data/xymon-4.3.30/xymond/rrd/do_memory.c
Examining data/xymon-4.3.30/xymond/rrd/do_cics.c
Examining data/xymon-4.3.30/xymond/rrd/do_ifstat.c
Examining data/xymon-4.3.30/xymond/rrd/do_iostat.c
Examining data/xymon-4.3.30/xymond/rrd/do_mdc.c
Examining data/xymon-4.3.30/xymond/rrd/do_sendmail.c
Examining data/xymon-4.3.30/xymond/rrd/do_netapp.c
Examining data/xymon-4.3.30/xymond/rrd/do_citrix.c
Examining data/xymon-4.3.30/xymond/rrd/do_filesizes.c
Examining data/xymon-4.3.30/xymond/rrd/do_ifmib.c
Examining data/xymon-4.3.30/xymond/rrd/do_disk.c
Examining data/xymon-4.3.30/xymond/do_rrd.c
Examining data/xymon-4.3.30/xymond/xymond.c
Examining data/xymon-4.3.30/xymond/xymond_locator.c
Examining data/xymon-4.3.30/xymond/xymond_sample.c
Examining data/xymon-4.3.30/xymond/xymond_worker.c
Examining data/xymon-4.3.30/xymond/do_rrd.h
Examining data/xymon-4.3.30/xymond/convertnk.c
Examining data/xymon-4.3.30/xymond/client/hpux.c
Examining data/xymon-4.3.30/xymond/client/netbsd.c
Examining data/xymon-4.3.30/xymond/client/darwin.c
Examining data/xymon-4.3.30/xymond/client/bbwin.c
Examining data/xymon-4.3.30/xymond/client/linux.c
Examining data/xymon-4.3.30/xymond/client/freebsd.c
Examining data/xymon-4.3.30/xymond/client/powershell.c
Examining data/xymon-4.3.30/xymond/client/zos.c
Examining data/xymon-4.3.30/xymond/client/zvm.c
Examining data/xymon-4.3.30/xymond/client/osf.c
Examining data/xymon-4.3.30/xymond/client/openbsd.c
Examining data/xymon-4.3.30/xymond/client/solaris.c
Examining data/xymon-4.3.30/xymond/client/snmpcollect.c
Examining data/xymon-4.3.30/xymond/client/aix.c
Examining data/xymon-4.3.30/xymond/client/mqcollect.c
Examining data/xymon-4.3.30/xymond/client/generic.c
Examining data/xymon-4.3.30/xymond/client/zvse.c
Examining data/xymon-4.3.30/xymond/client/sco_sv.c
Examining data/xymon-4.3.30/xymond/client/irix.c
Examining data/xymon-4.3.30/xymond/xymond_hostdata.c
Examining data/xymon-4.3.30/xymond/xymond_capture.c
Examining data/xymon-4.3.30/xymond/xymond_worker.h
Examining data/xymon-4.3.30/xymond/xymond_client.c
Examining data/xymon-4.3.30/xymond/xymond_history.c
Examining data/xymon-4.3.30/xymond/do_alert.h
Examining data/xymon-4.3.30/xymond/do_alert.c
Examining data/xymon-4.3.30/xymond/xymon-mailack.c
Examining data/xymon-4.3.30/xymond/client_config.h
Examining data/xymon-4.3.30/xymond/xymond_alert.c
Examining data/xymon-4.3.30/xymond/client_config.c
Examining data/xymon-4.3.30/xymond/combostatus.c
Examining data/xymon-4.3.30/build/test-uname.c
Examining data/xymon-4.3.30/build/test-sysselecth.c
Examining data/xymon-4.3.30/build/test-ssl2.c
Examining data/xymon-4.3.30/build/test-vsnprintf.c
Examining data/xymon-4.3.30/build/test-rrd.c
Examining data/xymon-4.3.30/build/test-clockgettime-librt.c
Examining data/xymon-4.3.30/build/test-lfs.c
Examining data/xymon-4.3.30/build/test-shutdown.c
Examining data/xymon-4.3.30/build/renamevars.c
Examining data/xymon-4.3.30/build/merge-sects.c
Examining data/xymon-4.3.30/build/test-pcre.c
Examining data/xymon-4.3.30/build/test-socklent.c
Examining data/xymon-4.3.30/build/merge-lines.c
Examining data/xymon-4.3.30/build/test-lber.c
Examining data/xymon-4.3.30/build/renametasks.c
Examining data/xymon-4.3.30/build/revlog.c
Examining data/xymon-4.3.30/build/test-bintree.c
Examining data/xymon-4.3.30/build/test-pathmax.c
Examining data/xymon-4.3.30/build/test-rpcenth.c
Examining data/xymon-4.3.30/build/test-ssl.c
Examining data/xymon-4.3.30/build/test-strtoll.c
Examining data/xymon-4.3.30/build/setup-newfiles.c
Examining data/xymon-4.3.30/build/test-uint.c
Examining data/xymon-4.3.30/build/test-snprintf.c
Examining data/xymon-4.3.30/build/test-setenv.c
Examining data/xymon-4.3.30/build/test-cares.c
Examining data/xymon-4.3.30/build/test-ssl3.c
Examining data/xymon-4.3.30/build/test-ldap.c
Examining data/xymon-4.3.30/xymongen/rssgen.c
Examining data/xymon-4.3.30/xymongen/process.h
Examining data/xymon-4.3.30/xymongen/rssgen.h
Examining data/xymon-4.3.30/xymongen/pagegen.h
Examining data/xymon-4.3.30/xymongen/xymongen.h
Examining data/xymon-4.3.30/xymongen/loaddata.c
Examining data/xymon-4.3.30/xymongen/csvreport.c
Examining data/xymon-4.3.30/xymongen/util.h
Examining data/xymon-4.3.30/xymongen/wmlgen.c
Examining data/xymon-4.3.30/xymongen/debug.h
Examining data/xymon-4.3.30/xymongen/xymongen.c
Examining data/xymon-4.3.30/xymongen/pagegen.c
Examining data/xymon-4.3.30/xymongen/util.c
Examining data/xymon-4.3.30/xymongen/csvreport.h
Examining data/xymon-4.3.30/xymongen/loaddata.h
Examining data/xymon-4.3.30/xymongen/loadlayout.h
Examining data/xymon-4.3.30/xymongen/process.c
Examining data/xymon-4.3.30/xymongen/loadlayout.c
Examining data/xymon-4.3.30/xymongen/debug.c
Examining data/xymon-4.3.30/xymongen/wmlgen.h
Examining data/xymon-4.3.30/common/xymongrep.c
Examining data/xymon-4.3.30/common/xymoncfg.c
Examining data/xymon-4.3.30/common/xymoncmd.c
Examining data/xymon-4.3.30/common/xymon.c
Examining data/xymon-4.3.30/common/xymondigest.c
Examining data/xymon-4.3.30/common/xymonlaunch.c
Examining data/xymon-4.3.30/demotool/demotool.c
FINAL RESULTS:
data/xymon-4.3.30/build/setup-newfiles.c:132:4: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(destfn, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
data/xymon-4.3.30/build/setup-newfiles.c:138:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((readlink(srcfn, ldest, sizeof(ldest)-1) != -1) && (symlink(ldest, destfn) == 0)) {};
data/xymon-4.3.30/client/clientupdate.c:138:4: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(tmpfn, S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP);
data/xymon-4.3.30/client/clientupdate.c:150:4: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(tmpfn, 0, getgid());
data/xymon-4.3.30/client/clientupdate.c:151:4: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(tmpfn, S_ISUID|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP);
data/xymon-4.3.30/client/clientupdate.c:185:4: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown("bin/logfetch", 0, getgid());
data/xymon-4.3.30/client/clientupdate.c:186:4: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod("bin/logfetch", S_ISUID|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP);
data/xymon-4.3.30/client/clientupdate.c:248:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod("bin/xymonclient.sh", S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP);
data/xymon-4.3.30/client/clientupdate.c:249:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod("bin/clientupdate", S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP);
data/xymon-4.3.30/client/clientupdate.c:258:2: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown("bin/clientupdate", 0, getgid());
data/xymon-4.3.30/client/clientupdate.c:259:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod("bin/clientupdate", S_ISUID|S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP);
data/xymon-4.3.30/client/logfetch.c:710:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
int n = readlink(fn, linknam, sizeof(linknam)-1);
data/xymon-4.3.30/lib/suid.c:69:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(fn, (st.st_mode & (~S_ISUID)));
data/xymon-4.3.30/xymond/xymond_rrd.c:270:6: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(ctlsockaddr.sun_path, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH) == -1) {
data/xymon-4.3.30/build/merge-lines.c:62:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(curbckfn, "%s.bak", curfn);
data/xymon-4.3.30/build/merge-lines.c:90:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lastblankandcomment, bol);
data/xymon-4.3.30/build/merge-lines.c:109:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tail->extralines[tail->extracount-1], "%s%s", lastblankandcomment, bol);
data/xymon-4.3.30/build/merge-lines.c:160:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(walk->extralines[walk->extracount-1], "%s%s", lastblankandcomment, bol);
data/xymon-4.3.30/build/merge-lines.c:221:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newval, "%s%s", nwalk->newname, oval);
data/xymon-4.3.30/build/merge-sects.c:64:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(curbckfn, "%s.bak", curfn);
data/xymon-4.3.30/build/merge-sects.c:89:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newent->val, "[%s]\n", nwalk->newname);
data/xymon-4.3.30/build/merge-sects.c:109:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newent->val, l);
data/xymon-4.3.30/build/revlog.c:14:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "rlog \"-d>%s\" %s 2>/dev/null", date, fn);
data/xymon-4.3.30/build/revlog.c:15:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
logfd = popen(cmd, "r");
data/xymon-4.3.30/build/setup-newfiles.c:54:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(destfn, argv[1]);
data/xymon-4.3.30/build/setup-newfiles.c:58:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(destfn, p);
data/xymon-4.3.30/build/setup-newfiles.c:63:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(srcmd5, digest_done(ctx));
data/xymon-4.3.30/build/test-vsnprintf.c:16:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), fmt, args);
data/xymon-4.3.30/client/clientupdate.c:61:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(versionfn, "%s/%s", xgetenv("XYMONHOME"), CLIENTVERSIONFILE);
data/xymon-4.3.30/client/clientupdate.c:63:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(inprogressfn, "%s/%s", xgetenv("XYMONHOME"), INPROGRESSFILE);
data/xymon-4.3.30/client/clientupdate.c:121:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfn, "%s/.update.%s.%ld.tmp",
data/xymon-4.3.30/client/clientupdate.c:157:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(tmpfn, tmpfn, updateparam, "--remove-self", (char *)NULL);
data/xymon-4.3.30/client/clientupdate.c:202:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
tarpipefd = popen("tar xf -", "w");
data/xymon-4.3.30/client/clientupdate.c:211:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newverreq, "download %s.tar", newversion);
data/xymon-4.3.30/client/clientupdate.c:270:2: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("bin/clientupdate", "bin/clientupdate", "--suid-setup", (char *)NULL);
data/xymon-4.3.30/client/logfetch.c:181:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Cannot open logfile %s : %s\n", filename, strerror(openerr));
data/xymon-4.3.30/client/logfetch.c:462:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Error while reading logfile %s : %s\n", filename, strerror(errno));
data/xymon-4.3.30/client/logfetch.c:634:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, "%s, symlink -> %s", s, symlink);
data/xymon-4.3.30/client/logfetch.c:737:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fd, stsizefmt, st.st_size);
data/xymon-4.3.30/client/logfetch.c:783:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s '%s' 2>&1", ducmd, fn);
data/xymon-4.3.30/client/logfetch.c:785:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
cmdfd = popen(cmd, "r");
data/xymon-4.3.30/client/logfetch.c:922:26: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (allowexec) fd = popen(cmd, "r");
data/xymon-4.3.30/client/logfetch.c:1352:36: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
for (i = 0; (i < POSCOUNT); i++) fprintf(fd, fmt, walk->check.logcheck.lastpos[i]);
data/xymon-4.3.30/client/orcaxymon.c:78:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.orca\n", machinename);
data/xymon-4.3.30/client/orcaxymon.c:85:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%s\n", hdr, val);
data/xymon-4.3.30/common/xymoncmd.c:48:38: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (getenv("HOSTNAME") != NULL) sprintf(buf, "%s", xgetenv("HOSTNAME"));
data/xymon-4.3.30/common/xymoncmd.c:50:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else if (hasuname) sprintf(buf, "%s", u_name.nodename);
data/xymon-4.3.30/common/xymoncmd.c:53:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fd = popen("uname -n", "r");
data/xymon-4.3.30/common/xymoncmd.c:61:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(evar, "MACHINEDOTS=%s", buf);
data/xymon-4.3.30/common/xymoncmd.c:69:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (hasuname) sprintf(buf, "%s", u_name.sysname);
data/xymon-4.3.30/common/xymoncmd.c:74:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fd = popen("uname -s", "r");
data/xymon-4.3.30/common/xymoncmd.c:84:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(evar, "SERVEROSTYPE=%s", buf);
data/xymon-4.3.30/common/xymoncmd.c:98:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(evar, "XYMONCLIENTHOME=%s", homedir);
data/xymon-4.3.30/common/xymoncmd.c:145:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(envfn, "%s/etc/xymonserver.cfg", xgetenv("XYMONHOME"));
data/xymon-4.3.30/common/xymoncmd.c:147:31: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (stat(envfn, &st) == -1) sprintf(envfn, "%s/etc/xymonclient.cfg", xgetenv("XYMONHOME"));
data/xymon-4.3.30/common/xymoncmd.c:148:31: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (stat(envfn, &st) == -1) sprintf(envfn, "%s/etc/xymonclient.cfg", xgetenv("XYMONCLIENTHOME"));
data/xymon-4.3.30/common/xymoncmd.c:164:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd, cmdargs);
data/xymon-4.3.30/common/xymongrep.c:38:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "xymondboard fields=hostname,testname,color test=%s", conncolumn);
data/xymon-4.3.30/common/xymongrep.c:44:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "xymondboard fields=hostname,testname,color test=%s", testcolumn);
data/xymon-4.3.30/common/xymongrep.c:76:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mark, "\n%s|%s|", hostname, conncolumn);
data/xymon-4.3.30/common/xymongrep.c:91:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mark, "\n%s|%s|", hostname, testcolumn);
data/xymon-4.3.30/common/xymonlaunch.c:548:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config, "%s/etc/tasks.cfg", xgetenv("XYMONHOME"));
data/xymon-4.3.30/common/xymonlaunch.c:762:6: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd, cmdargs);
data/xymon-4.3.30/demotool/demotool.c:102:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s/%s", path, dent->d_name, svc);
data/xymon-4.3.30/demotool/demotool.c:123:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s", path, dent->d_name);
data/xymon-4.3.30/demotool/demotool.c:127:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s/%s", path, dent->d_name, attr);
data/xymon-4.3.30/demotool/demotool.c:150:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(*buf, newtext);
data/xymon-4.3.30/demotool/demotool.c:169:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s", cpath, d->d_name);
data/xymon-4.3.30/demotool/demotool.c:173:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "[%s]\n", d->d_name+7);
data/xymon-4.3.30/demotool/demotool.c:449:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conn->respbuf, "client %s.%s\n[date]\n%s[uptime]\n %02d:%02d:%02d up %d days, %d:%02d, 1 users, load average: 0.21, %5.2f, 0.25\n\n%s\n",
data/xymon-4.3.30/lib/acklog.c:89:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(l, "%u\t%d\t%d\t%d\t%s\t%s\t%s\t%n",
data/xymon-4.3.30/lib/acknowledgementslog.c:217:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
itemsfound = sscanf(l, "%*u-%*u-%*u %*u:%*u:%*u %s %s %s %*u %*u %u %u %[^\t\n]", host, svc, recipient, &etim, &valid, message);
data/xymon-4.3.30/lib/acknowledgementslog.c:220:20: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
itemsfound = sscanf(l, "%u\t%*u\t%d\t%*u\tnp_filename_not_used\t%s\t%*s\t%[^\n]", &etim, &duration, host, message);
data/xymon-4.3.30/lib/availability.c:242:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
*scanres = sscanf(buf+25, "%s %u %u", colstr, start, duration);
data/xymon-4.3.30/lib/cgiurls.c:39:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(url, url_buflen,
data/xymon-4.3.30/lib/errormsg.c:55:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), fmt, args);
data/xymon-4.3.30/lib/errormsg.c:89:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(debugfd, fmt, args);
data/xymon-4.3.30/lib/errormsg.c:149:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(tracefd, fmt, args);
data/xymon-4.3.30/lib/errormsg.h:23:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define logprintf(...) printf(__VA_ARGS__);
data/xymon-4.3.30/lib/eventlog.c:635:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
itemsfound = sscanf(l, "%s %s %u %u %u %s %s %d",
data/xymon-4.3.30/lib/htmllog.c:607:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(linkurl, sizeof(linkurl), docurl, hostname);
data/xymon-4.3.30/lib/links.c:183:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(linkurl, linkurl_buflen, columndocurl, colname);
data/xymon-4.3.30/lib/links.c:202:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(linkurl, linkurl_buflen, hostdocurl, hostname);
data/xymon-4.3.30/lib/loadhosts.c:377:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (result && hivals[XMH_IP]) strcpy(hostip, hivals[XMH_IP]);
data/xymon-4.3.30/lib/loadhosts.c:400:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hostip, walk->ip);
data/xymon-4.3.30/lib/loadhosts.c:577:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(result, result_buflen, p, host->hostname);
data/xymon-4.3.30/lib/loadhosts_file.c:305:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(inbol, "%d.%d.%d.%d %s", &ip1, &ip2, &ip3, &ip4, hostname) == 5) {
data/xymon-4.3.30/lib/memory.c:284:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
printedbytes = vsnprintf(dest, availablebytes, fmt, args);
data/xymon-4.3.30/lib/memory.c:293:17: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
printedbytes = vsprintf(dest, fmt, args);
data/xymon-4.3.30/lib/memory.h:79:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#undef strcat
data/xymon-4.3.30/lib/memory.h:81:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#undef strcpy
data/xymon-4.3.30/lib/memory.h:83:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#undef sprintf
data/xymon-4.3.30/lib/memory.h:85:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define strcat(D,S) xstrcat((D), (S))
data/xymon-4.3.30/lib/memory.h:87:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define strcpy(D,S) xstrcpy((D), (S))
data/xymon-4.3.30/lib/memory.h:89:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define sprintf xsprintf
data/xymon-4.3.30/lib/misc.c:526:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inpipe = popen(extfn, "r");
data/xymon-4.3.30/lib/notifylog.c:205:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
itemsfound = sscanf(l, "%*s %*s %*u %*u:%*u:%*u %*u %s %*s %s %u %*d", hostsvc, recipient, &etim);
data/xymon-4.3.30/lib/osdefs.c:19:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *str, size_t size, const char *format, ...)
data/xymon-4.3.30/lib/osdefs.c:24:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return vsprintf(str, format, args);
data/xymon-4.3.30/lib/osdefs.c:29:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int vsnprintf(char *str, size_t size, const char *format, va_list args)
data/xymon-4.3.30/lib/osdefs.c:31:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return vsprintf(str, format, args);
data/xymon-4.3.30/lib/osdefs.h:25:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int snprintf(char *str, size_t size, const char *format, ...);
data/xymon-4.3.30/lib/osdefs.h:29:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int vsnprintf(char *str, size_t size, const char *format, va_list ap);
data/xymon-4.3.30/lib/run.c:71:33: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (strchr(cmd, ' ') == NULL) execlp(cmd, cmd, NULL);
data/xymon-4.3.30/lib/run.c:75:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(shell, "sh", "-c", cmd, NULL);
data/xymon-4.3.30/lib/sig.c:52:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(signal_xymoncmd, "xymon-signal", signal_xymondserver, signal_msg, NULL);
data/xymon-4.3.30/lib/timefunc.c:520:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
p += snprintf(p, (sizeof(result) - (p - result)), (*result ? "%02ldh" : "%ldh"), (left / 3600));
data/xymon-4.3.30/lib/timefunc.c:524:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
p += snprintf(p, (sizeof(result) - (p - result)), (*result ? "%02ldm" : "%ldm"), (left / 60));
data/xymon-4.3.30/lib/xymonrrd.c:299:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(rrdparturl, rrdparturl_buflen, fmt, rrdservicename, svcurl, svcurl, rrdservicename, svcurl, xgetenv("XYMONSKIN"), xgetenv("IMAGEFILETYPE"));
data/xymon-4.3.30/web/cgiwrap.c:129:2: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(executable, options);
data/xymon-4.3.30/web/chpasswd.c:195:13: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd, cmdargs);
data/xymon-4.3.30/web/chpasswd.c:224:13: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd, cmdargs);
data/xymon-4.3.30/web/confreport.c:316:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newitem->visualdata, visdata);
data/xymon-4.3.30/web/criticaleditor.c:90:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rq_critwkdays, cwalk->value);
data/xymon-4.3.30/web/criticaleditor.c:131:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rq_clonestodrop, cwalk->value);
data/xymon-4.3.30/web/csvinfo.c:166:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(items[i], (strlen(p1) ? p1 : " "));
data/xymon-4.3.30/web/history.c:766:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fd = popen(tailcmd, "r");
data/xymon-4.3.30/web/hostlist.c:54:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fields, cwalk->name);
data/xymon-4.3.30/web/report.c:308:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(xymongencmd, xymongen_argv);
data/xymon-4.3.30/web/showgraph.c:499:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outp, inp);
data/xymon-4.3.30/web/showgraph.c:505:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outp, inp); strcat(outp, "\\:");
data/xymon-4.3.30/web/showgraph.c:847:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(service, realservice);
data/xymon-4.3.30/web/showgraph.c:947:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(rrddbs[i].rrdparam, buflen, paramfmt, hostlist[i]);
data/xymon-4.3.30/web/showgraph.c:1084:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
p += snprintf(p, pcmdlen+1, param_str, gdef->title+5, displayname, service, glegend);
data/xymon-4.3.30/web/showgraph.c:1090:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pfd = popen(pcmd, "r");
data/xymon-4.3.30/web/snapshot.c:233:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(xymongencmd, xymongen_argv);
data/xymon-4.3.30/web/useradm.c:158:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd, cmdargs);
data/xymon-4.3.30/web/useradm.c:197:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd, cmdargs);
data/xymon-4.3.30/xymond/client/aix.c:39:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/bbwin.c:54:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine recently rebooted\n", colorname(uptimecolor));
data/xymon-4.3.30/xymond/client/bbwin.c:59:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine has been up more than %d days\n", colorname(uptimecolor), (ancientlimit / 86400));
data/xymon-4.3.30/xymond/client/bbwin.c:64:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.uptime %s %s %s\n",
data/xymon-4.3.30/xymond/client/bbwin.c:133:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.cpu %s %s %s",
data/xymon-4.3.30/xymond/client/bbwin.c:226:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s System clock is %ld seconds off (max %ld)\n",
data/xymon-4.3.30/xymond/client/bbwin.c:238:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.timediff %s %s %s\n",
data/xymon-4.3.30/xymond/client/bbwin.c:278:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.who %s %s %s\n",
data/xymon-4.3.30/xymond/client/bbwin.c:339:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol); startupstr = getcolumn(p, startupcol);
data/xymon-4.3.30/xymond/client/bbwin.c:340:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol); statestr = getcolumn(p, statecol);
data/xymon-4.3.30/xymond/client/bbwin.c:355:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green %s\n", sname);
data/xymon-4.3.30/xymond/client/bbwin.c:359:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s\n",
data/xymon-4.3.30/xymond/client/bbwin.c:382:28: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/bbwin.c:385:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.svcs %s %s - Services %s\n",
data/xymon-4.3.30/xymond/client/bbwin.c:434:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/darwin.c:36:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/freebsd.c:44:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/generic.c:24:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/hpux.c:40:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/irix.c:36:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/linux.c:38:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/linux.c:157:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(statcopy, "%s\nmd999\n", mdstatstr);
data/xymon-4.3.30/xymond/client/linux.c:225:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.raid %s %s - RAID %s\n\n",
data/xymon-4.3.30/xymond/client/mqcollect.c:26:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (groups) sprintf(msgline, "status/group:%s ", groups); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/mqcollect.c:28:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.mq %s %s\n",
data/xymon-4.3.30/xymond/client/mqcollect.c:65:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/mqcollect.c:93:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&red Queue %s:%s has depth %d (critical: %d, warn: %d)\n",
data/xymon-4.3.30/xymond/client/mqcollect.c:99:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&yellow Queue %s:%s has depth %d (warn: %d, critical: %d)\n",
data/xymon-4.3.30/xymond/client/mqcollect.c:104:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green Queue %s:%s has depth %d (warn: %d, critical: %d)\n",
data/xymon-4.3.30/xymond/client/mqcollect.c:112:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&red Queue %s:%s has age %d (critical: %d, warn: %d)\n",
data/xymon-4.3.30/xymond/client/mqcollect.c:118:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&yellow Queue %s:%s has age %d (warn: %d, critical: %d)\n",
data/xymon-4.3.30/xymond/client/mqcollect.c:123:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green Queue %s:%s has age %d (warn: %d, critical: %d)\n",
data/xymon-4.3.30/xymond/client/mqcollect.c:144:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&red Channel %s:%s has status %s\n", qmid, chnnam, chnstatus);
data/xymon-4.3.30/xymond/client/mqcollect.c:148:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&yellow Channel %s:%s has status %s\n", qmid, chnnam, chnstatus);
data/xymon-4.3.30/xymond/client/mqcollect.c:152:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green Channel %s:%s has status %s\n", qmid, chnnam, chnstatus);
data/xymon-4.3.30/xymond/client/netbsd.c:38:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/openbsd.c:38:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/osf.c:37:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/sco_sv.c:38:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/snmpcollect.c:31:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/snmpcollect.c:84:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (groups) sprintf(msgline, "status/group:%s ", groups); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/snmpcollect.c:86:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.%s %s %s\n", hostname, mibname, colorname(color), ctime(×tamp));
data/xymon-4.3.30/xymond/client/solaris.c:41:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/solaris.c:118:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpline, bol);
data/xymon-4.3.30/xymond/client/solaris.c:155:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.iostatdisk\n%s\n", commafy(hostname), osname(os));
data/xymon-4.3.30/xymond/client/zos.c:49:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(myupstr, "%s\n", uptimestr);
data/xymon-4.3.30/xymond/client/zos.c:78:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine recently rebooted\n", colorname(uptimecolor));
data/xymon-4.3.30/xymond/client/zos.c:83:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine has been up more than %d days\n", colorname(uptimecolor), (ancientlimit / 86400));
data/xymon-4.3.30/xymond/client/zos.c:88:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.cpu %s %s %s %s %s\n",
data/xymon-4.3.30/xymond/client/zos.c:134:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pagingresult, "Can not find page rate value in:\n%s\n", pagingstr);
data/xymon-4.3.30/xymond/client/zos.c:150:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.paging %s %s %s %s\n",
data/xymon-4.3.30/xymond/client/zos.c:259:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.memory %s %s\n%s %s %s %s %s",
data/xymon-4.3.30/xymond/client/zos.c:317:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cicsresult,"%-8s %6d %3.1f %3.1f\n", cicsappl, numtrans, dsapct, edsapct);
data/xymon-4.3.30/xymond/client/zos.c:322:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&yellow CICS system %s not responding, removed\n", cicsappl);
data/xymon-4.3.30/xymond/client/zos.c:333:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&red %s DSA Utilization is CRITICAL\n", cicsappl);
data/xymon-4.3.30/xymond/client/zos.c:339:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&yellow %s DSA Utilization is HIGH\n", cicsappl);
data/xymon-4.3.30/xymond/client/zos.c:346:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&red %s EDSA Utilization is CRITICAL\n", cicsappl);
data/xymon-4.3.30/xymond/client/zos.c:352:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&yellow %s EDSA Utilization is HIGH\n", cicsappl);
data/xymon-4.3.30/xymond/client/zos.c:361:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.cics %s %s %s\n",
data/xymon-4.3.30/xymond/client/zos.c:407:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.proccounts\n", commafy(hostname));
data/xymon-4.3.30/xymond/client/zos.c:416:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s No process checks defined\n", colorname(noreportcolor));
data/xymon-4.3.30/xymond/client/zos.c:459:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green %s (found %d, req. %s)\n", pname, pcount, limtxt);
data/xymon-4.3.30/xymond/client/zos.c:464:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s (found %d, req. %s)\n",
data/xymon-4.3.30/xymond/client/zos.c:473:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%u\n", pid, pcount);
data/xymon-4.3.30/xymond/client/zos.c:489:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/zos.c:492:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.procs %s %s - Processes %s\n",
data/xymon-4.3.30/xymond/client/zos.c:519:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s\n", tok);
data/xymon-4.3.30/xymond/client/zos.c:605:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.maxuser %s %s\n%s",
data/xymon-4.3.30/xymond/client/zos.c:639:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/zvm.c:48:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(myupstr, "%s\n", uptimestr);
data/xymon-4.3.30/xymond/client/zvm.c:77:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine recently rebooted\n", colorname(uptimecolor));
data/xymon-4.3.30/xymond/client/zvm.c:82:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine has been up more than %d days\n", colorname(uptimecolor), (ancientlimit / 86400));
data/xymon-4.3.30/xymond/client/zvm.c:87:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.cpu %s %s %s %s %s\n",
data/xymon-4.3.30/xymond/client/zvm.c:142:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.paging %s %s %s %s\n",
data/xymon-4.3.30/xymond/client/zvm.c:187:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.mdc\n%s\n%d:%d:%d\n", commafy(hostname), osname(os), mdcreads, mdcwrites, mdchitpct);
data/xymon-4.3.30/xymond/client/zvm.c:217:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.proccounts\n", commafy(hostname));
data/xymon-4.3.30/xymond/client/zvm.c:226:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s No process checks defined\n", colorname(noreportcolor));
data/xymon-4.3.30/xymond/client/zvm.c:269:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green %s (found %d, req. %s)\n", pname, pcount, limtxt);
data/xymon-4.3.30/xymond/client/zvm.c:274:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s (found %d, req. %s)\n",
data/xymon-4.3.30/xymond/client/zvm.c:283:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%u\n", pid, pcount);
data/xymon-4.3.30/xymond/client/zvm.c:299:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/zvm.c:302:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.procs %s %s - Processes %s\n",
data/xymon-4.3.30/xymond/client/zvm.c:333:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%-8s %-8s %-8s %-8s\n", nm[0], nm[1], nm[2], nm[3]);
data/xymon-4.3.30/xymond/client/zvm.c:342:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%-8s %-8s %-8s %-8s\n", nm[0], nm[1], nm[2], nm[3]);
data/xymon-4.3.30/xymond/client/zvm.c:374:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client/zvse.c:48:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(myupstr, "%s\n", uptimestr);
data/xymon-4.3.30/xymond/client/zvse.c:77:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine recently rebooted\n", colorname(uptimecolor));
data/xymon-4.3.30/xymond/client/zvse.c:82:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine has been up more than %d days\n", colorname(uptimecolor), (ancientlimit / 86400));
data/xymon-4.3.30/xymond/client/zvse.c:87:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.cpu %s %s %s %s %s\n",
data/xymon-4.3.30/xymond/client/zvse.c:133:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pagingresult, "Can not find page rate value in:\n%s\n", pagingstr);
data/xymon-4.3.30/xymond/client/zvse.c:149:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.paging %s %s %s %s\n",
data/xymon-4.3.30/xymond/client/zvse.c:207:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cicsresult,"%-8s %6d %3.1f %3.1f\n", cicsappl, numtrans, dsapct, edsapct);
data/xymon-4.3.30/xymond/client/zvse.c:212:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&yellow CICS system %s not responding, removed\n", cicsappl);
data/xymon-4.3.30/xymond/client/zvse.c:223:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&red %s DSA Utilization is CRITICAL\n", cicsappl);
data/xymon-4.3.30/xymond/client/zvse.c:229:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&yellow %s DSA Utilization is HIGH\n", cicsappl);
data/xymon-4.3.30/xymond/client/zvse.c:236:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&red %s EDSA Utilization is CRITICAL\n", cicsappl);
data/xymon-4.3.30/xymond/client/zvse.c:242:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&yellow %s EDSA Utilization is HIGH\n", cicsappl);
data/xymon-4.3.30/xymond/client/zvse.c:251:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.cics %s %s %s\n",
data/xymon-4.3.30/xymond/client/zvse.c:297:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.proccounts\n", commafy(hostname));
data/xymon-4.3.30/xymond/client/zvse.c:306:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s No process checks defined\n", colorname(noreportcolor));
data/xymon-4.3.30/xymond/client/zvse.c:349:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green %s (found %d, req. %s)\n", pname, pcount, limtxt);
data/xymon-4.3.30/xymond/client/zvse.c:354:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s (found %d, req. %s)\n",
data/xymon-4.3.30/xymond/client/zvse.c:363:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%u\n", pid, pcount);
data/xymon-4.3.30/xymond/client/zvse.c:379:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/zvse.c:382:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.procs %s %s - Processes %s\n",
data/xymon-4.3.30/xymond/client/zvse.c:409:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s\n", tok);
data/xymon-4.3.30/xymond/client/zvse.c:470:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.memory %s %s %s\n%s",
data/xymon-4.3.30/xymond/client/zvse.c:531:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(getvisentry, "%s %d %d %d %d", jinfo, &used24, &free24, &usedany, &freeany);
data/xymon-4.3.30/xymond/client/zvse.c:536:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jobname,q); /* Copy jobname */
data/xymon-4.3.30/xymond/client/zvse.c:539:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pid,jinfo); /* Just copy jinfo into partition ID */
data/xymon-4.3.30/xymond/client/zvse.c:546:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(getvisresult,"%-3s %-8s %6d %6d %6d %6d %6d %6d %3.0f %3.0f\n", pid, jobname, size24, used24, free24, sizeany, usedany, freeany, used24p, usedanyp);
data/xymon-4.3.30/xymond/client/zvse.c:552:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&red 24-bit Getvis utilization for %s is CRITICAL\n", pid);
data/xymon-4.3.30/xymond/client/zvse.c:558:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&yellow 24-bit Getvis utilization for %s is HIGH\n", pid);
data/xymon-4.3.30/xymond/client/zvse.c:565:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&red Any Getvis utilization for %s is CRITICAL\n", pid);
data/xymon-4.3.30/xymond/client/zvse.c:571:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempresult,"&yellow Any Getvis utilization for %s is HIGH\n", pid);
data/xymon-4.3.30/xymond/client/zvse.c:580:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.getvis %s %s %s\n",
data/xymon-4.3.30/xymond/client/zvse.c:651:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.nparts %s %s\n%s",
data/xymon-4.3.30/xymond/client/zvse.c:685:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fromline, "\nStatus message received from %s\n", sender);
data/xymon-4.3.30/xymond/client_config.c:512:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, ",%s,", group);
data/xymon-4.3.30/xymond/client_config.c:526:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(grouplist + curlen, "%s,", key);
data/xymon-4.3.30/xymond/client_config.c:544:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (configfn) strcpy(fn, configfn); else sprintf(fn, "%s/etc/analysis.cfg", xgetenv("XYMONHOME"));
data/xymon-4.3.30/xymond/client_config.c:544:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (configfn) strcpy(fn, configfn); else sprintf(fn, "%s/etc/analysis.cfg", xgetenv("XYMONHOME"));
data/xymon-4.3.30/xymond/client_config.c:2399:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mibkeyval_id, "%s!%s!%s", mibname, (keyname ? keyname : ""), valname);
data/xymon-4.3.30/xymond/client_config.c:2430:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mibval_id, "%s:%s", mibname, valname);
data/xymon-4.3.30/xymond/client_config.c:2496:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s:%s %ld (minimum: %ld)\n",
data/xymon-4.3.30/xymond/client_config.c:2499:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s %ld (minimum: %ld)\n",
data/xymon-4.3.30/xymond/client_config.c:2508:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s:%s %ld (maximum: %ld)\n",
data/xymon-4.3.30/xymond/client_config.c:2511:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s %ld (maximum: %ld)\n",
data/xymon-4.3.30/xymond/client_config.c:2524:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s:%s %s (expected: %s)\n",
data/xymon-4.3.30/xymond/client_config.c:2527:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s %s (expected: %s)\n",
data/xymon-4.3.30/xymond/client_config.c:2532:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green %s:%s %s\n", keyname, dnam, dval);
data/xymon-4.3.30/xymond/client_config.c:2534:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green %s %s\n", dnam, dval);
data/xymon-4.3.30/xymond/client_config.c:2604:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s ", colorname(rule->rule.log.color));
data/xymon-4.3.30/xymond/client_config.c:2774:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "File is a %s - should be %s\n",
data/xymon-4.3.30/xymond/client_config.c:2854:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "File is owned by user %s - should be %s\n",
data/xymon-4.3.30/xymond/client_config.c:2871:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "File is owned by group %s - should be %s\n",
data/xymon-4.3.30/xymond/client_config.c:2928:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "File has MD5 hash %s - should be %s\n",
data/xymon-4.3.30/xymond/client_config.c:2937:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "File has SHA1 hash %s - should be %s\n",
data/xymon-4.3.30/xymond/client_config.c:2946:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "File has SHA256 hash %s - should be %s\n",
data/xymon-4.3.30/xymond/client_config.c:2955:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "File has SHA512 hash %s - should be %s\n",
data/xymon-4.3.30/xymond/client_config.c:2964:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "File has SHA224 hash %s - should be %s\n",
data/xymon-4.3.30/xymond/client_config.c:2973:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "File has SHA384 hash %s - should be %s\n",
data/xymon-4.3.30/xymond/client_config.c:2982:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "File has RMD160 hash %s - should be %s\n",
data/xymon-4.3.30/xymond/client_config.c:3043:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "Could not determine size of directory %s\n", filename);
data/xymon-4.3.30/xymond/client_config.c:3172:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "modify %s.%s %s rrdds ",
data/xymon-4.3.30/xymond/client_config.c:3528:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "local=%s ", (*walk)->rule->rule.port.localexp->pattern);
data/xymon-4.3.30/xymond/client_config.c:3530:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "exlocal=%s ", (*walk)->rule->rule.port.exlocalexp->pattern);
data/xymon-4.3.30/xymond/client_config.c:3532:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "remote=%s ", (*walk)->rule->rule.port.remoteexp->pattern);
data/xymon-4.3.30/xymond/client_config.c:3534:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "exremote=%s ", (*walk)->rule->rule.port.exremoteexp->pattern);
data/xymon-4.3.30/xymond/client_config.c:3536:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "state=%s ", (*walk)->rule->rule.port.stateexp->pattern);
data/xymon-4.3.30/xymond/client_config.c:3538:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "exstate=%s ", (*walk)->rule->rule.port.exstateexp->pattern);
data/xymon-4.3.30/xymond/client_config.c:3578:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s is %s/%s", (*walk)->rule->rule.svc.svcname,
data/xymon-4.3.30/xymond/client_config.c:3584:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s: No matching service", (*walk)->rule->rule.svc.svcexp->pattern);
data/xymon-4.3.30/xymond/client_config.c:3586:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, " - want %s/%s",
data/xymon-4.3.30/xymond/combostatus.c:131:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/etc/combo.cfg", xgetenv("XYMONHOME"));
data/xymon-4.3.30/xymond/combostatus.c:220:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pattern, "\n%s|%s|", hostname, testname);
data/xymon-4.3.30/xymond/combostatus.c:266:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(*errbuf, errtext);
data/xymon-4.3.30/xymond/combostatus.c:354:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errtext, "compute(%s) returned error %d\n", expr, error);
data/xymon-4.3.30/xymond/combostatus.c:360:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(*errbuf, errtext);
data/xymon-4.3.30/xymond/combostatus.c:445:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.%s %s %s\n\n", commafy(t->reshostname), ( t->restestname ? t->restestname : "combostatuserror" ), colorname(color), timestamp);
data/xymon-4.3.30/xymond/combostatus.c:457:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s <a href=\"%s/svcstatus.sh?HOST=%s&SERVICE=%s\">%s</a>\n",
data/xymon-4.3.30/xymond/do_alert.c:64:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s|%s|%d", hostname, testname, (int)eventstart);
data/xymon-4.3.30/xymond/do_alert.c:91:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(svccodes, ",%s", p);
data/xymon-4.3.30/xymond/do_alert.c:95:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tname, ",%s:", testname);
data/xymon-4.3.30/xymond/do_alert.c:127:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(id, "%s|%s|%s|%s", alert->hostname, alert->testname, method, recip->recipient);
data/xymon-4.3.30/xymond/do_alert.c:157:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, inpos);
data/xymon-4.3.30/xymond/do_alert.c:161:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, hostname);
data/xymon-4.3.30/xymond/do_alert.c:165:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, svcname);
data/xymon-4.3.30/xymond/do_alert.c:169:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, colorname);
data/xymon-4.3.30/xymond/do_alert.c:178:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, inpos);
data/xymon-4.3.30/xymond/do_alert.c:211:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(subj, sizeof(subj), subjfmt,
data/xymon-4.3.30/xymond/do_alert.c:217:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(subj, sizeof(subj), subjfmt,
data/xymon-4.3.30/xymond/do_alert.c:223:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(subj, sizeof(subj), subjfmt,
data/xymon-4.3.30/xymond/do_alert.c:229:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(subj, sizeof(subj), subjfmt,
data/xymon-4.3.30/xymond/do_alert.c:256:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "%s:%s INFO\n", alert->hostname, alert->testname);
data/xymon-4.3.30/xymond/do_alert.c:291:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "See %s%s\n",
data/xymon-4.3.30/xymond/do_alert.c:308:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "%s:%s %s [%d]",
data/xymon-4.3.30/xymond/do_alert.c:314:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "%s:%s RECOVERED",
data/xymon-4.3.30/xymond/do_alert.c:319:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "%s:%s DISABLED",
data/xymon-4.3.30/xymond/do_alert.c:324:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "%s:%s NOTICE",
data/xymon-4.3.30/xymond/do_alert.c:350:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "%s:%s %s [%d]\n",
data/xymon-4.3.30/xymond/do_alert.c:355:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(info, "See %s%s\n",
data/xymon-4.3.30/xymond/do_alert.c:463:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s \"%s\" ", xgetenv("MAIL"), mailsubj);
data/xymon-4.3.30/xymond/do_alert.c:465:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s -s \"%s\" ", xgetenv("MAILC"), mailsubj);
data/xymon-4.3.30/xymond/do_alert.c:467:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "mail -s \"%s\" ", mailsubj);
data/xymon-4.3.30/xymond/do_alert.c:471:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s ", xgetenv("MAILC"));
data/xymon-4.3.30/xymond/do_alert.c:475:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd, mailrecip);
data/xymon-4.3.30/xymond/do_alert.c:480:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
mailpipe = popen(cmd, "w");
data/xymon-4.3.30/xymond/do_alert.c:546:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rcpt, "RCPT=%s", scriptrecip);
data/xymon-4.3.30/xymond/do_alert.c:550:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bbhostname, "BBHOSTNAME=%s", alert->hostname);
data/xymon-4.3.30/xymond/do_alert.c:554:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bbhostsvc, "BBHOSTSVC=%s.%s", alert->hostname, alert->testname);
data/xymon-4.3.30/xymond/do_alert.c:558:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bbhostsvccommas, "BBHOSTSVCCOMMAS=%s.%s", commafy(alert->hostname), alert->testname);
data/xymon-4.3.30/xymond/do_alert.c:575:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bbsvcname, "BBSVCNAME=%s", alert->testname);
data/xymon-4.3.30/xymond/do_alert.c:583:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bbcolorlevel, "BBCOLORLEVEL=%s", colorname(alert->color));
data/xymon-4.3.30/xymond/do_alert.c:619:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(alertidenv, "ALERTID=%s", alertid);
data/xymon-4.3.30/xymond/do_alert.c:632:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bbhenv, "%s=%s", id, itm);
data/xymon-4.3.30/xymond/do_alert.c:639:6: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(recip->scriptname, recip->scriptname, NULL);
data/xymon-4.3.30/xymond/do_alert.c:768:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(id, "%s|%s|", alert->hostname, alert->testname);
data/xymon-4.3.30/xymond/do_rrd.c:131:8: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
n = execvp(cmd, argv);
data/xymon-4.3.30/xymond/do_rrd.c:166:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(rrdfn, sizeof(rrdfn)-1, format, param);
data/xymon-4.3.30/xymond/do_rrd.c:181:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(rrdfn, sizeof(rrdfn)-1, format, param1, param2);
data/xymon-4.3.30/xymond/do_rrd.c:195:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(rrdfn, sizeof(rrdfn)-1, format, param1, param2, param3);
data/xymon-4.3.30/xymond/do_rrd.c:207:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rrdfn+(NAME_MAX-50), "_%s.rrd", hash);
data/xymon-4.3.30/xymond/do_rrd.c:288:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filedir, "%s/%s", rrddir, hostname);
data/xymon-4.3.30/xymond/do_rrd.c:347:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rrakey, "%s/%d", testname, pollinterval);
data/xymon-4.3.30/xymond/do_rrd.c:524:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filedir, "%s%s", rrddir, cacheitem->key);
data/xymon-4.3.30/xymond/do_rrd.c:576:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filedir, "%s%s", rrddir, cacheitem->key);
data/xymon-4.3.30/xymond/rrd/do_apache.c:46:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rrdvalues, p);
data/xymon-4.3.30/xymond/rrd/do_cics.c:37:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(pr, "%s %d %f %f", cicsappl, &numtrans, &dsapct, &edsapct);
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:163:30: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ( sscanf(start,"ROLLBACK percentage for %s is %f",execname,&pct) !=2) goto nextline;
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:292:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(diskname,"/%s",columns[0]);
data/xymon-4.3.30/xymond/rrd/do_devmon.c:95:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rrdvalues,dsval);
data/xymon-4.3.30/xymond/rrd/do_devmon.c:103:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rrdvalues,dsval);
data/xymon-4.3.30/xymond/rrd/do_disk.c:137:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(diskname, "/%s", columns[0]);
data/xymon-4.3.30/xymond/rrd/do_external.c:71:11: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extfd = popen(extcmd, "r");
data/xymon-4.3.30/xymond/rrd/do_getvis.c:39:25: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(p, "%s %s %d %d %d %d %d %d %d %d", pid, jnm, &j1, &j2, &j3, &j4, &j5, &j6, &used24p, &usedanyp);
data/xymon-4.3.30/xymond/rrd/do_iostat.c:201:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "%f %f %f %f %f %f %f %f %f %f %f %f %f %f %s",
data/xymon-4.3.30/xymond/rrd/do_ncv.c:35:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(envnam, "SPLITNCV_%s", testname);
data/xymon-4.3.30/xymond/rrd/do_ncv.c:45:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(envnam, "NCV_%s", testname);
data/xymon-4.3.30/xymond/rrd/do_ncv.c:51:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dstypes, ",%s,", l);
data/xymon-4.3.30/xymond/rrd/do_netapp.c:574:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(diskname,"/%s",columns[5+snapreserve]);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:50:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (udpreceived ? udpreceived : "U")); if (udpreceived) xfree(udpreceived);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:51:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (udpsent ? udpsent : "U")); if (udpsent) xfree(udpsent);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:52:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (udperrors ? udperrors : "U")); if (udperrors) xfree(udperrors);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:53:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpconnrequests ? tcpconnrequests : "U")); if (tcpconnrequests) xfree(tcpconnrequests);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:54:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpconnaccepts ? tcpconnaccepts : "U")); if (tcpconnaccepts) xfree(tcpconnaccepts);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:55:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpconnfails ? tcpconnfails : "U")); if (tcpconnfails) xfree(tcpconnfails);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:56:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpconncurrent ? tcpconncurrent : "U")); if (tcpconncurrent) xfree(tcpconncurrent);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:57:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpconnresets ? tcpconnresets : "U")); if (tcpconnresets) xfree(tcpconnresets);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:58:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpoutdatabytes ? tcpoutdatabytes : "U")); if (tcpoutdatabytes) xfree(tcpoutdatabytes);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:59:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpinorderbytes ? tcpinorderbytes : "U")); if (tcpinorderbytes) xfree(tcpinorderbytes);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:60:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpoutorderbytes ? tcpoutorderbytes : "U")); if (tcpoutorderbytes) xfree(tcpoutorderbytes);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:61:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpretransbytes ? tcpretransbytes : "U")); if (tcpretransbytes) xfree(tcpretransbytes);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:62:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpoutdatapackets ? tcpoutdatapackets : "U")); if (tcpoutdatapackets) xfree(tcpoutdatapackets);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:63:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpinorderpackets ? tcpinorderpackets : "U")); if (tcpinorderpackets) xfree(tcpinorderpackets);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:64:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpoutorderpackets ? tcpoutorderpackets : "U")); if (tcpoutorderpackets) xfree(tcpoutorderpackets);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:65:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
outp += sprintf(outp, ":%s", (tcpretranspackets ? tcpretranspackets : "U")); if (tcpretranspackets) xfree(tcpretranspackets);
data/xymon-4.3.30/xymond/rrd/do_sendmail.c:86:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
found = sscanf(bofdata, "%*s %lu %luK %lu %luK %lu %lu %lu %s",
data/xymon-4.3.30/xymond/rrd/do_sendmail.c:96:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
found = sscanf(bofdata, "%*s %lu %luK %lu %luK %lu %lu %s",
data/xymon-4.3.30/xymond/rrd/do_sendmail.c:105:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
found = sscanf(bofdata, "%*s %lu %luK %lu %luK %s",
data/xymon-4.3.30/xymond/rrd/do_snmpmib.c:114:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newitem->dsdefs[newitem->valcount], "DS:%s:%s:600:%s:U",
data/xymon-4.3.30/xymond/rrd/do_vmstat.c:379:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p1, p1+1) ;
data/xymon-4.3.30/xymond/rrd/do_vmstat.c:383:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p2, p2+1) ;
data/xymon-4.3.30/xymond/rrd/do_vmstat.c:474:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(creparams[defidx], "DS:%s:GAUGE:600:0:U", layout[defidx].name);
data/xymon-4.3.30/xymond/rrdcachectl.c:34:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define errprintf printf
data/xymon-4.3.30/xymond/rrdcachectl.c:52:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(myaddr.sun_path, "%s/%s", xgetenv("XYMONTMP"), sockfn);
data/xymon-4.3.30/xymond/trimhistory.c:70:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/board.dbg", xgetenv("XYMONTMP"));
data/xymon-4.3.30/xymond/trimhistory.c:82:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s|%s\n", hname, tname);
data/xymon-4.3.30/xymond/trimhistory.c:121:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(l2, l); i = 0; cols[i++] = strtok(l2, " ");
data/xymon-4.3.30/xymond/trimhistory.c:150:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevl, l);
data/xymon-4.3.30/xymond/trimhistory.c:195:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outfn, "%s/%s", outdir, fwalk->fname);
data/xymon-4.3.30/xymond/trimhistory.c:198:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outfn, "%s.tmp", fwalk->fname);
data/xymon-4.3.30/xymond/trimhistory.c:213:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pidfn, "%s/xymond_history.pid", xgetenv("XYMONSERVERLOGS"));
data/xymon-4.3.30/xymond/trimhistory.c:248:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tstamp, fn);
data/xymon-4.3.30/xymond/trimhistory.c:324:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn1, "%s/%s", fwalk->fname, sent->d_name);
data/xymon-4.3.30/xymond/trimhistory.c:336:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn2, "%s/%s", fn1, lent->d_name);
data/xymon-4.3.30/xymond/xymon-mailack.c:72:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subjectline, "Subject: Xymon [%s]", STRBUF(inbuf)+4);
data/xymon-4.3.30/xymond/xymon-mailack.c:158:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "xymondack %s %d %s", cookie, duration, firsttxtline);
data/xymon-4.3.30/xymond/xymon-mailack.c:160:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "\nAcked by: %s", fromline);
data/xymon-4.3.30/xymond/xymond.c:438:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.xymond %s\nStatistics for Xymon daemon\nVersion: %s\nUp since %s (%s)\n\n",
data/xymon-4.3.30/xymond/xymond.c:445:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "- %-20s : %10ld\n", xymond_stats[i].cmd, xymond_stats[i].count);
data/xymon-4.3.30/xymond/xymond.c:449:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "- %-20s : %10ld\n", "Bogus/Timeouts ", xymond_stats[i].count);
data/xymon-4.3.30/xymond/xymond.c:498:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, " %-15s reported host %s\n", gwalk->sender, htmlquoted(gwalk->name));
data/xymon-4.3.30/xymond/xymond.c:509:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, " %-25s reported by %s and %s\n", mwalk->id, mwalk->senders[0], mwalk->senders[1]);
data/xymon-4.3.30/xymond/xymond.c:620:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hitem->ip, ip);
data/xymon-4.3.30/xymond/xymond.c:1376:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "%s:", testname);
data/xymon-4.3.30/xymond/xymond.c:1760:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(log->testflags, flagstart);
data/xymon-4.3.30/xymond/xymond.c:1763:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(log->testflags, flagstart);
data/xymon-4.3.30/xymond/xymond.c:1953:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mwalk->cause, "&%s %s\n", colnames[mwalk->color], cause);
data/xymon-4.3.30/xymond/xymond.c:2310:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(channelmsg, "%s|%s|%s\n%s",
data/xymon-4.3.30/xymond/xymond.c:2346:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cwalk->msg, msg);
data/xymon-4.3.30/xymond/xymond.c:2517:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s|%s", hostname, n1);
data/xymon-4.3.30/xymond/xymond.c:2521:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s", hostname);
data/xymon-4.3.30/xymond/xymond.c:2525:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s|%s", hostname, n1);
data/xymon-4.3.30/xymond/xymond.c:2529:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s|%s|%s", hostname, n1, n2);
data/xymon-4.3.30/xymond/xymond.c:2533:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s", hostname);
data/xymon-4.3.30/xymond/xymond.c:2831:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result[residx], ctime(&tstamp));
data/xymon-4.3.30/xymond/xymond.c:3023:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ptn, "^%s$", xgetenv("PINGCOLUMN"));
data/xymon-4.3.30/xymond/xymond.c:3036:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ptn, "^%s$", xgetenv("PINGCOLUMN"));
data/xymon-4.3.30/xymond/xymond.c:4640:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sectmarker, "\n[%s]", onesect);
data/xymon-4.3.30/xymond/xymond.c:4770:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempfn, "%s.%d", checkpointfn, (int)now);
data/xymon-4.3.30/xymond/xymond.c:5058:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ltail->sender, sender);
data/xymon-4.3.30/xymond/xymond.c:5567:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/xymond.pid", xgetenv("XYMONSERVERLOGS"));
data/xymon-4.3.30/xymond/xymond_alert.c:264:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subfn, "%s.sub", filename);
data/xymon-4.3.30/xymond/xymond_alert.c:329:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newalert->ip, item[3]);
data/xymon-4.3.30/xymond/xymond_alert.c:339:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key, "\n%s|%s|%s\n", newalert->hostname, newalert->testname, colorname(newalert->color));
data/xymon-4.3.30/xymond/xymond_alert.c:370:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subfn, "%s.sub", filename);
data/xymon-4.3.30/xymond/xymond_alert.c:565:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(acklogfn, "%s/acknowledge.log", xgetenv("XYMONSERVERLOGS"));
data/xymon-4.3.30/xymond/xymond_alert.c:567:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(notiflogfn, "%s/notifications.log", xgetenv("XYMONSERVERLOGS"));
data/xymon-4.3.30/xymond/xymond_alert.c:735:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(awalk->ip, metadata[5]);
data/xymon-4.3.30/xymond/xymond_alert.c:747:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(awalk->pagemessage, "%s:%s %s\n%s\n%s",
data/xymon-4.3.30/xymond/xymond_capture.c:265:22: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *cmdpipe = popen(batchcmd, "w");
data/xymon-4.3.30/xymond/xymond_channel.c:226:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfnenv, "XYMONCHANNEL_LOGFILENAME=%s", logfn);
data/xymon-4.3.30/xymond/xymond_channel.c:234:8: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
n = execvp(peer->childcmd, peer->childargs);
data/xymon-4.3.30/xymond/xymond_client.c:418:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(loadresult, lstart);
data/xymon-4.3.30/xymond/xymond_client.c:442:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine recently rebooted\n", colorname(uptimecolor));
data/xymon-4.3.30/xymond/xymond_client.c:447:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine has been up more than %d days\n",
data/xymon-4.3.30/xymond/xymond_client.c:456:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine recently rebooted\n", colorname(uptimecolor));
data/xymon-4.3.30/xymond/xymond_client.c:461:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Machine has been up more than %d days\n",
data/xymon-4.3.30/xymond/xymond_client.c:493:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s System clock is %ld seconds off (max %ld)\n",
data/xymon-4.3.30/xymond/xymond_client.c:505:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.cpu %s %s %s, %d users, %d procs, load=%s\n",
data/xymon-4.3.30/xymond/xymond_client.c:527:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.uptime %s %s Uptime %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:532:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\nSystem has been %s\n", myupstr);
data/xymon-4.3.30/xymond/xymond_client.c:579:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol);
data/xymon-4.3.30/xymond/xymond_client.c:581:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol);
data/xymon-4.3.30/xymond/xymond_client.c:602:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol);
data/xymon-4.3.30/xymond/xymond_client.c:604:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol);
data/xymon-4.3.30/xymond/xymond_client.c:618:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
msgp += sprintf(msgp, "&red %s ", fsname);
data/xymon-4.3.30/xymond/xymond_client.c:635:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
msgp += sprintf(msgp, "&yellow %s ", fsname);
data/xymon-4.3.30/xymond/xymond_client.c:663:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&red Expected strings (%s and %s) not found in df output\n",
data/xymon-4.3.30/xymond/xymond_client.c:688:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s Filesystem %s (found %d, req. %s)\n",
data/xymon-4.3.30/xymond/xymond_client.c:698:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:701:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.disk %s %s - Filesystems %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:759:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol);
data/xymon-4.3.30/xymond/xymond_client.c:761:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol);
data/xymon-4.3.30/xymond/xymond_client.c:782:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol);
data/xymon-4.3.30/xymond/xymond_client.c:784:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol);
data/xymon-4.3.30/xymond/xymond_client.c:798:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
msgp += sprintf(msgp, "&red <!-- ID=%s --> %s ", fsname, fsname);
data/xymon-4.3.30/xymond/xymond_client.c:815:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
msgp += sprintf(msgp, "&yellow <!-- ID=%s --> %s ", fsname, fsname);
data/xymon-4.3.30/xymond/xymond_client.c:850:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&red Expected strings (%s and %s) not found in df output\n",
data/xymon-4.3.30/xymond/xymond_client.c:876:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s <!-- ID=%s -->Filesystem %s (found %d, req. %s)\n",
data/xymon-4.3.30/xymond/xymond_client.c:886:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:889:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.inode %s %s - Filesystems %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:969:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.memory %s %s - Memory %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:975:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, " %-16s%12s%12s%12s\n", "Memory", "Used", "Total", "Percentage");
data/xymon-4.3.30/xymond/xymond_client.c:978:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %-16s%11ldM%11ldM%11ld%%\n",
data/xymon-4.3.30/xymond/xymond_client.c:983:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %-16s%11ldM%11ldM%11ld%%\n",
data/xymon-4.3.30/xymond/xymond_client.c:991:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %-16s%11ldM%11ldM%11ld%%\n",
data/xymon-4.3.30/xymond/xymond_client.c:994:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %-16s%11ldM%11ldM%11ld%% - invalid data\n",
data/xymon-4.3.30/xymond/xymond_client.c:1026:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.proccounts\n", commafy(hostname));
data/xymon-4.3.30/xymond/xymond_client.c:1067:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s No process checks defined\n", colorname(noreportcolor));
data/xymon-4.3.30/xymond/xymond_client.c:1110:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green %s (found %d, req. %s)\n", pname, pcount, limtxt);
data/xymon-4.3.30/xymond/xymond_client.c:1115:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s (found %d, req. %s)\n",
data/xymon-4.3.30/xymond/xymond_client.c:1124:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%u\n", pid, pcount);
data/xymon-4.3.30/xymond/xymond_client.c:1132:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&yellow Expected string %s not found in ps output header\n", cmdhdr);
data/xymon-4.3.30/xymond/xymond_client.c:1140:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:1143:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.procs %s %s - Processes %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:1185:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.msgs %s System logs at %s : %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:1239:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\nNo entries in <a href=\"%s\">%s</a>\n",
data/xymon-4.3.30/xymond/xymond_client.c:1243:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\nNo entries in %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:1251:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\n&yellow Warnings in <a href=\"%s\">%s</a>\n",
data/xymon-4.3.30/xymond/xymond_client.c:1255:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\n&yellow Warnings in %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:1264:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\n&red Critical entries in <a href=\"%s\">%s</a>\n",
data/xymon-4.3.30/xymond/xymond_client.c:1268:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\n&red Critical entries in %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:1284:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:1287:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.msgs %s %s - System logs %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:1319:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\nFull log <a href=\"%s\">%s</a>\n",
data/xymon-4.3.30/xymond/xymond_client.c:1323:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\nFull log %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:1360:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.filesizes\n", commafy(hostname));
data/xymon-4.3.30/xymond/xymond_client.c:1371:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sectionname, "file:%s", sfn);
data/xymon-4.3.30/xymond/xymond_client.c:1378:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%lld\n", nocolon(id), (long long int)sz);
data/xymon-4.3.30/xymond/xymond_client.c:1380:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%ld\n", nocolon(id), (long int)sz);
data/xymon-4.3.30/xymond/xymond_client.c:1389:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sectionname, "logfile:%s", sfn);
data/xymon-4.3.30/xymond/xymond_client.c:1395:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%lld\n", nocolon(id), (long long int)sz);
data/xymon-4.3.30/xymond/xymond_client.c:1397:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%ld\n", nocolon(id), (long int)sz);
data/xymon-4.3.30/xymond/xymond_client.c:1411:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sectionname, "dir:%s", sfn);
data/xymon-4.3.30/xymond/xymond_client.c:1417:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%lu\n", nocolon(id), sz);
data/xymon-4.3.30/xymond/xymond_client.c:1429:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\n&green <a href=\"%s\">%s</a>\n",
data/xymon-4.3.30/xymond/xymond_client.c:1433:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\n&green %s\n", sfn);
data/xymon-4.3.30/xymond/xymond_client.c:1440:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\n&yellow <a href=\"%s\">%s</a>\n",
data/xymon-4.3.30/xymond/xymond_client.c:1444:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\n&yellow %s\n", sfn);
data/xymon-4.3.30/xymond/xymond_client.c:1452:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\n&red <a href=\"%s\">%s</a>\n",
data/xymon-4.3.30/xymond/xymond_client.c:1456:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "\n&red %s\n", sfn);
data/xymon-4.3.30/xymond/xymond_client.c:1477:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:1480:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.files %s %s - Files %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:1528:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.linecounts\n", commafy(hostname));
data/xymon-4.3.30/xymond/xymond_client.c:1571:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.deltacounts\n", commafy(hostname));
data/xymon-4.3.30/xymond/xymond_client.c:1614:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.netstat\n%s\n", commafy(hostname), osname(os));
data/xymon-4.3.30/xymond/xymond_client.c:1631:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.ifstat\n%s\n", commafy(hostname), osname(os));
data/xymon-4.3.30/xymond/xymond_client.c:1658:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.vmstat\n%s\n", commafy(hostname), osname(os));
data/xymon-4.3.30/xymond/xymond_client.c:1687:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "data %s.portcounts\n", commafy(hostname));
data/xymon-4.3.30/xymond/xymond_client.c:1705:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol); remotestr = getcolumn(p, remotecol);
data/xymon-4.3.30/xymond/xymond_client.c:1706:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, bol); statestr = getcolumn(p, statecol);
data/xymon-4.3.30/xymond/xymond_client.c:1732:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&green %s (found %d, req. %s)\n", pname, pcount, limtxt);
data/xymon-4.3.30/xymond/xymond_client.c:1736:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "&%s %s (found %d, req. %s)\n",
data/xymon-4.3.30/xymond/xymond_client.c:1745:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s:%u\n", pid, pcount);
data/xymon-4.3.30/xymond/xymond_client.c:1763:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:1766:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "%s.ports %s %s - Ports %s\n",
data/xymon-4.3.30/xymond/xymond_client.c:1853:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (hinfo) strcpy(hostname, xmh_item(hinfo, XMH_HOSTNAME));
data/xymon-4.3.30/xymond/xymond_client.c:1865:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (oldhinfo) strcpy(hostname, xmh_item(oldhinfo, XMH_HOSTNAME));
data/xymon-4.3.30/xymond/xymond_client.c:1960:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sectname, "msgs:%s", s);
data/xymon-4.3.30/xymond/xymond_client.c:2017:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s); remotestr = getcolumn(p, remotecol-1);
data/xymon-4.3.30/xymond/xymond_client.c:2018:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s); statestr = getcolumn(p, statecol-1);
data/xymon-4.3.30/xymond/xymond_client.c:2027:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s); remotestr = getcolumn(p, remotecol-1);
data/xymon-4.3.30/xymond/xymond_client.c:2028:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s); statestr = getcolumn(p, statecol-1);
data/xymon-4.3.30/xymond/xymond_distribute.c:139:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newmsg + strlen(newmsg), " %s", metadata[6]);
data/xymon-4.3.30/xymond/xymond_filestore.c:52:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfn, "%s/.%s", fn, p+1);
data/xymon-4.3.30/xymond/xymond_filestore.c:56:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfn, ".%s", fn);
data/xymon-4.3.30/xymond/xymond_filestore.c:100:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfn, "%s.tmp", fn);
data/xymon-4.3.30/xymond/xymond_filestore.c:172:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ckey, ",%s,", key);
data/xymon-4.3.30/xymond/xymond_filestore.c:238:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(onlytests, ",%s,", p);
data/xymon-4.3.30/xymond/xymond_filestore.c:243:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(multigraphs, ",%s,", p+1);
data/xymon-4.3.30/xymond/xymond_filestore.c:308:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfn, "%s/%s.%s", filedir, commafy(hostname), testname);
data/xymon-4.3.30/xymond/xymond_filestore.c:331:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(htmllogfn, "%s/%s.%s.%s", htmldir, hostname, testname, htmlextension);
data/xymon-4.3.30/xymond/xymond_filestore.c:351:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfn, "%s/%s.%s", filedir, hostname, testname);
data/xymon-4.3.30/xymond/xymond_filestore.c:359:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfn, "%s/%s", basename(filedir), hostname);
data/xymon-4.3.30/xymond/xymond_filestore.c:368:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfn, "%s/%s.%s", filedir, hostname, testname);
data/xymon-4.3.30/xymond/xymond_filestore.c:379:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hostlead, hostname); strcat(hostlead, ".");
data/xymon-4.3.30/xymond/xymond_filestore.c:385:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfn, "%s/%s", filedir, de->d_name);
data/xymon-4.3.30/xymond/xymond_filestore.c:398:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfn, "%s/%s.%s", filedir, hostname, testname);
data/xymon-4.3.30/xymond/xymond_filestore.c:413:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hostlead, hostname); strcat(hostlead, ".");
data/xymon-4.3.30/xymond/xymond_filestore.c:421:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfn, "%s/%s", filedir, de->d_name);
data/xymon-4.3.30/xymond/xymond_filestore.c:422:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newlogfn, "%s/%s%s", filedir, newhostname, testname);
data/xymon-4.3.30/xymond/xymond_filestore.c:442:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfn, "%s/%s.%s", filedir, hostname, testname);
data/xymon-4.3.30/xymond/xymond_filestore.c:443:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newfn, "%s/%s.%s", filedir, hostname, newtestname);
data/xymon-4.3.30/xymond/xymond_history.c:89:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pidfn, "%s/xymond_history.pid", xgetenv("XYMONSERVERLOGS"));
data/xymon-4.3.30/xymond/xymond_history.c:102:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pidfn, strchr(argv[argi], '=')+1);
data/xymon-4.3.30/xymond/xymond_history.c:168:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(alleventsfn, "%s/allevents", histdir);
data/xymon-4.3.30/xymond/xymond_history.c:285:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(statuslogfn, "%s/%s.%s", histdir, hostnamecommas, testname);
data/xymon-4.3.30/xymond/xymond_history.c:327:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
(sscanf(l+24, " %s %d %d", oldcol, &lastchg_i, &dur_i) == 2) &&
data/xymon-4.3.30/xymond/xymond_history.c:421:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", histlogdir, hostdash);
data/xymon-4.3.30/xymond/xymond_history.c:423:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p = fname + sprintf(fname, "%s/%s/%s", histlogdir, hostdash, testname);
data/xymon-4.3.30/xymond/xymond_history.c:425:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "/%s", histlogtime(tstamp));
data/xymon-4.3.30/xymond/xymond_history.c:521:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hostlogfn, "%s/%s", histdir, hostname);
data/xymon-4.3.30/xymond/xymond_history.c:558:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(testdir, "%s/%s", histlogdir, hostdash);
data/xymon-4.3.30/xymond/xymond_history.c:571:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hostlogfn, "%s/%s", histdir, hostname);
data/xymon-4.3.30/xymond/xymond_history.c:591:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hostlead, hostnamecommas); strcat(hostlead, ".");
data/xymon-4.3.30/xymond/xymond_history.c:597:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(statuslogfn, "%s/%s", histdir, de->d_name);
data/xymon-4.3.30/xymond/xymond_history.c:625:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(testdir, "%s/%s/%s", histlogdir, hostdash, testname);
data/xymon-4.3.30/xymond/xymond_history.c:640:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(statuslogfn, "%s/%s.%s", histdir, hostnamecommas, testname);
data/xymon-4.3.30/xymond/xymond_history.c:664:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(olddir, "%s/%s", histlogdir, hostdash);
data/xymon-4.3.30/xymond/xymond_history.c:665:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newdir, "%s/%s", histlogdir, newhostdash);
data/xymon-4.3.30/xymond/xymond_history.c:679:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hostlogfn, "%s/%s", histdir, hostname);
data/xymon-4.3.30/xymond/xymond_history.c:680:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newhostlogfn, "%s/%s", histdir, newhostname);
data/xymon-4.3.30/xymond/xymond_history.c:698:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hostlead, hostnamecommas); strcat(hostlead, ".");
data/xymon-4.3.30/xymond/xymond_history.c:708:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(statuslogfn, "%s/%s", histdir, de->d_name);
data/xymon-4.3.30/xymond/xymond_history.c:709:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newlogfn, "%s/%s%s", histdir, newhostnamecommas, testname);
data/xymon-4.3.30/xymond/xymond_history.c:739:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(olddir, "%s/%s/%s", histlogdir, hostdash, testname);
data/xymon-4.3.30/xymond/xymond_history.c:740:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newdir, "%s/%s/%s", histlogdir, hostdash, newtestname);
data/xymon-4.3.30/xymond/xymond_history.c:755:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(statuslogfn, "%s/%s.%s", histdir, hostnamecommas, testname);
data/xymon-4.3.30/xymond/xymond_history.c:756:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newstatuslogfn, "%s/%s.%s", histdir, hostnamecommas, newtestname);
data/xymon-4.3.30/xymond/xymond_hostdata.c:124:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(clientlogdir, "%s/hostdata", xgetenv("XYMONVAR"));
data/xymon-4.3.30/xymond/xymond_hostdata.c:211:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hostdir, "%s/%s", clientlogdir, metadata[3]);
data/xymon-4.3.30/xymond/xymond_hostdata.c:213:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s", hostdir, metadata[4]);
data/xymon-4.3.30/xymond/xymond_locator.c:353:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/locator.servers.chk", tmpdir);
data/xymon-4.3.30/xymond/xymond_locator.c:384:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/locator.hosts.chk", tmpdir);
data/xymon-4.3.30/xymond/xymond_locator.c:415:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/locator.servers.chk", tmpdir);
data/xymon-4.3.30/xymond/xymond_locator.c:436:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/locator.hosts.chk", tmpdir);
data/xymon-4.3.30/xymond/xymond_locator.c:593:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "!|%s", res->servername);
data/xymon-4.3.30/xymond/xymond_locator.c:609:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "*|%s", res->servername);
data/xymon-4.3.30/xymond/xymond_locator.c:628:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "PONG|%s", VERSION);
data/xymon-4.3.30/xymond/xymond_rrd.c:106:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/etc/rrddefinitions.cfg", xgetenv("XYMONHOME"));
data/xymon-4.3.30/xymond/xymond_rrd.c:256:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctlsockaddr.sun_path, "%s/rrdctl.%lu", xgetenv("XYMONTMP"), (unsigned long)getpid());
data/xymon-4.3.30/xymond/xymond_rrd.c:418:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hostdir, "%s/%s", rrddir, basename(hostname));
data/xymon-4.3.30/xymond/xymond_rrd.c:440:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(oldhostdir, "%s/%s", rrddir, hostname);
data/xymon-4.3.30/xymond/xymond_rrd.c:441:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newhostdir, "%s/%s", rrddir, newhostname);
data/xymon-4.3.30/xymond/xymonfetch.c:106:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(res, "%s", inet_ntoa(addr->sin_addr));
data/xymon-4.3.30/xymond/xymonfetch.c:302:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sourcemsg, "\nStatus message received from %s\n",
data/xymon-4.3.30/xymongen/debug.c:31:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(format, prefix);
data/xymon-4.3.30/xymongen/debug.c:35:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, h->hostname, h->ip, textornull(h->displayname), h->color, h->oldage,
data/xymon-4.3.30/xymongen/debug.c:55:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(format, prefix);
data/xymon-4.3.30/xymongen/debug.c:59:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, textornull(g->title), textornull(g->pretitle));
data/xymon-4.3.30/xymongen/debug.c:96:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newindent, indent);
data/xymon-4.3.30/xymongen/debug.c:98:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newindentextra, newindent);
data/xymon-4.3.30/xymongen/loaddata.c:172:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fullfn, "%s/%s", xgetenv("XYMONHISTDIR"), filename);
data/xymon-4.3.30/xymongen/loaddata.c:233:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(testnameidx, ",%s,", testname);
data/xymon-4.3.30/xymongen/loaddata.c:292:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newstate->entry->age, agestring(fileage));
data/xymon-4.3.30/xymongen/loaddata.c:309:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newstate->entry->age, agestring(fileage));
data/xymon-4.3.30/xymongen/loaddata.c:365:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(l, log->msg);
data/xymon-4.3.30/xymongen/loaddata.c:374:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(l, "%s %s", color, newsum->url) == 2) {
data/xymon-4.3.30/xymongen/loaddata.c:379:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rowcol, fn+8);
data/xymon-4.3.30/xymongen/loaddata.c:385:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(rowcol, "%s %s", newsum->row, newsum->column);
data/xymon-4.3.30/xymongen/loaddata.c:430:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(itm->members, "|%s|", (members ? members : "") );
data/xymon-4.3.30/xymongen/loaddata.c:460:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%s", commafy(h->hostentry->hostname), complist[i]->compactname);
data/xymon-4.3.30/xymongen/loaddata.c:521:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bcmd, "xymondboard fields=hostname,testname,color,flags,lastchange,logtime,validtime,acktime,disabletime,sender,cookie,line1,acklist %s", (filter ? filter: ""));
data/xymon-4.3.30/xymongen/loaddata.c:601:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s.%s", commafy(log.hostname), log.testname);
data/xymon-4.3.30/xymongen/loadlayout.c:74:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, ",%s,", specset);
data/xymon-4.3.30/xymongen/loadlayout.c:79:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, ((defset != NULL) ? defset : ""));
data/xymon-4.3.30/xymongen/loadlayout.c:85:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ibuf, ",%s,", item+1);
data/xymon-4.3.30/xymongen/loadlayout.c:89:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ibuf, ",%s,", item);
data/xymon-4.3.30/xymongen/loadlayout.c:100:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, ",%s,", item+1);
data/xymon-4.3.30/xymongen/loadlayout.c:103:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, item+1);
data/xymon-4.3.30/xymongen/loadlayout.c:158:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newgroup->onlycols, "|%s|", onlycols);
data/xymon-4.3.30/xymongen/loadlayout.c:163:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newgroup->exceptcols, "|%s|", exceptcols);
data/xymon-4.3.30/xymongen/loadlayout.c:364:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(grouponlytag, "%sgroup-only", pageset);
data/xymon-4.3.30/xymongen/loadlayout.c:365:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(groupexcepttag, "%sgroup-except", pageset);
data/xymon-4.3.30/xymongen/loadlayout.c:366:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(grouptag, "%sgroup", pageset);
data/xymon-4.3.30/xymongen/loadlayout.c:459:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pagetag, "%spage", pgset);
data/xymon-4.3.30/xymongen/loadlayout.c:460:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subpagetag, "%ssubpage", pgset);
data/xymon-4.3.30/xymongen/loadlayout.c:461:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(subparenttag, "%ssubparent", pgset);
data/xymon-4.3.30/xymongen/loadlayout.c:462:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vpagetag, "v%spage", pgset);
data/xymon-4.3.30/xymongen/loadlayout.c:463:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vsubpagetag, "v%ssubpage", pgset);
data/xymon-4.3.30/xymongen/loadlayout.c:464:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vsubparenttag, "v%ssubparent", pgset);
data/xymon-4.3.30/xymongen/loadlayout.c:465:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(grouptag, "%sgroup", pgset);
data/xymon-4.3.30/xymongen/loadlayout.c:466:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(summarytag, "%ssummary", pgset);
data/xymon-4.3.30/xymongen/loadlayout.c:467:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(titletag, "%stitle", pgset);
data/xymon-4.3.30/xymongen/loadlayout.c:468:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hosttag, "%s:", pgset); for (p=hosttag; (*p); p++) *p = toupper((int)*p);
data/xymon-4.3.30/xymongen/loadlayout.c:592:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(inbol, "%3d.%3d.%3d.%3d %s", &ip1, &ip2, &ip3, &ip4, hostname) == 5) {
data/xymon-4.3.30/xymongen/loadlayout.c:815:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(inbol, "summary %s %s %s", sumname, receiver, url) == 3) {
data/xymon-4.3.30/xymongen/pagegen.c:70:64: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
hf_prefix[PAGE_NORMAL] = (char *) malloc(strlen(prefix)+10); sprintf(hf_prefix[PAGE_NORMAL], "%snormal", prefix);
data/xymon-4.3.30/xymongen/pagegen.c:71:65: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
hf_prefix[PAGE_NONGREEN] = (char *) malloc(strlen(prefix)+10); sprintf(hf_prefix[PAGE_NONGREEN], "%snongreen", prefix);
data/xymon-4.3.30/xymongen/pagegen.c:72:66: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
hf_prefix[PAGE_CRITICAL] = (char *) malloc(strlen(prefix)+10); sprintf(hf_prefix[PAGE_CRITICAL], "%scritical", prefix);
data/xymon-4.3.30/xymongen/pagegen.c:93:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(search, "|%s|", column->name);
data/xymon-4.3.30/xymongen/pagegen.c:104:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(search, "|%s|", column->name);
data/xymon-4.3.30/xymongen/pagegen.c:264:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(htaccessfn, "%s", htaccess);
data/xymon-4.3.30/xymongen/pagegen.c:265:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (xymonhtaccess) strcpy(htaccesscontent, xymonhtaccess);
data/xymon-4.3.30/xymongen/pagegen.c:273:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(htaccessfn, "%s/%s", path, htaccess);
data/xymon-4.3.30/xymongen/pagegen.c:282:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (xymonsubpagehtaccess) sprintf(htaccesscontent, xymonsubpagehtaccess, pagename, subpagename);
data/xymon-4.3.30/xymongen/pagegen.c:285:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (xymonpagehtaccess) sprintf(htaccesscontent, xymonpagehtaccess, pagename);
data/xymon-4.3.30/xymongen/pagegen.c:640:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(htmlrepfn, "%s%s-%s%s",
data/xymon-4.3.30/xymongen/pagegen.c:642:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textrepfn, "%savail-%s-%s.txt",
data/xymon-4.3.30/xymongen/pagegen.c:644:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textrepurl, "%s/%s",
data/xymon-4.3.30/xymongen/pagegen.c:856:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pagelink, "%s/%s/%s/%s%s", xgetenv("XYMONWEB"), pagepath, p->name, p->name, htmlextension);
data/xymon-4.3.30/xymongen/pagegen.c:925:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "xymon%s", htmlextension);
data/xymon-4.3.30/xymongen/pagegen.c:926:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rssfilename, "xymon%s", rssextension);
data/xymon-4.3.30/xymongen/pagegen.c:927:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indexfilename, "index%s", htmlextension);
data/xymon-4.3.30/xymongen/pagegen.c:939:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmppath, "%s/%s/", pgwalk->name, pagepath);
data/xymon-4.3.30/xymongen/pagegen.c:940:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pagepath, tmppath);
data/xymon-4.3.30/xymongen/pagegen.c:944:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s%s", pagepath, page->name, htmlextension);
data/xymon-4.3.30/xymongen/pagegen.c:945:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rssfilename, "%s/%s%s", pagepath, page->name, rssextension);
data/xymon-4.3.30/xymongen/pagegen.c:947:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfilename, "%s.tmp", filename);
data/xymon-4.3.30/xymongen/pagegen.c:948:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmprssfilename, "%s.tmp", rssfilename);
data/xymon-4.3.30/xymongen/pagegen.c:984:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(indexfilename, filename);
data/xymon-4.3.30/xymongen/pagegen.c:987:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "index%s", htmlextension);
data/xymon-4.3.30/xymongen/pagegen.c:988:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pagebasename, "%s%s", page->name, htmlextension);
data/xymon-4.3.30/xymongen/pagegen.c:1114:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extfn, "%s/ext/%s/%s", xgetenv("XYMONHOME"), family, p);
data/xymon-4.3.30/xymongen/pagegen.c:1115:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inpipe = popen(extfn, "r");
data/xymon-4.3.30/xymongen/pagegen.c:1242:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%s", filenamebase, htmlextension);
data/xymon-4.3.30/xymongen/pagegen.c:1243:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rssfilename, "%s%s", filenamebase, rssextension);
data/xymon-4.3.30/xymongen/pagegen.c:1246:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%s", filenamebase, htmlextension);
data/xymon-4.3.30/xymongen/pagegen.c:1247:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rssfilename, "%s%s", filenamebase, rssextension);
data/xymon-4.3.30/xymongen/pagegen.c:1251:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfilename, "%s.tmp", filename);
data/xymon-4.3.30/xymongen/pagegen.c:1259:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmprssfilename, "%s.tmp", rssfilename);
data/xymon-4.3.30/xymongen/pagegen.c:1324:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nklogfn, "%s/criticalstatus.log", xgetenv("XYMONSERVERLOGS"));
data/xymon-4.3.30/xymongen/pagegen.c:1333:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.%s %s %s Critical page %s\n\n", xgetenv("MACHINE"),
data/xymon-4.3.30/xymongen/pagegen.c:1341:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
msgptr += sprintf(msgline, "&%s %s :", colorname(hwalk->color), hwalk->hostname);
data/xymon-4.3.30/xymongen/pagegen.c:1348:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
msgptr += sprintf(msgptr, "%s", ewalk->column->name);
data/xymon-4.3.30/xymongen/process.c:184:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn, d->d_name);
data/xymon-4.3.30/xymongen/process.c:275:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(summsg, "summary summary.%s %s %s %s",
data/xymon-4.3.30/xymongen/rssgen.c:224:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfn, "%s.tmp", nssidebarfilename);
data/xymon-4.3.30/xymongen/rssgen.c:225:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(destfn, "%s", nssidebarfilename);
data/xymon-4.3.30/xymongen/rssgen.c:228:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfn, "%s/www/%s.tmp", xgetenv("XYMONHOME"), nssidebarfilename);
data/xymon-4.3.30/xymongen/rssgen.c:229:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(destfn, "%s/www/%s", xgetenv("XYMONHOME"), nssidebarfilename);
data/xymon-4.3.30/xymongen/util.c:43:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pagelink, "%s%s", ((xymongen_page_t *)host->parent)->name, htmlextension);
data/xymon-4.3.30/xymongen/util.c:46:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmppath, "%s/%s", pgwalk->name, pagelink);
data/xymon-4.3.30/xymongen/util.c:47:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pagelink, tmppath);
data/xymon-4.3.30/xymongen/util.c:52:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pagelink, "xymon%s", htmlextension);
data/xymon-4.3.30/xymongen/util.c:71:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpname, pgwalk->title);
data/xymon-4.3.30/xymongen/util.c:74:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpname, pagename);
data/xymon-4.3.30/xymongen/util.c:76:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pagename, tmpname);
data/xymon-4.3.30/xymongen/util.c:108:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(testname, ",%s,", test);
data/xymon-4.3.30/xymongen/util.c:228:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newcol->listname, ",%s,", testname);
data/xymon-4.3.30/xymongen/util.c:243:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tag, "|%s|", current);
data/xymon-4.3.30/xymongen/wmlgen.c:53:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn, d->d_name);
data/xymon-4.3.30/xymongen/wmlgen.c:100:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xymondreq, "xymondlog %s.%s", host->hostname, entry->column->name);
data/xymon-4.3.30/xymongen/wmlgen.c:122:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s.%s.wml", wmldir, host->hostname, entry->column->name);
data/xymon-4.3.30/xymongen/wmlgen.c:262:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wmldir, "%s/wml", webdir);
data/xymon-4.3.30/xymongen/wmlgen.c:315:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nongreenfn, "%s/nongreen.wml.tmp", wmldir);
data/xymon-4.3.30/xymongen/wmlgen.c:339:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hostfn, "%s/%s.wml", wmldir, h->hostentry->hostname);
data/xymon-4.3.30/xymongen/wmlgen.c:380:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldnongreenfn, nongreenfn+strlen(wmldir)+1);
data/xymon-4.3.30/xymongen/wmlgen.c:389:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nongreenfn, "%s/nongreen-%d.wml", wmldir, nongreenpart);
data/xymon-4.3.30/xymongen/xymongen.c:136:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ignorecolumns, ",%s,", (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:150:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nongreenignorecolumns, ",%s,", (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:165:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(includecolumns, ",%s,", (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:170:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(eventignorecolumns, ",%s,", (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:175:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(url, "%s/%s", xgetenv("CGIBINURL"), lp+1);
data/xymon-4.3.30/xymongen/xymongen.c:203:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wapcolumns, ",%s,", (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:239:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int count = sscanf(argv[i], "--reportopts=%u:%u:%d:%s",
data/xymon-4.3.30/xymongen/xymongen.c:376:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nopropyellowdefault, ",%s,", (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:382:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nopropyellowdefault, ",%s,", (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:387:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nopropreddefault, ",%s,", (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:392:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(noproppurpledefault, ",%s,", (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:397:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nopropackdefault, ",%s,", (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:430:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(purplelogfn, "%s/%s", xgetenv("XYMONHOME"), (lp+1));
data/xymon-4.3.30/xymongen/xymongen.c:565:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pagedir, "%s/www", xgetenv("XYMONHOME"));
data/xymon-4.3.30/xymongen/xymongen.c:708:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "status %s.%s %s %s\n\n", xgetenv("MACHINE"), egocolumn, colorname(color), timestamp);
data/xymon-4.3.30/xymongen/xymongen.c:711:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgline, "xymongen for Xymon version %s\n", VERSION);
data/xymon-4.3.30/xymonnet/contest.c:379:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(passfn, "%s/certs/%s", xgetenv("XYMONHOME"), item->ssloptions->clientcert);
data/xymon-4.3.30/xymonnet/contest.c:437:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, "%04d-%02d-%02d %02d:%02d:%02d %s",
data/xymon-4.3.30/xymonnet/contest.c:565:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(certfn, "%s/certs/%s", xgetenv("XYMONHOME"), item->ssloptions->clientcert);
data/xymon-4.3.30/xymonnet/contest.c:639:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(portinfo, "%s (%d/tcp)", sp->s_name, item->addr.sin_port);
data/xymon-4.3.30/xymonnet/contest.c:1534:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hostitem->ip, ip);
data/xymon-4.3.30/xymonnet/httpresult.c:504:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(req->output, "Expected:%s\nGot :%s\n",
data/xymon-4.3.30/xymonnet/httpresult.c:519:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(req->output, "Expected content-type: %s\nGot content-type : %s\n",
data/xymon-4.3.30/xymonnet/xymonnet.c:613:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(statusurl, statusurl_buflen, userfmt, userurl);
data/xymon-4.3.30/xymonnet/xymonnet.c:620:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(statusurl, statusurl_buflen, deffmt, ip);
data/xymon-4.3.30/xymonnet/xymonnet.c:921:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(l, "%s %d %u", host, &downcount, &uidownstart) == 3) {
data/xymon-4.3.30/xymonnet/xymonnet.c:978:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(l, "%s %d %u", host, &downcount, &uidownstart) == 3) {
data/xymon-4.3.30/xymonnet/xymonnet.c:1225:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmd, cmdargs);
data/xymon-4.3.30/xymonnet/xymonnet.c:1446:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cause, "Host %s respond to ping", (test->open ? "does" : "does not"));
data/xymon-4.3.30/xymonnet/xymonnet.c:1491:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cause, routertext);
data/xymon-4.3.30/xymonnet/xymonnet.c:1560:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cause, strerror(tcptest->connres));
data/xymon-4.3.30/xymonnet/xymonnet.c:1595:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cause, strerror(tcptest->connres));
data/xymon-4.3.30/xymonnet/xymonnet.c:1626:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cause, deptest);
data/xymon-4.3.30/xymonnet/xymonnet.c:1887:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(aline, "%d %d %s %d", &aprogram, &aversion, aprotocol, &aport) == 4) {
data/xymon-4.3.30/xymonproxy/xymonproxy.c:334:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(proxyname, p1);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:405:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s:%d ", inet_ntoa(xymonserveraddr[i].sin_addr), ntohs(xymonserveraddr[i].sin_port));
data/xymon-4.3.30/xymonproxy/xymonproxy.c:496:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "combo\nstatus+11 %s green %s - xymon proxy up: %s\n\nxymonproxy for Xymon version %s\n\nProxy statistics\n\nIncoming messages : %10lu (%lu msgs/second)\nOutbound messages : %10lu\n\nIncoming message distribution\n- Combo messages : %10lu\n- Status messages : %10lu\n Messages merged : %10lu\n Resulting combos : %10lu\n- Other messages : %10lu\n\nProxy resources\n- Connection table size : %10d\n- Buffer space : %10lu kByte\n",
data/xymon-4.3.30/xymonproxy/xymonproxy.c:505:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "- %-22s : %10lu\n", statename[P_REQ_READING], msgs_timeout_from[P_REQ_READING]);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:506:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "- %-22s : %10lu\n", statename[P_REQ_CONNECTING], msgs_timeout_from[P_REQ_CONNECTING]);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:507:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "- %-22s : %10lu\n", statename[P_REQ_SENDING], msgs_timeout_from[P_REQ_SENDING]);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:508:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "- %-22s : %10lu\n", "recovered", msgs_recovered);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:509:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "- %-22s : %10lu\n", statename[P_RESP_READING], msgs_timeout_from[P_RESP_READING]);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:510:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "- %-22s : %10lu\n", statename[P_RESP_SENDING], msgs_timeout_from[P_RESP_SENDING]);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:511:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "\n%-24s : %10lu.%03lu\n", "Average queue time",
data/xymon-4.3.30/xymonproxy/xymonproxy.c:575:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int n = sprintf(cwalk->bufp,
data/xymon-4.3.30/xymonproxy/xymonproxy.c:620:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int n = sprintf(cwalk->bufp,
data/xymon-4.3.30/xymonproxy/xymonproxy.c:659:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ctmp->buflen = sprintf(ctmp->buf,
data/xymon-4.3.30/xymonproxy/xymonproxy.c:903:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwalk->buf, cextra->buf+6);
data/xymon-4.3.30/build/renamevars.c:16:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
oldval = getenv(oldnam);
data/xymon-4.3.30/build/test-bintree.c:36:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/xymon-4.3.30/client/logfetch.c:1417:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("LOGFETCHSCROLLBACK");
data/xymon-4.3.30/client/logfetch.c:1418:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!p) p = getenv("LOGFETCH_SCROLLBACK"); /* compat */
data/xymon-4.3.30/common/xymoncfg.c:59:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fn = getenv("HOSTSCFG");
data/xymon-4.3.30/common/xymoncmd.c:47:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("MACHINEDOTS") == NULL) {
data/xymon-4.3.30/common/xymoncmd.c:48:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HOSTNAME") != NULL) sprintf(buf, "%s", xgetenv("HOSTNAME"));
data/xymon-4.3.30/common/xymoncmd.c:67:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SERVEROSTYPE") == NULL) {
data/xymon-4.3.30/common/xymoncmd.c:88:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("XYMONCLIENTHOME") == NULL) {
data/xymon-4.3.30/demotool/demotool.c:394:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
newitem->rbegin.tv_usec = now.tv_usec + (random() % 1000000);
data/xymon-4.3.30/demotool/demotool.c:440:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
curload = cwalk->minload + ((random() % 1000) / 1000.0) * (cwalk->maxload - cwalk->minload);
data/xymon-4.3.30/lib/cgi.c:46:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *method = getenv("REQUEST_METHOD");
data/xymon-4.3.30/lib/cgi.c:65:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
method = getenv("REQUEST_METHOD");
data/xymon-4.3.30/lib/cgi.c:71:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
conttype = getenv("CONTENT_TYPE");
data/xymon-4.3.30/lib/cgi.c:74:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *contlen = getenv("CONTENT_LENGTH");
data/xymon-4.3.30/lib/cgi.c:104:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *q = getenv("QUERY_STRING");
data/xymon-4.3.30/lib/cgi.c:270:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("XYMON_NOCSPHEADER")) return NULL;
data/xymon-4.3.30/lib/cgi.c:298:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("HTTP_REFERER");
data/xymon-4.3.30/lib/cgi.c:299:137: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dbgprintf(" - checking if referer is OK (http_referer: %s, http_host: %s, xymonwebhost: %s, checkstr: %s\n", textornull(p), textornull(getenv("HTTP_HOST")), textornull(xgetenv("XYMONWEBHOST")), textornull(expected));
data/xymon-4.3.30/lib/cgi.c:305:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
httphost = getenv("HTTP_HOST");
data/xymon-4.3.30/lib/cgi.c:309:57: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf(cgi_checkstr, sizeof(cgi_checkstr), "%s%s", getenv("XYMONWEBHOST"), expected);
data/xymon-4.3.30/lib/cgi.c:321:86: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (*p == '\0') { errprintf("Disallowed request due to unexpected referer '%s'\n", getenv("HTTP_REFERER")); return 0; }
data/xymon-4.3.30/lib/cgi.c:339:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("HTTP_COOKIE");
data/xymon-4.3.30/lib/environ.c:173:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
result = getenv(name);
data/xymon-4.3.30/lib/environ.c:190:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
result = getenv(name);
data/xymon-4.3.30/lib/environ.c:215:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
result = getenv(name);
data/xymon-4.3.30/lib/environ.c:303:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
oldval = getenv(oneenv);
data/xymon-4.3.30/lib/environ.c:336:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
val = getenv(envname); /* Don't use xgetenv() here! */
data/xymon-4.3.30/lib/errormsg.c:179:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cgilogdir = getenv("XYMONCGILOGDIR");
data/xymon-4.3.30/lib/headfoot.c:1480:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *val = getenv(t_start);
data/xymon-4.3.30/lib/htmllog.c:194:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("TRENDSECONDS")) graphtime = atoi(getenv("TRENDSECONDS"));
data/xymon-4.3.30/lib/htmllog.c:194:48: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("TRENDSECONDS")) graphtime = atoi(getenv("TRENDSECONDS"));
data/xymon-4.3.30/lib/htmllog.c:510:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
graphsenv=getenv(graphs);
data/xymon-4.3.30/lib/loadhosts.c:603:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!p) p = getenv("HOLIDAYS");
data/xymon-4.3.30/lib/run.c:73:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *shell = getenv("SHELL");
data/xymon-4.3.30/lib/sendmsg.c:101:44: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (proxysetting == NULL) proxysetting = getenv("http_proxy");
data/xymon-4.3.30/lib/url.c:177:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((fd == NULL) && getenv("HOME")) {
data/xymon-4.3.30/lib/xymond_buffer.c:29:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
case C_STATUS: v = getenv("MAXMSG_STATUS"); defvalue = 256; break;
data/xymon-4.3.30/lib/xymond_buffer.c:30:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
case C_CLIENT: v = getenv("MAXMSG_CLIENT"); defvalue = 512; break;
data/xymon-4.3.30/lib/xymond_buffer.c:31:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
case C_CLICHG: v = getenv("MAXMSG_CLICHG"); defvalue = shbufsz(C_CLIENT); break;
data/xymon-4.3.30/lib/xymond_buffer.c:32:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
case C_DATA: v = getenv("MAXMSG_DATA"); defvalue = 256; break;
data/xymon-4.3.30/lib/xymond_buffer.c:33:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
case C_NOTES: v = getenv("MAXMSG_NOTES"); defvalue = 256; break;
data/xymon-4.3.30/lib/xymond_buffer.c:34:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
case C_STACHG: v = getenv("MAXMSG_STACHG"); defvalue = shbufsz(C_STATUS); break;
data/xymon-4.3.30/lib/xymond_buffer.c:35:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
case C_PAGE: v = getenv("MAXMSG_PAGE"); defvalue = shbufsz(C_STATUS); break;
data/xymon-4.3.30/lib/xymond_buffer.c:36:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
case C_ENADIS: v = getenv("MAXMSG_ENADIS"); defvalue = 32; break;
data/xymon-4.3.30/lib/xymond_buffer.c:37:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
case C_USER: v = getenv("MAXMSG_USER"); defvalue = 128; break;
data/xymon-4.3.30/lib/xymond_buffer.c:38:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
case C_FEEDBACK_QUEUE: v = getenv("MAXMSG_STATUS"); defvalue = 256; break;
data/xymon-4.3.30/web/ackinfo.c:104:117: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
errprintf("ackinfo POST that is not coming from criticalview or svcstatus (referer=%s). Ignoring.\n", textornull(getenv("HTTP_REFERER")) );
data/xymon-4.3.30/web/ackinfo.c:117:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!ackedby) ackedby = getenv("REMOTE_USER");
data/xymon-4.3.30/web/ackinfo.c:138:36: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fprintf(stdout, "Location: %s\n", getenv("HTTP_REFERER"));
data/xymon-4.3.30/web/acknowledge.c:328:66: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fprintf(stdout, "<form method=\"POST\" ACTION=\"%s\">\n", getenv("SCRIPT_NAME"));
data/xymon-4.3.30/web/acknowledge.c:376:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("REMOTE_USER")) {
data/xymon-4.3.30/web/acknowledge.c:377:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *remaddr = getenv("REMOTE_ADDR");
data/xymon-4.3.30/web/acknowledge.c:379:43: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
SBUF_MALLOC(acking_user, 1024 + strlen(getenv("REMOTE_USER")) + (remaddr ? strlen(remaddr) : 0));
data/xymon-4.3.30/web/acknowledge.c:380:64: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf(acking_user, acking_user_buflen, "\nAcked by: %s", getenv("REMOTE_USER"));
data/xymon-4.3.30/web/acknowledge.c:397:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (accessfn && (!web_access_allowed(getenv("REMOTE_USER"), awalk->hostname, awalk->testname, WEB_ACCESS_CONTROL))) continue;
data/xymon-4.3.30/web/appfeed.c:84:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *userid = getenv("REMOTE_USER");
data/xymon-4.3.30/web/cgiwrap.c:40:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(ename) == NULL) return;
data/xymon-4.3.30/web/cgiwrap.c:41:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
optlist = strdup(getenv(ename));
data/xymon-4.3.30/web/cgiwrap.c:65:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CGIDEBUG")) debug = 1;
data/xymon-4.3.30/web/cgiwrap.c:85:127: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (strcmp(cgipgm, "columndoc.cgi") == 0) { cgipgm = "csvinfo.cgi"; addoptl("CGI_COLUMNDOC_OPTS"); if (getenv("QUERY_STRING")) { SBUF_DEFINE(t); SBUF_MALLOC(t, strlen(getenv("QUERY_STRING")) + 35); snprintf(t, t_buflen, "QUERY_STRING=db=columndoc.csv&key=%s", getenv("QUERY_STRING")); putenv(t); } }
data/xymon-4.3.30/web/cgiwrap.c:85:191: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (strcmp(cgipgm, "columndoc.cgi") == 0) { cgipgm = "csvinfo.cgi"; addoptl("CGI_COLUMNDOC_OPTS"); if (getenv("QUERY_STRING")) { SBUF_DEFINE(t); SBUF_MALLOC(t, strlen(getenv("QUERY_STRING")) + 35); snprintf(t, t_buflen, "QUERY_STRING=db=columndoc.csv&key=%s", getenv("QUERY_STRING")); putenv(t); } }
data/xymon-4.3.30/web/cgiwrap.c:85:284: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (strcmp(cgipgm, "columndoc.cgi") == 0) { cgipgm = "csvinfo.cgi"; addoptl("CGI_COLUMNDOC_OPTS"); if (getenv("QUERY_STRING")) { SBUF_DEFINE(t); SBUF_MALLOC(t, strlen(getenv("QUERY_STRING")) + 35); snprintf(t, t_buflen, "QUERY_STRING=db=columndoc.csv&key=%s", getenv("QUERY_STRING")); putenv(t); } }
data/xymon-4.3.30/web/cgiwrap.c:125:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!haveenvopt && getenv("XYMONENV")) loadenv(getenv("XYMONENV"), NULL);
data/xymon-4.3.30/web/cgiwrap.c:125:49: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!haveenvopt && getenv("XYMONENV")) loadenv(getenv("XYMONENV"), NULL);
data/xymon-4.3.30/web/chpasswd.c:132:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
loggedinuser = getenv("REMOTE_USER");
data/xymon-4.3.30/web/criticaleditor.c:374:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
operator = getenv("REMOTE_USER");
data/xymon-4.3.30/web/enadis.c:81:109: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
errprintf("Enadis POST that is not coming from self or svcstatus (referer=%s). Ignoring.\n", textornull(getenv("HTTP_REFERER")) );
data/xymon-4.3.30/web/enadis.c:333:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *username = getenv("REMOTE_USER");
data/xymon-4.3.30/web/enadis.c:334:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *userhost = getenv("REMOTE_HOST");
data/xymon-4.3.30/web/enadis.c:335:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *userip = getenv("REMOTE_ADDR");
data/xymon-4.3.30/web/enadis.c:407:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HTTP_REFERER")) printf("Location: %s\n\n", getenv("HTTP_REFERER"));
data/xymon-4.3.30/web/enadis.c:407:58: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HTTP_REFERER")) printf("Location: %s\n\n", getenv("HTTP_REFERER"));
data/xymon-4.3.30/web/enadis.c:483:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (web_access_allowed(getenv("REMOTE_USER"), hostnames[i], NULL, WEB_ACCESS_CONTROL)) {
data/xymon-4.3.30/web/perfdata.c:323:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("QUERY_STRING") == NULL) {
data/xymon-4.3.30/web/report.c:245:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
useragent = getenv("HTTP_USER_AGENT");
data/xymon-4.3.30/web/showgraph.c:1111:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!useroptval) useroptval = getenv("RRDGRAPHOPTS");
data/xymon-4.3.30/web/snapshot.c:186:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
useragent = getenv("HTTP_USER_AGENT");
data/xymon-4.3.30/web/svcstatus.c:132:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("TRENDSECONDS")) backsecs = atoi(getenv("TRENDSECONDS"));
data/xymon-4.3.30/web/svcstatus.c:132:47: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("TRENDSECONDS")) backsecs = atoi(getenv("TRENDSECONDS"));
data/xymon-4.3.30/web/svcstatus.c:153:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
req = getenv("SCRIPT_NAME");
data/xymon-4.3.30/web/svcstatus.c:225:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!web_access_allowed(getenv("REMOTE_USER"), hostname, service, WEB_ACCESS_VIEW)) {
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:237:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptn = getenv("RRDDISKS");
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:243:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptn = getenv("NORRDDISKS");
data/xymon-4.3.30/xymond/rrd/do_disk.c:36:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptn = getenv("RRDDISKS");
data/xymon-4.3.30/xymond/rrd/do_disk.c:42:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptn = getenv("NORRDDISKS");
data/xymon-4.3.30/xymond/rrd/do_ncv.c:36:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
l = getenv(envnam);
data/xymon-4.3.30/xymond/rrd/do_ncv.c:46:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
l = getenv(envnam);
data/xymon-4.3.30/xymond/rrd/do_netapp.c:509:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptn = getenv("RRDDISKS");
data/xymon-4.3.30/xymond/rrd/do_netapp.c:515:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptn = getenv("NORRDDISKS");
data/xymon-4.3.30/xymond/rrdcachectl.c:35:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define xgetenv getenv
data/xymon-4.3.30/xymond/xymond.c:1780:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
newcookie = (random() % 1000000);
data/xymon-4.3.30/xymond/xymond.c:5005:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strcmp(hostname, getenv("MACHINEDOTS")) == 0) {
data/xymon-4.3.30/xymond/xymond.c:5269:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(tv.tv_usec);
data/xymon-4.3.30/xymond/xymonfetch.c:411:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
delay = pollinterval + ((random() % 31) - 16);
data/xymon-4.3.30/xymond/xymonfetch.c:466:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(tv.tv_usec);
data/xymon-4.3.30/xymongen/loaddata.c:497:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *dumpfn = getenv("BOARDDUMP");
data/xymon-4.3.30/xymongen/loaddata.c:498:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *filter = getenv("BOARDFILTER");
data/xymon-4.3.30/xymongen/pagegen.c:455:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
infocolumngif = strdup(getenv("INFOCOLUMNGIF") ? getenv("INFOCOLUMNGIF") : dotgiffilename(COL_GREEN, 0, 1));
data/xymon-4.3.30/xymongen/pagegen.c:455:52: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
infocolumngif = strdup(getenv("INFOCOLUMNGIF") ? getenv("INFOCOLUMNGIF") : dotgiffilename(COL_GREEN, 0, 1));
data/xymon-4.3.30/xymongen/pagegen.c:456:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
trendscolumngif = strdup(getenv("TRENDSCOLUMNGIF") ? getenv("TRENDSCOLUMNGIF") : dotgiffilename(COL_GREEN, 0, 1));
data/xymon-4.3.30/xymongen/pagegen.c:456:56: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
trendscolumngif = strdup(getenv("TRENDSCOLUMNGIF") ? getenv("TRENDSCOLUMNGIF") : dotgiffilename(COL_GREEN, 0, 1));
data/xymon-4.3.30/xymongen/pagegen.c:457:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
clientcolumngif = strdup(getenv("CLIENTCOLUMNGIF") ? getenv("CLIENTCOLUMNGIF") : dotgiffilename(COL_GREEN, 0, 1));
data/xymon-4.3.30/xymongen/pagegen.c:457:56: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
clientcolumngif = strdup(getenv("CLIENTCOLUMNGIF") ? getenv("CLIENTCOLUMNGIF") : dotgiffilename(COL_GREEN, 0, 1));
data/xymon-4.3.30/xymonnet/contest.c:912:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(tv.tv_usec);
data/xymon-4.3.30/xymonnet/contest.c:917:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (shuffletests) item->randomizer = random();
data/xymon-4.3.30/xymonnet/contest.c:965:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *envaddr = getenv(nextinqueue->srcaddr);
data/xymon-4.3.30/xymonnet/xymonnet.c:1078:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("SNTP"); /* Plain "getenv" as we want to know if it's unset */
data/xymon-4.3.30/xymonnet/xymonnet.c:1510:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("TRACEROUTEOPTS")) {
data/xymon-4.3.30/build/merge-lines.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alldelims[10];
data/xymon-4.3.30/build/merge-lines.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[32768];
data/xymon-4.3.30/build/merge-lines.c:69:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(alldelims, "%c+-", delim);
data/xymon-4.3.30/build/merge-lines.c:74:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
curfd = fopen(curfn, "r");
data/xymon-4.3.30/build/merge-lines.c:75:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
unlink(curbckfn); curbckfd = fopen(curbckfn, "w");
data/xymon-4.3.30/build/merge-lines.c:189:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
srcfd = fopen(srcfn, "r");
data/xymon-4.3.30/build/merge-lines.c:190:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
unlink(curfn); curfd = fopen(curfn, "w");
data/xymon-4.3.30/build/merge-sects.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[32768];
data/xymon-4.3.30/build/merge-sects.c:68:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
curfd = fopen(curfn, "r");
data/xymon-4.3.30/build/merge-sects.c:69:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
unlink(curbckfn); curbckfd = fopen(curbckfn, "w");
data/xymon-4.3.30/build/merge-sects.c:116:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
srcfd = fopen(srcfn, "r");
data/xymon-4.3.30/build/merge-sects.c:117:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
unlink(curfn); curfd = fopen(curfn, "w");
data/xymon-4.3.30/build/renametasks.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10240];
data/xymon-4.3.30/build/renamevars.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xymon-4.3.30/build/revlog.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[4096];
data/xymon-4.3.30/build/revlog.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/xymon-4.3.30/build/setup-newfiles.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcfn[PATH_MAX];
data/xymon-4.3.30/build/setup-newfiles.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destfn[PATH_MAX];
data/xymon-4.3.30/build/setup-newfiles.c:25:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sumfd = fopen(argv[2], "r");
data/xymon-4.3.30/build/setup-newfiles.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/xymon-4.3.30/build/setup-newfiles.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcmd5[40];
data/xymon-4.3.30/build/setup-newfiles.c:61:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((fd = fopen(srcfn, "r")) != NULL) && ((ctx = digest_init("md5")) != NULL)) {
data/xymon-4.3.30/build/setup-newfiles.c:73:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(destfn, "r"); if (fd == NULL) continue;
data/xymon-4.3.30/build/setup-newfiles.c:97:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16384];
data/xymon-4.3.30/build/setup-newfiles.c:100:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infd = fopen(srcfn, "r");
data/xymon-4.3.30/build/setup-newfiles.c:106:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfd = fopen(destfn, "w");
data/xymon-4.3.30/build/setup-newfiles.c:135:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldest[PATH_MAX + 1];
data/xymon-4.3.30/build/test-cares.c:20:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tok = strtok(version_required, "."); ver_maj_required = atoi(tok);
data/xymon-4.3.30/build/test-cares.c:21:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tok = strtok(NULL, "."); ver_min_required = atoi(tok);
data/xymon-4.3.30/build/test-cares.c:22:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tok = strtok(NULL, "."); ver_patch_required = atoi(tok);
data/xymon-4.3.30/build/test-lfs.c:10:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int minsize = atoi(argv[1]);
data/xymon-4.3.30/build/test-snprintf.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[100];
data/xymon-4.3.30/build/test-vsnprintf.c:12:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[4096];
data/xymon-4.3.30/client/clientupdate.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[1024];
data/xymon-4.3.30/client/clientupdate.c:65:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
versionfd = fopen(versionfn, "r");
data/xymon-4.3.30/client/clientupdate.c:96:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfn[PATH_MAX];
data/xymon-4.3.30/client/clientupdate.c:99:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/xymon-4.3.30/client/clientupdate.c:115:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfd = fopen(inprogressfn, "w"); if (tmpfd) fclose(tmpfd);
data/xymon-4.3.30/client/clientupdate.c:119:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
srcfd = fopen(srcfn, "r"); cperr = errno;
data/xymon-4.3.30/client/clientupdate.c:127:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (srcfd) { tmpfd = fopen(tmpfn, "w"); cperr = errno; }
data/xymon-4.3.30/client/clientupdate.c:237:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
versionfd = fopen(versionfn, "w");
data/xymon-4.3.30/client/logfetch.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char skiptxt[512];
data/xymon-4.3.30/client/logfetch.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char curpostxt[512];
data/xymon-4.3.30/client/logfetch.c:112:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(filename, "r");
data/xymon-4.3.30/client/logfetch.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *linepos[2*LINES_AROUND_TRIGGER+1];
data/xymon-4.3.30/client/logfetch.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *(*triggerptrs)[2] = NULL;
data/xymon-4.3.30/client/logfetch.c:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regbuf[1000];
data/xymon-4.3.30/client/logfetch.c:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regbuf[1000];
data/xymon-4.3.30/client/logfetch.c:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regbuf[1000];
data/xymon-4.3.30/client/logfetch.c:561:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(startpos, skiptxt, strlen(skiptxt));
data/xymon-4.3.30/client/logfetch.c:640:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char modestr[11];
data/xymon-4.3.30/client/logfetch.c:671:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[20];
data/xymon-4.3.30/client/logfetch.c:682:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/xymon-4.3.30/client/logfetch.c:704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linknam[PATH_MAX];
data/xymon-4.3.30/client/logfetch.c:762:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/xymon-4.3.30/client/logfetch.c:802:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[8192];
data/xymon-4.3.30/client/logfetch.c:841:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[PATH_MAX + 1024];
data/xymon-4.3.30/client/logfetch.c:853:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(cfgfn, "r"); if (fd == NULL) return 1;
data/xymon-4.3.30/client/logfetch.c:880:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) maxbytes = atoi(tok);
data/xymon-4.3.30/client/logfetch.c:926:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pline[PATH_MAX+1];
data/xymon-4.3.30/client/logfetch.c:1302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[PATH_MAX + 1024];
data/xymon-4.3.30/client/logfetch.c:1304:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(statfn, "r");
data/xymon-4.3.30/client/logfetch.c:1322:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) walk->check.logcheck.lastpos[i] = atol(tok);
data/xymon-4.3.30/client/logfetch.c:1338:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(statfn, "w");
data/xymon-4.3.30/client/logfetch.c:1383:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[50];
data/xymon-4.3.30/client/logfetch.c:1422:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scroll = atoi(p);
data/xymon-4.3.30/client/msgcache.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/xymon-4.3.30/client/msgcache.c:146:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idnum = atoi(STRBUF(conn->msgbuf) + 10);
data/xymon-4.3.30/client/msgcache.c:230:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idx[20];
data/xymon-4.3.30/client/msgcache.c:231:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(idx, "%d:%ld ",
data/xymon-4.3.30/client/msgcache.c:302:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) { locport = atoi(p+1); *p = '\0'; } else locport = 1984;
data/xymon-4.3.30/client/msgcache.c:319:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxage = atoi(p+1);
data/xymon-4.3.30/client/msgcache.c:323:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
listenq = atoi(p+1);
data/xymon-4.3.30/client/msgcache.c:390:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen(pidfile, "w");
data/xymon-4.3.30/client/orcaxymon.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[12], fn[PATH_MAX];
data/xymon-4.3.30/client/orcaxymon.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headerline[32768];
data/xymon-4.3.30/client/orcaxymon.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vals[32768];
data/xymon-4.3.30/client/orcaxymon.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/client/orcaxymon.c:66:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "r");
data/xymon-4.3.30/common/xymon.c:61:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
respfd = fopen(fn, "wb");
data/xymon-4.3.30/common/xymon.c:65:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(p+1);
data/xymon-4.3.30/common/xymoncmd.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xymon-4.3.30/common/xymoncmd.c:58:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(buf, "localhost");
data/xymon-4.3.30/common/xymoncmd.c:79:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(buf, "unix");
data/xymon-4.3.30/common/xymoncmd.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char envfn[PATH_MAX];
data/xymon-4.3.30/common/xymoncmd.c:146:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (stat(envfn, &st) == -1) sprintf(envfn, "/etc/xymon/xymonserver.cfg");
data/xymon-4.3.30/common/xymoncmd.c:149:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (stat(envfn, &st) == -1) sprintf(envfn, "/etc/xymon-client/xymonclient.cfg");
data/xymon-4.3.30/common/xymoncmd.c:150:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (stat(envfn, &st) == -1) sprintf(envfn, "xymonserver.cfg");
data/xymon-4.3.30/common/xymoncmd.c:151:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (stat(envfn, &st) == -1) sprintf(envfn, "xymonclient.cfg");
data/xymon-4.3.30/common/xymondigest.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/xymon-4.3.30/common/xymondigest.c:40:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (argc > 2) fd = fopen(argv[2], "r"); else fd = stdin;
data/xymon-4.3.30/common/xymongrep.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/xymon-4.3.30/common/xymongrep.c:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/common/xymonlaunch.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myhostname[256];
data/xymon-4.3.30/common/xymonlaunch.c:114:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(myhostname, "localhost");
data/xymon-4.3.30/common/xymonlaunch.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(twalk->copy,twalk,sizeof(tasklist_t));
data/xymon-4.3.30/common/xymonlaunch.c:235:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (isdigit((int) *p)) maxuse = atoi(p); else maxuse = 1;
data/xymon-4.3.30/common/xymonlaunch.c:253:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curtask->interval = atoi(p);
data/xymon-4.3.30/common/xymonlaunch.c:275:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curtask->maxruntime = atoi(p);
data/xymon-4.3.30/common/xymonlaunch.c:600:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pidfd = fopen(pidfn, "w");
data/xymon-4.3.30/common/xymonlaunch.c:732:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tasksleepenv[20],bbsleepenv[20];
data/xymon-4.3.30/common/xymonlaunch.c:743:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tasksleepenv, "TASKSLEEP=%d", twalk->interval);
data/xymon-4.3.30/common/xymonlaunch.c:744:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bbsleepenv, "BBSLEEP=%d", twalk->interval); /* For compatibility */
data/xymon-4.3.30/demotool/demotool.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/demotool/demotool.c:103:44: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} while ( (stat(fn, &st) == -1) || ((fd = fopen(fn, "r")) == NULL) );
data/xymon-4.3.30/demotool/demotool.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/demotool/demotool.c:129:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "r"); if (!fd) return NULL;
data/xymon-4.3.30/demotool/demotool.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/demotool/demotool.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/xymon-4.3.30/demotool/demotool.c:171:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "r"); if (fd == NULL) continue;
data/xymon-4.3.30/demotool/demotool.c:220:83: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strchr(lspec, ':'); if (p) { *p = '\0'; p++; listenip = lspec; listenport = atoi(p); }
data/xymon-4.3.30/demotool/demotool.c:242:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newitem->delay = (p ? atoi(p) : 0);
data/xymon-4.3.30/demotool/demotool.c:285:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) newitem->bootup = time(NULL) - 60*atoi(p);
data/xymon-4.3.30/demotool/demotool.c:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[4096];
data/xymon-4.3.30/lib/acklog.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acklogfilename[PATH_MAX];
data/xymon-4.3.30/lib/acklog.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/lib/acklog.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[200];
data/xymon-4.3.30/lib/acklog.c:49:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
acklog = fopen(acklogfilename, "r");
data/xymon-4.3.30/lib/acklog.c:53:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
acklog = fopen(acklogfilename, "r");
data/xymon-4.3.30/lib/acklog.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ackedby[MAX_LINE_LEN], hosttest[MAX_LINE_LEN], color[10], ackmsg[MAX_LINE_LEN];
data/xymon-4.3.30/lib/acklog.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ackfn[PATH_MAX];
data/xymon-4.3.30/lib/acklog.c:84:7: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atol(l) >= cutoff) {
data/xymon-4.3.30/lib/acklog.c:102:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexnum[3];
data/xymon-4.3.30/lib/acknowledgementslog.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acknowledgementslogfilename[PATH_MAX];
data/xymon-4.3.30/lib/acknowledgementslog.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/lib/acknowledgementslog.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[200];
data/xymon-4.3.30/lib/acknowledgementslog.c:160:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
acknowledgementslog = fopen(acknowledgementslogfilename, "r");
data/xymon-4.3.30/lib/acknowledgementslog.c:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAX_LINE_LEN];
data/xymon-4.3.30/lib/acknowledgementslog.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svc[MAX_LINE_LEN];
data/xymon-4.3.30/lib/acknowledgementslog.c:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recipient[MAX_LINE_LEN];
data/xymon-4.3.30/lib/acknowledgementslog.c:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MAX_LINE_LEN];
data/xymon-4.3.30/lib/acknowledgementslog.c:335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bgcolors[2] = { "#000000", "#000066" };
data/xymon-4.3.30/lib/availability.c:37:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dur[100];
data/xymon-4.3.30/lib/availability.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhelp[100];
data/xymon-4.3.30/lib/availability.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cause[MAX_LINE_LEN];
data/xymon-4.3.30/lib/availability.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/lib/availability.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/lib/availability.c:171:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "r");
data/xymon-4.3.30/lib/availability.c:347:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timespec[26];
data/xymon-4.3.30/lib/availability.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tokens[5];
data/xymon-4.3.30/lib/availability.c:378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/lib/availability.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colstr[MAX_LINE_LEN];
data/xymon-4.3.30/lib/availability.c:557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/lib/availability.c:559:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colstr[MAX_LINE_LEN];
data/xymon-4.3.30/lib/availability.c:602:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argv[1], "r");
data/xymon-4.3.30/lib/availability.c:605:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reportstart = atol(argv[2]);
data/xymon-4.3.30/lib/availability.c:606:14: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reportend = atol(argv[3]);
data/xymon-4.3.30/lib/availability.c:625:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start[MAXDURSIZE];
data/xymon-4.3.30/lib/availability.c:626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end[MAXDURSIZE];
data/xymon-4.3.30/lib/availability.c:627:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dur[MAXDURSIZE], dhelp[MAXDURSIZE];
data/xymon-4.3.30/lib/cgi.c:80:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
postsize = atoi(contlen);
data/xymon-4.3.30/lib/cgi.c:294:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cgi_checkstr[1024];
data/xymon-4.3.30/lib/color.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inpcolor[10];
data/xymon-4.3.30/lib/crondate.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAX_TEMPSTR], *pc;
data/xymon-4.3.30/lib/crondate.c:291:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*numptr = atoi(temp);
data/xymon-4.3.30/lib/digest.c:27:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md_value[16];
data/xymon-4.3.30/lib/digest.c:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char md_string[2*16+1];
data/xymon-4.3.30/lib/encoding.c:200:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outp, inp, n);
data/xymon-4.3.30/lib/errormsg.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[4096];
data/xymon-4.3.30/lib/errormsg.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timestr[20];
data/xymon-4.3.30/lib/errormsg.c:110:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debugfd = fopen(fn, (appendtofile ? "a" : "w"));
data/xymon-4.3.30/lib/errormsg.c:123:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracefd = fopen(fn, "a");
data/xymon-4.3.30/lib/errormsg.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[40];
data/xymon-4.3.30/lib/errormsg.c:161:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testfd = fopen(fn, mode);
data/xymon-4.3.30/lib/errormsg.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfn[PATH_MAX];
data/xymon-4.3.30/lib/eventlog.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svc[100];
data/xymon-4.3.30/lib/eventlog.c:327:34: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastchange = ((color != -1) ? atol(strtok(NULL, "\n")) : totime+1);
data/xymon-4.3.30/lib/eventlog.c:509:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eventlogfilename[PATH_MAX];
data/xymon-4.3.30/lib/eventlog.c:514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/lib/eventlog.c:515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[200];
data/xymon-4.3.30/lib/eventlog.c:581:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
eventlog = fopen(eventlogfilename, "r");
data/xymon-4.3.30/lib/eventlog.c:626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAX_LINE_LEN], svcname[MAX_LINE_LEN], newcol[MAX_LINE_LEN], oldcol[MAX_LINE_LEN];
data/xymon-4.3.30/lib/eventlog.c:711:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bgcolors[2] = { "#000000", "#000033" };
data/xymon-4.3.30/lib/files.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/lib/headfoot.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostenv_eventtimestart[20];
data/xymon-4.3.30/lib/headfoot.c:70:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostenv_eventtimeend[20];
data/xymon-4.3.30/lib/headfoot.c:353:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[100];
data/xymon-4.3.30/lib/headfoot.c:481:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[20];
data/xymon-4.3.30/lib/headfoot.c:640:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[100];
data/xymon-4.3.30/lib/headfoot.c:651:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char starttime[20], endtime[20];
data/xymon-4.3.30/lib/headfoot.c:706:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[20];
data/xymon-4.3.30/lib/headfoot.c:725:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[20];
data/xymon-4.3.30/lib/headfoot.c:741:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weekstr[5];
data/xymon-4.3.30/lib/headfoot.c:746:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strftime(weekstr, sizeof(weekstr)-1, "%V", nowtm); weeknum = atoi(weekstr);
data/xymon-4.3.30/lib/headfoot.c:972:59: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tname) { p = gettok(NULL, "|"); if (p) distime = atol(p); }
data/xymon-4.3.30/lib/headfoot.c:1123:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) { id = atoi(p); p = gettok(NULL, "|"); }
data/xymon-4.3.30/lib/headfoot.c:1124:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) { executiontime = atoi(p); p = gettok(NULL, "|"); }
data/xymon-4.3.30/lib/headfoot.c:1232:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curr = (criteditslastart ? (atoi(criteditslastart) / 100) : 0);
data/xymon-4.3.30/lib/headfoot.c:1243:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curr = (criteditslaend ? (atoi(criteditslaend) / 100) : 24);
data/xymon-4.3.30/lib/headfoot.c:1277:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[20];
data/xymon-4.3.30/lib/headfoot.c:1282:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nowtm, localtime(&now), sizeof(tm));
data/xymon-4.3.30/lib/headfoot.c:1309:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nowtm, localtime(&now), sizeof(tm));
data/xymon-4.3.30/lib/headfoot.c:1380:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int weekstart = atoi(xgetenv("WEEKSTART"));
data/xymon-4.3.30/lib/headfoot.c:1395:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int weekstart = atoi(xgetenv("WEEKSTART"));
data/xymon-4.3.30/lib/headfoot.c:1502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/xymon-4.3.30/lib/headfoot.c:1563:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/xymon-4.3.30/lib/headfoot.c:1583:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/xymon-4.3.30/lib/headfoot.c:1606:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(bulletinfile, O_RDONLY);
data/xymon-4.3.30/lib/headfoot.c:1633:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formfn[PATH_MAX];
data/xymon-4.3.30/lib/headfoot.c:1636:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
formfile = open(formfn, O_RDONLY);
data/xymon-4.3.30/lib/holidays.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/lib/holidays.c:410:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
holidays_like_weekday = atoi(p);
data/xymon-4.3.30/lib/holidays.c:464:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newholiday.month=atoi(arg2);
data/xymon-4.3.30/lib/holidays.c:467:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newholiday.day=atoi(arg2);
data/xymon-4.3.30/lib/holidays.c:470:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newholiday.day=atoi(arg2);
data/xymon-4.3.30/lib/holidays.c:473:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newholiday.year=atoi(arg2);
data/xymon-4.3.30/lib/holidays.c:572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oneh[1024];
data/xymon-4.3.30/lib/holidays.c:573:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstr[1024];
data/xymon-4.3.30/lib/holidays.c:616:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[1024];
data/xymon-4.3.30/lib/holidays.c:634:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tok, *arg[5];
data/xymon-4.3.30/lib/holidays.c:644:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t = getEasterDate(atoi(arg[1]) - 1900);
data/xymon-4.3.30/lib/holidays.c:646:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("Easter Sunday %04d is %02d/%02d/%04d\n", atoi(arg[1]),
data/xymon-4.3.30/lib/holidays.c:650:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t = get4AdventDate(atoi(arg[1]) - 1900);
data/xymon-4.3.30/lib/holidays.c:652:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("4Advent %04d is %02d/%02d/%04d\n", atoi(arg[1]),
data/xymon-4.3.30/lib/holidays.c:659:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtm.tm_mday = getnumberedweekday(atoi(arg[2]), atoi(arg[1]), atoi(arg[3]), atoi(arg[4])-1900) + 1;
data/xymon-4.3.30/lib/holidays.c:659:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtm.tm_mday = getnumberedweekday(atoi(arg[2]), atoi(arg[1]), atoi(arg[3]), atoi(arg[4])-1900) + 1;
data/xymon-4.3.30/lib/holidays.c:659:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtm.tm_mday = getnumberedweekday(atoi(arg[2]), atoi(arg[1]), atoi(arg[3]), atoi(arg[4])-1900) + 1;
data/xymon-4.3.30/lib/holidays.c:659:80: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtm.tm_mday = getnumberedweekday(atoi(arg[2]), atoi(arg[1]), atoi(arg[3]), atoi(arg[4])-1900) + 1;
data/xymon-4.3.30/lib/holidays.c:661:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtm.tm_year = atoi(arg[4]) - 1900;
data/xymon-4.3.30/lib/holidays.c:665:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(arg[1]), dayname[atoi(arg[2])], atoi(arg[3]), atoi(arg[4]),
data/xymon-4.3.30/lib/holidays.c:665:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(arg[1]), dayname[atoi(arg[2])], atoi(arg[3]), atoi(arg[4]),
data/xymon-4.3.30/lib/holidays.c:665:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(arg[1]), dayname[atoi(arg[2])], atoi(arg[3]), atoi(arg[4]),
data/xymon-4.3.30/lib/holidays.c:665:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(arg[1]), dayname[atoi(arg[2])], atoi(arg[3]), atoi(arg[4]),
data/xymon-4.3.30/lib/holidays.c:672:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtm.tm_mday = getweekdayafter(atoi(arg[2]), atoi(arg[1]), atoi(arg[3]), atoi(arg[4])-1900) + 1;
data/xymon-4.3.30/lib/holidays.c:672:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtm.tm_mday = getweekdayafter(atoi(arg[2]), atoi(arg[1]), atoi(arg[3]), atoi(arg[4])-1900) + 1;
data/xymon-4.3.30/lib/holidays.c:672:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtm.tm_mday = getweekdayafter(atoi(arg[2]), atoi(arg[1]), atoi(arg[3]), atoi(arg[4])-1900) + 1;
data/xymon-4.3.30/lib/holidays.c:672:77: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtm.tm_mday = getweekdayafter(atoi(arg[2]), atoi(arg[1]), atoi(arg[3]), atoi(arg[4])-1900) + 1;
data/xymon-4.3.30/lib/holidays.c:674:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtm.tm_year = atoi(arg[4]) - 1900;
data/xymon-4.3.30/lib/holidays.c:678:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(arg[1]), dayname[atoi(arg[2])], atoi(arg[3]), atoi(arg[4]),
data/xymon-4.3.30/lib/holidays.c:678:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(arg[1]), dayname[atoi(arg[2])], atoi(arg[3]), atoi(arg[4]),
data/xymon-4.3.30/lib/holidays.c:678:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(arg[1]), dayname[atoi(arg[2])], atoi(arg[3]), atoi(arg[4]),
data/xymon-4.3.30/lib/holidays.c:678:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(arg[1]), dayname[atoi(arg[2])], atoi(arg[3]), atoi(arg[4]),
data/xymon-4.3.30/lib/holidays.c:688:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi(y_tok);
data/xymon-4.3.30/lib/htmllog.c:194:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (getenv("TRENDSECONDS")) graphtime = atoi(getenv("TRENDSECONDS"));
data/xymon-4.3.30/lib/htmllog.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formfn[PATH_MAX];
data/xymon-4.3.30/lib/htmllog.c:214:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
formfile = open(formfn, O_RDONLY);
data/xymon-4.3.30/lib/htmllog.c:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formfn[PATH_MAX];
data/xymon-4.3.30/lib/htmllog.c:238:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
formfile = open(formfn, O_RDONLY);
data/xymon-4.3.30/lib/htmllog.c:251:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sethostenv_critack(atoi(prio), ttgroup, ttextra,
data/xymon-4.3.30/lib/htmllog.c:265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char receivedstr[200];
data/xymon-4.3.30/lib/htmllog.c:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char untilstr[200];
data/xymon-4.3.30/lib/htmllog.c:286:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) { received = atoi(tok); tok = strtok(NULL, ":"); } else received = 0;
data/xymon-4.3.30/lib/htmllog.c:287:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) { validuntil = atoi(tok); tok = strtok(NULL, ":"); } else validuntil = 0;
data/xymon-4.3.30/lib/htmllog.c:288:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) { level = atoi(tok); tok = strtok(NULL, ":"); } else level = -1;
data/xymon-4.3.30/lib/htmllog.c:389:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ackuntil[200];
data/xymon-4.3.30/lib/htmllog.c:436:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
linecount=atoi(lcstr+15);
data/xymon-4.3.30/lib/htmllog.c:542:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tag[1024];
data/xymon-4.3.30/lib/htmllog.c:604:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char linkurl[PATH_MAX];
data/xymon-4.3.30/lib/htmllog.c:631:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[4096];
data/xymon-4.3.30/lib/ipaccess.c:41:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) { *p = '/'; p++; bits = atoi(p); }
data/xymon-4.3.30/lib/ipaccess.c:43:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result[count].ipmask = (0xFFFFFFFF << (32 - atoi(p)));
data/xymon-4.3.30/lib/links.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/lib/links.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[PATH_MAX];
data/xymon-4.3.30/lib/loadalerts.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cfline[256];
data/xymon-4.3.30/lib/loadalerts.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/lib/loadalerts.c:1141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[4096];
data/xymon-4.3.30/lib/loadalerts.c:1144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codes[25];
data/xymon-4.3.30/lib/loadalerts.c:1267:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (p) { p += strlen("rowspan="); memcpy(p, l, 3); }
data/xymon-4.3.30/lib/loadalerts.h:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[IP_ADDR_STRLEN];
data/xymon-4.3.30/lib/loadcriticalconf.c:138:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ttprio = atoi(gettok(NULL, "|\n")); if (ttprio == 0) continue;
data/xymon-4.3.30/lib/loadcriticalconf.c:147:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newitem->starttime= ((estart && *estart) ? atoi(estart) : 0);
data/xymon-4.3.30/lib/loadcriticalconf.c:148:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newitem->endtime = ((eend && *eend) ? atoi(eend) : 0);
data/xymon-4.3.30/lib/loadcriticalconf.c:340:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/xymon-4.3.30/lib/loadcriticalconf.c:357:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(configfn, "r");
data/xymon-4.3.30/lib/loadcriticalconf.c:359:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bakfd = fopen(bakfn, "w");
data/xymon-4.3.30/lib/loadcriticalconf.c:369:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(configfn, "w");
data/xymon-4.3.30/lib/loadcriticalconf.c:396:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startstr[20], endstr[20];
data/xymon-4.3.30/lib/loadhosts.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[IP_ADDR_STRLEN];
data/xymon-4.3.30/lib/loadhosts.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *xmh_item_key[XMH_LAST];
data/xymon-4.3.30/lib/loadhosts.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *xmh_item_name[XMH_LAST];
data/xymon-4.3.30/lib/loadhosts.c:502:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char intbuf[15];
data/xymon-4.3.30/lib/loadhosts.c:807:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/xymon-4.3.30/lib/loadhosts.c:810:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/lib/loadhosts_file.c:89:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char contentmd5[33] = { '\0', };
data/xymon-4.3.30/lib/loadhosts_file.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[4096];
data/xymon-4.3.30/lib/loadhosts_file.c:308:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char groupidstr[15];
data/xymon-4.3.30/lib/loadhosts_net.c:17:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *hivals[XMH_LAST] = { NULL, };
data/xymon-4.3.30/lib/locator.c:206:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pingbuf[512];
data/xymon-4.3.30/lib/locator.c:240:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
portnum = atoi(p+1);
data/xymon-4.3.30/lib/locator.c:243:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
portnum = atoi(xgetenv("XYMONDPORT"));
data/xymon-4.3.30/lib/locator.c:422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xymon-4.3.30/lib/locator.c:475:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
weight = (p5 ? atoi(p5) : 1);
data/xymon-4.3.30/lib/locator.c:476:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sticky = ((p6 && (atoi(p6) == 1)) ? LOC_STICKY : LOC_ROAMING);
data/xymon-4.3.30/lib/matching.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[100];
data/xymon-4.3.30/lib/md5.c:188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf, data, 64);
data/xymon-4.3.30/lib/md5.c:362:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf + offset, p, copy);
data/xymon-4.3.30/lib/md5.c:376:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf, p, left);
data/xymon-4.3.30/lib/md5.c:406:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void myMD5_Final(unsigned char digest[16], void *pms) { md5_finish((md5_state_t *)pms, (md5_byte_t *)digest); }
data/xymon-4.3.30/lib/md5.c:418:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/xymon-4.3.30/lib/md5.c:420:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/xymon-4.3.30/lib/md5.c:423:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argv[1], "r");
data/xymon-4.3.30/lib/md5.h:19:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void myMD5_Final(unsigned char digest[16], void *pms);
data/xymon-4.3.30/lib/memory.c:303:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rrbuf[10000];
data/xymon-4.3.30/lib/misc.c:206:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char reduced[255];
data/xymon-4.3.30/lib/misc.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extfn[PATH_MAX];
data/xymon-4.3.30/lib/msort.c:275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[10];
data/xymon-4.3.30/lib/netservices.c:79:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hexchars[16] = "0123456789ABCDEF";
data/xymon-4.3.30/lib/netservices.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/xymon-4.3.30/lib/netservices.c:257:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
first->rec->port = atoi(skipwhitespace(l+4));
data/xymon-4.3.30/lib/notifylog.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notifylogfilename[PATH_MAX];
data/xymon-4.3.30/lib/notifylog.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/lib/notifylog.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[200];
data/xymon-4.3.30/lib/notifylog.c:158:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
notifylog = fopen(notifylogfilename, "r");
data/xymon-4.3.30/lib/notifylog.c:196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostsvc[MAX_LINE_LEN];
data/xymon-4.3.30/lib/notifylog.c:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recipient[MAX_LINE_LEN];
data/xymon-4.3.30/lib/notifylog.c:300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bgcolors[2] = { "#000000", "#000066" };
data/xymon-4.3.30/lib/readmib.c:157:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endmarks[6];
data/xymon-4.3.30/lib/reportlog.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stylenames[3] = { "crit", "nongr", "all" };
data/xymon-4.3.30/lib/reportlog.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bgcols[2] = { "\"#000000\"", "\"#000033\"" };
data/xymon-4.3.30/lib/reportlog.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_starttime[20], text_endtime[20];
data/xymon-4.3.30/lib/reportlog.c:190:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start[30];
data/xymon-4.3.30/lib/reportlog.c:191:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char end[30];
data/xymon-4.3.30/lib/rmd160c.c:192:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,data,RIPEMD160_CBLOCK);
data/xymon-4.3.30/lib/rmd160c.c:224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,data,sc);
data/xymon-4.3.30/lib/rmd160c.c:444:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char end[4]={0x80,0x00,0x00,0x00};
data/xymon-4.3.30/lib/rmd160c.c:515:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void myRIPEMD160_Final(char md[20], void *c) { RIPEMD160_Final(md, (RIPEMD160_CTX *)c); }
data/xymon-4.3.30/lib/rmd160c.c:523:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/xymon-4.3.30/lib/rmd160c.c:525:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[20];
data/xymon-4.3.30/lib/rmd160c.c:526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_string[41];
data/xymon-4.3.30/lib/rmd160c.c:531:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argv[1], "r");
data/xymon-4.3.30/lib/run.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[1024];
data/xymon-4.3.30/lib/sendmsg.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errordetails[1024];
data/xymon-4.3.30/lib/sendmsg.c:112:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xymonproxyport = atoi(p);
data/xymon-4.3.30/lib/sendmsg.c:126:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (xgetenv("XYMONDPORT")) xymondportnumber = atoi(xgetenv("XYMONDPORT"));
data/xymon-4.3.30/lib/sendmsg.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recvbuf[32768];
data/xymon-4.3.30/lib/sendmsg.c:187:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*p = '\0'; p++; rcptport = atoi(p);
data/xymon-4.3.30/lib/sendmsg.c:216:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rcptport = atoi(p);
data/xymon-4.3.30/lib/sendmsg.c:272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/lib/sendmsg.c:276:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, *(hent->h_addr_list), sizeof(struct in_addr));
data/xymon-4.3.30/lib/sendmsg.c:401:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(respend, outp, n);
data/xymon-4.3.30/lib/sendmsg.c:701:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (xgetenv("MAXMSGSPERCOMBO")) maxmsgspercombo = atoi(xgetenv("MAXMSGSPERCOMBO"));
data/xymon-4.3.30/lib/sendmsg.c:708:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (xgetenv("SLEEPBETWEENMSGS")) sleepbetweenmsgs = atoi(xgetenv("SLEEPBETWEENMSGS"));
data/xymon-4.3.30/lib/sendmsg.c:722:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comboofsstr, "extcombo", 8);
data/xymon-4.3.30/lib/sha1.c:33:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/xymon-4.3.30/lib/sha1.c:67:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void SHA1Transform(uint32_t state[5], const unsigned char buffer[64])
data/xymon-4.3.30/lib/sha1.c:71:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[64];
data/xymon-4.3.30/lib/sha1.c:76:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, buffer, 64);
data/xymon-4.3.30/lib/sha1.c:153:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], data, (i = 64-j));
data/xymon-4.3.30/lib/sha1.c:161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], &data[i], len - i);
data/xymon-4.3.30/lib/sha1.c:167:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
data/xymon-4.3.30/lib/sha1.c:170:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char finalcount[8];
data/xymon-4.3.30/lib/sha1.c:219:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mySHA1_Final(unsigned char digest[20], void* context) { SHA1Final(digest, (SHA1_CTX *)context); }
data/xymon-4.3.30/lib/sha1.c:231:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/xymon-4.3.30/lib/sha1.c:233:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[20];
data/xymon-4.3.30/lib/sha1.c:236:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(argv[1], "r");
data/xymon-4.3.30/lib/sha1.h:19:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void mySHA1_Final(unsigned char digest[20], void *context);
data/xymon-4.3.30/lib/sha2.c:364:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/xymon-4.3.30/lib/sha2.c:381:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 6],
data/xymon-4.3.30/lib/sha2.c:561:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/xymon-4.3.30/lib/sha2.c:578:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 7],
data/xymon-4.3.30/lib/sha2.c:663:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/xymon-4.3.30/lib/sha2.c:680:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 7],
data/xymon-4.3.30/lib/sha2.c:763:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/xymon-4.3.30/lib/sha2.c:780:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 6],
data/xymon-4.3.30/lib/sha2.c:834:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2 * SHA512_DIGEST_SIZE + 1];
data/xymon-4.3.30/lib/sha2.c:852:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *vectors[4][3] =
data/xymon-4.3.30/lib/sha2.c:893:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[SHA512_DIGEST_SIZE];
data/xymon-4.3.30/lib/sha2.c:955:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mySHA224_Final(char md[20], void *c) { sha224_final((sha224_ctx *)c, md); }
data/xymon-4.3.30/lib/sha2.c:960:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mySHA256_Final(char md[20], void *c) { sha256_final((sha256_ctx *)c, md); }
data/xymon-4.3.30/lib/sha2.c:965:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mySHA384_Final(char md[20], void *c) { sha384_final((sha384_ctx *)c, md); }
data/xymon-4.3.30/lib/sha2.c:970:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mySHA512_Final(char md[20], void *c) { sha512_final((sha512_ctx *)c, md); }
data/xymon-4.3.30/lib/sha2.h:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[2 * SHA256_BLOCK_SIZE];
data/xymon-4.3.30/lib/sha2.h:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[2 * SHA512_BLOCK_SIZE];
data/xymon-4.3.30/lib/sha2.h:106:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void mySHA224_Final(char md[20], void *c);
data/xymon-4.3.30/lib/sha2.h:111:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void mySHA256_Final(char md[20], void *c);
data/xymon-4.3.30/lib/sha2.h:116:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void mySHA384_Final(char md[20], void *c);
data/xymon-4.3.30/lib/sha2.h:121:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void mySHA512_Final(char md[20], void *c);
data/xymon-4.3.30/lib/sig.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char signal_xymoncmd[PATH_MAX];
data/xymon-4.3.30/lib/sig.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char signal_xymondserver[1024];
data/xymon-4.3.30/lib/sig.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char signal_msg[1024];
data/xymon-4.3.30/lib/sig.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char signal_tmpdir[PATH_MAX];
data/xymon-4.3.30/lib/stackio.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[4096+1];
data/xymon-4.3.30/lib/stackio.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stackfd_filename[PATH_MAX];
data/xymon-4.3.30/lib/stackio.c:217:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newfd = fopen(stackfd_filename, stackfd_mode);
data/xymon-4.3.30/lib/stackio.c:333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirfn[PATH_MAX], fn[PATH_MAX];
data/xymon-4.3.30/lib/stackio.c:525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/xymon-4.3.30/lib/strfunc.c:120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->s+buf->used, newtext, newlen);
data/xymon-4.3.30/lib/test-endianness.c:23:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cbuf[sizeof(c)];
data/xymon-4.3.30/lib/timefunc.c:65:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *daynames[7] = { NULL, };
data/xymon-4.3.30/lib/timefunc.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtext[10];
data/xymon-4.3.30/lib/timefunc.c:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d1[40],d2[3],d3[40];
data/xymon-4.3.30/lib/timefunc.c:438:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oneval = atoi(startofval);
data/xymon-4.3.30/lib/timefunc.c:466:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[50];
data/xymon-4.3.30/lib/timefunc.c:508:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[128];
data/xymon-4.3.30/lib/timefunc.c:546:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_min = atoi(s+10); *(s+10) = '\0';
data/xymon-4.3.30/lib/timefunc.c:547:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_hour = atoi(s+8); *(s+8) = '\0';
data/xymon-4.3.30/lib/timefunc.c:548:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_mday = atoi(s+6); *(s+6) = '\0';
data/xymon-4.3.30/lib/timefunc.c:549:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_mon = atoi(s+4) - 1; *(s+4) = '\0';
data/xymon-4.3.30/lib/timefunc.c:550:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tm.tm_year = atoi(s) - 1900; *(s+4) = '\0';
data/xymon-4.3.30/lib/timefunc.c:563:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (time_t) atol(timestamp);
data/xymon-4.3.30/lib/timing.c:108:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tdiff, now, sizeof(struct timespec));
data/xymon-4.3.30/lib/timing.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[80];
data/xymon-4.3.30/lib/tree.c:406:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(newents[1]), &(mytree->entries[0]), (mytree->treesz * sizeof(treerec_t)));
data/xymon-4.3.30/lib/tree.c:434:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(newents[0]), &(mytree->entries[0]), n*sizeof(treerec_t));
data/xymon-4.3.30/lib/tree.c:442:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(newents[n+1]), &(mytree->entries[n]), (mytree->treesz - n)*sizeof(treerec_t));
data/xymon-4.3.30/lib/tree.c:482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], key[1024], data[1024];
data/xymon-4.3.30/lib/url.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netrcfn[MAXPATHLEN];
data/xymon-4.3.30/lib/url.c:175:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(netrcfn, "r");
data/xymon-4.3.30/lib/url.c:179:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(netrcfn, "r");
data/xymon-4.3.30/lib/url.c:378:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
url->port = atoi(p+1);
data/xymon-4.3.30/lib/xymond_buffer.c:43:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result = atoi(v);
data/xymon-4.3.30/lib/xymond_ipc.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *channelnames[C_LAST+1] = {
data/xymon-4.3.30/lib/xymonrrd.c:140:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
grec->maxgraphs = atoi(p+1);
data/xymon-4.3.30/lib/xymonrrd.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rrdservicename[100];
data/xymon-4.3.30/lib/xymonrrd.c:226:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gwidth = atoi(xgetenv("RRDWIDTH"));
data/xymon-4.3.30/lib/xymonrrd.c:227:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gheight = atoi(xgetenv("RRDHEIGHT"));
data/xymon-4.3.30/web/ackinfo.c:50:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (level == -1) level = atoi(cwalk->value);
data/xymon-4.3.30/web/ackinfo.c:54:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (validity == -1) validity = atoi(cwalk->value);
data/xymon-4.3.30/web/ackinfo.c:82:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(p+1);
data/xymon-4.3.30/web/ackinfo.c:86:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
validity = atoi(p+1);
data/xymon-4.3.30/web/ackinfo.c:98:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cgisource[1024]; char *p;
data/xymon-4.3.30/web/acknowledge.c:64:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sendnum = atoi(cwalk->name+5);
data/xymon-4.3.30/web/acknowledge.c:85:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delim = strchr(cwalk->name, '_'); if (delim) id = atoi(delim+1);
data/xymon-4.3.30/web/acknowledge.c:98:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delim = strchr(cwalk->name, '_'); if (delim) id = atoi(delim+1);
data/xymon-4.3.30/web/acknowledge.c:102:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delim = strchr(cwalk->name, '_'); if (delim) id = atoi(delim+1);
data/xymon-4.3.30/web/acknowledge.c:106:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delim = strchr(cwalk->name, '_'); if (delim) id = atoi(delim+1);
data/xymon-4.3.30/web/acknowledge.c:110:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delim = strchr(cwalk->name, '_'); if (delim) id = atoi(delim+1);
data/xymon-4.3.30/web/acknowledge.c:114:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delim = strchr(cwalk->name, '_'); if (delim) id = atoi(delim+1);
data/xymon-4.3.30/web/acknowledge.c:118:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delim = strchr(cwalk->name, '_'); if (delim) id = atoi(delim+1);
data/xymon-4.3.30/web/acknowledge.c:145:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (acknum) awalk->acknum = atoi(acknum);
data/xymon-4.3.30/web/acknowledge.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[15];
data/xymon-4.3.30/web/acknowledge.c:366:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cgisource[1024]; char *p;
data/xymon-4.3.30/web/acknowledgements.c:54:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxcount = atoi(cwalk->value);
data/xymon-4.3.30/web/acknowledgements.c:57:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxminutes = atoi(cwalk->value);
data/xymon-4.3.30/web/appfeed.c:199:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(acktime) != 0) {
data/xymon-4.3.30/web/appfeed.c:209:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(distime) != 0) {
data/xymon-4.3.30/web/cgiwrap.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char executable[PATH_MAX];
data/xymon-4.3.30/web/cgiwrap.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xymoncmd[PATH_MAX];
data/xymon-4.3.30/web/chpasswd.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cgisource[1024]; char *p;
data/xymon-4.3.30/web/confreport.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[PATH_MAX];
data/xymon-4.3.30/web/confreport.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/web/confreport.c:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contcol[1024];
data/xymon-4.3.30/web/confreport.c:315:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newitem->visualdata, "<br>");
data/xymon-4.3.30/web/confreport.c:515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/web/confreport.c:520:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "r"); if (!fd) return;
data/xymon-4.3.30/web/confreport.c:643:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char configfn[PATH_MAX];
data/xymon-4.3.30/web/confreport.c:853:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
alertinterval = 60*atoi(xgetenv("ALERTREPEAT"));
data/xymon-4.3.30/web/criticaleditor.c:80:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rq_priority = atoi(cwalk->value);
data/xymon-4.3.30/web/criticaleditor.c:101:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rq_startday = atoi(cwalk->value);
data/xymon-4.3.30/web/criticaleditor.c:104:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rq_startmon = atoi(cwalk->value);
data/xymon-4.3.30/web/criticaleditor.c:107:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rq_startyear = atoi(cwalk->value);
data/xymon-4.3.30/web/criticaleditor.c:110:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rq_endday = atoi(cwalk->value);
data/xymon-4.3.30/web/criticaleditor.c:113:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rq_endmon = atoi(cwalk->value);
data/xymon-4.3.30/web/criticaleditor.c:116:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rq_endyear = atoi(cwalk->value);
data/xymon-4.3.30/web/criticaleditor.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warnmsg[4096];
data/xymon-4.3.30/web/criticaleditor.c:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[20];
data/xymon-4.3.30/web/criticaleditor.c:399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cgisource[1024]; char *p;
data/xymon-4.3.30/web/criticalview.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/xymon-4.3.30/web/criticalview.c:124:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newitem->lastchange = atoi(gettok(NULL, "|"));
data/xymon-4.3.30/web/criticalview.c:125:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newitem->logtime = atoi(gettok(NULL, "|"));
data/xymon-4.3.30/web/criticalview.c:126:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newitem->validtime = atoi(gettok(NULL, "|"));
data/xymon-4.3.30/web/criticalview.c:150:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newitem->acktime = atoi(ackvtimestr);
data/xymon-4.3.30/web/criticalview.c:402:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxprio = atoi(cwalk->value);
data/xymon-4.3.30/web/criticalview.c:407:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxage = 60*atoi(cwalk->value);
data/xymon-4.3.30/web/criticalview.c:417:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oldlimit = 60*atoi(cwalk->value);
data/xymon-4.3.30/web/criticalview.c:426:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
evcount = atoi(cwalk->value);
data/xymon-4.3.30/web/criticalview.c:468:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
critacklevel = atoi(p+1);
data/xymon-4.3.30/web/csvinfo.c:69:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
keycolumn = atoi(cwalk->value);
data/xymon-4.3.30/web/csvinfo.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbfn[PATH_MAX];
data/xymon-4.3.30/web/csvinfo.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *headers[MAXCOLUMNS];
data/xymon-4.3.30/web/csvinfo.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *items[MAXCOLUMNS];
data/xymon-4.3.30/web/csvinfo.c:127:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
db = fopen(dbfn, "r");
data/xymon-4.3.30/web/datepage.c:51:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi(cwalk->value);
data/xymon-4.3.30/web/datepage.c:54:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
month = atoi(cwalk->value);
data/xymon-4.3.30/web/datepage.c:57:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
day = atoi(cwalk->value);
data/xymon-4.3.30/web/datepage.c:60:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
week = atoi(cwalk->value);
data/xymon-4.3.30/web/datepage.c:167:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formfn[PATH_MAX];
data/xymon-4.3.30/web/enadis.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cgisource[1024]; char *p;
data/xymon-4.3.30/web/enadis.c:110:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
duration = atoi(pwalk->value);
data/xymon-4.3.30/web/enadis.c:119:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scale = atoi(pwalk->value);
data/xymon-4.3.30/web/enadis.c:175:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
schedtm.tm_year = atoi(pwalk->value) - 1900;
data/xymon-4.3.30/web/enadis.c:178:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
schedtm.tm_mon = atoi(pwalk->value) - 1;
data/xymon-4.3.30/web/enadis.c:181:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
schedtm.tm_mday = atoi(pwalk->value);
data/xymon-4.3.30/web/enadis.c:184:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
schedtm.tm_hour = atoi(pwalk->value);
data/xymon-4.3.30/web/enadis.c:187:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
schedtm.tm_min = atoi(pwalk->value);
data/xymon-4.3.30/web/enadis.c:192:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
endtm.tm_year = atoi(pwalk->value) - 1900;
data/xymon-4.3.30/web/enadis.c:195:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
endtm.tm_mon = atoi(pwalk->value) - 1;
data/xymon-4.3.30/web/enadis.c:198:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
endtm.tm_mday = atoi(pwalk->value);
data/xymon-4.3.30/web/enadis.c:201:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
endtm.tm_hour = atoi(pwalk->value);
data/xymon-4.3.30/web/enadis.c:204:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
endtm.tm_min = atoi(pwalk->value);
data/xymon-4.3.30/web/enadis.c:209:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cancelid = atoi(pwalk->value);
data/xymon-4.3.30/web/eventlog.c:66:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxcount = atoi(cwalk->value);
data/xymon-4.3.30/web/eventlog.c:69:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxminutes = atoi(cwalk->value);
data/xymon-4.3.30/web/eventlog.c:102:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (*(cwalk->value)) topcount = atoi(cwalk->value);
data/xymon-4.3.30/web/findhost.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char re_errstr[BUFSIZE];
data/xymon-4.3.30/web/ghostlist.c:45:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxage = atoi(cwalk->value);
data/xymon-4.3.30/web/ghostlist.c:197:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (timestr) tstamp = atol(timestr);
data/xymon-4.3.30/web/history.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *tagcolors[COL_COUNT] = {
data/xymon-4.3.30/web/history.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[20];
data/xymon-4.3.30/web/history.c:334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bgcols[2] = { "\"#000000\"", "\"#555555\"" };
data/xymon-4.3.30/web/history.c:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bgcols[2] = { "\"#000000\"", "\"#000033\"" };
data/xymon-4.3.30/web/history.c:469:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start[30];
data/xymon-4.3.30/web/history.c:621:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else entrycount = atoi(cwalk->value);
data/xymon-4.3.30/web/history.c:625:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pixels = atoi(cwalk->value);
data/xymon-4.3.30/web/history.c:629:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
req_endtime = atol(cwalk->value);
data/xymon-4.3.30/web/history.c:633:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
barsums = atoi(cwalk->value);
data/xymon-4.3.30/web/history.c:648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char histlogfn[PATH_MAX];
data/xymon-4.3.30/web/history.c:712:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(histlogfn, "r");
data/xymon-4.3.30/web/hostgraphs.c:89:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sday = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:92:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
smon = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:95:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
syear = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:98:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shour = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:101:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
smin = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:104:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ssec = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:107:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
eday = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:110:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
emon = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:113:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
eyear = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:116:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ehour = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:119:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
emin = atoi(cwalk->value);
data/xymon-4.3.30/web/hostgraphs.c:122:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
esec = atoi(cwalk->value);
data/xymon-4.3.30/web/notifications.c:54:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxcount = atoi(cwalk->value);
data/xymon-4.3.30/web/notifications.c:57:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxminutes = atoi(cwalk->value);
data/xymon-4.3.30/web/perfdata.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstamp[30];
data/xymon-4.3.30/web/perfdata.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rrdargs[10];
data/xymon-4.3.30/web/report.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *monthnames[13] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec", NULL };
data/xymon-4.3.30/web/report.c:72:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
startday = atoi(cwalk->value);
data/xymon-4.3.30/web/report.c:84:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
startyear = atoi(cwalk->value);
data/xymon-4.3.30/web/report.c:87:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
endday = atoi(cwalk->value);
data/xymon-4.3.30/web/report.c:99:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
endyear = atoi(cwalk->value);
data/xymon-4.3.30/web/report.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/web/report.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirid[PATH_MAX];
data/xymon-4.3.30/web/report.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xymongentimeopt[100];
data/xymon-4.3.30/web/report.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csvdelimopt[100];
data/xymon-4.3.30/web/report.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xymongen_argv[20];
data/xymon-4.3.30/web/report.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htmldelim[100];
data/xymon-4.3.30/web/report.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startstr[30], endstr[30];
data/xymon-4.3.30/web/report.c:317:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[4096];
data/xymon-4.3.30/web/reportlog.c:90:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
st = atol(cwalk->value);
data/xymon-4.3.30/web/reportlog.c:93:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atol(cwalk->value);
data/xymon-4.3.30/web/reportlog.c:104:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
use_recentgifs = atoi(cwalk->value);
data/xymon-4.3.30/web/reportlog.c:151:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(histlogfn, "r");
data/xymon-4.3.30/web/reportlog.c:165:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
textrep = fopen(textrepfullfn, "w");
data/xymon-4.3.30/web/showgraph.c:273:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
firstidx = atoi(cwalk->value) - 1;
data/xymon-4.3.30/web/showgraph.c:276:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idxcount = atoi(cwalk->value);
data/xymon-4.3.30/web/showgraph.c:287:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (cwalk->value) graphstart = atoi(cwalk->value);
data/xymon-4.3.30/web/showgraph.c:290:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (cwalk->value) graphend = atoi(cwalk->value);
data/xymon-4.3.30/web/showgraph.c:299:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (cwalk->value) graphwidth = atoi(cwalk->value);
data/xymon-4.3.30/web/showgraph.c:302:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (cwalk->value) graphheight = atoi(cwalk->value);
data/xymon-4.3.30/web/showgraph.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t1[15], t2[15];
data/xymon-4.3.30/web/showgraph.c:437:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024]; /* Must be static since it is returned to caller */
data/xymon-4.3.30/web/showgraph.c:451:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(metafn, "r");
data/xymon-4.3.30/web/showgraph.c:505:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outp, inp); strcat(outp, "\\:");
data/xymon-4.3.30/web/showgraph.c:593:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[10];
data/xymon-4.3.30/web/showgraph.c:622:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[10];
data/xymon-4.3.30/web/showgraph.c:713:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[40];
data/xymon-4.3.30/web/showgraph.c:805:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char heightopt[30]; /* -h HEIGHT */
data/xymon-4.3.30/web/showgraph.c:806:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char widthopt[30]; /* -w WIDTH */
data/xymon-4.3.30/web/showgraph.c:807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upperopt[30]; /* -u MAX */
data/xymon-4.3.30/web/showgraph.c:808:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loweropt[30]; /* -l MIN */
data/xymon-4.3.30/web/showgraph.c:809:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startopt[30]; /* -s STARTTIME */
data/xymon-4.3.30/web/showgraph.c:810:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endopt[30]; /* -e ENDTIME */
data/xymon-4.3.30/web/showgraph.c:811:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char graphtitle[1024]; /* --title TEXT */
data/xymon-4.3.30/web/showgraph.c:812:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[50]; /* COMMENT with timestamp graph was generated */
data/xymon-4.3.30/web/showgraph.c:826:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnam[PATH_MAX];
data/xymon-4.3.30/web/showgraph.c:894:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dnam[PATH_MAX];
data/xymon-4.3.30/web/showgraph.c:930:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char paramfmt[20];
data/xymon-4.3.30/web/showgraph.c:966:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[8192];
data/xymon-4.3.30/web/showgraph.c:975:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[8192];
data/xymon-4.3.30/web/showgraph.c:990:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char param[PATH_MAX];
data/xymon-4.3.30/web/showgraph.c:1197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expirehdr[100];
data/xymon-4.3.30/web/showgraph.c:1263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zoomjsfn[PATH_MAX];
data/xymon-4.3.30/web/showgraph.c:1274:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(zoomjsfn, "r");
data/xymon-4.3.30/web/showgraph.c:1284:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zoomrightoffsetp, "30", 2);
data/xymon-4.3.30/web/showgraph.c:1310:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
graphwidth = atoi(xgetenv("RRDWIDTH"));
data/xymon-4.3.30/web/showgraph.c:1311:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
graphheight = atoi(xgetenv("RRDHEIGHT"));
data/xymon-4.3.30/web/snapshot.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *monthnames[13] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec", NULL };
data/xymon-4.3.30/web/snapshot.c:60:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
day = atoi(cwalk->value);
data/xymon-4.3.30/web/snapshot.c:72:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi(cwalk->value);
data/xymon-4.3.30/web/snapshot.c:75:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hour = atoi(cwalk->value);
data/xymon-4.3.30/web/snapshot.c:78:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min = atoi(cwalk->value);
data/xymon-4.3.30/web/snapshot.c:81:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sec = atoi(cwalk->value);
data/xymon-4.3.30/web/snapshot.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/web/snapshot.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirid[100];
data/xymon-4.3.30/web/snapshot.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outdir[PATH_MAX];
data/xymon-4.3.30/web/snapshot.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xymongentimeopt[100];
data/xymon-4.3.30/web/snapshot.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xymongen_argv[20];
data/xymon-4.3.30/web/snapshot.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htmldelim[100];
data/xymon-4.3.30/web/snapshot.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startstr[20];
data/xymon-4.3.30/web/svcstatus-info.c:102:43: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) { tnames[testcount].distime = atol(tok); tok = gettok(NULL, "|"); }
data/xymon-4.3.30/web/svcstatus-info.c:105:46: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) { tnames[testcount].lastchange = atol(tok); }
data/xymon-4.3.30/web/svcstatus-info.c:148:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newitem->id = atoi(tok); tok = gettok(NULL, "|");
data/xymon-4.3.30/web/svcstatus-info.c:149:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) { newitem->when = (int)atoi(tok); tok = gettok(NULL, "|"); }
data/xymon-4.3.30/web/svcstatus-info.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yeartxt[25];
data/xymon-4.3.30/web/svcstatus-info.c:367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[1024];
data/xymon-4.3.30/web/svcstatus-info.c:413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[10];
data/xymon-4.3.30/web/svcstatus-info.c:470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[20];
data/xymon-4.3.30/web/svcstatus-info.c:534:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:556:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:575:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:594:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:612:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:647:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:669:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:707:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:725:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:774:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-info.c:854:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idstr[10];
data/xymon-4.3.30/web/svcstatus-info.c:917:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
alertinterval = 60*atoi(xgetenv("ALERTREPEAT"));
data/xymon-4.3.30/web/svcstatus-info.c:919:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char configfn[PATH_MAX];
data/xymon-4.3.30/web/svcstatus-info.c:971:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostip[IP_ADDR_STRLEN + 20];
data/xymon-4.3.30/web/svcstatus-info.c:975:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, *(hent->h_addr_list), sizeof(struct in_addr));
data/xymon-4.3.30/web/svcstatus-info.c:1050:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char istr[15];
data/xymon-4.3.30/web/svcstatus-trends.c:85:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[PATH_MAX];
data/xymon-4.3.30/web/svcstatus-trends.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostrrddir[PATH_MAX];
data/xymon-4.3.30/web/svcstatus.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errortxt[1000];
data/xymon-4.3.30/web/svcstatus.c:110:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
backsecs += atoi(cwalk->value);
data/xymon-4.3.30/web/svcstatus.c:113:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
backsecs += 60*atoi(cwalk->value);
data/xymon-4.3.30/web/svcstatus.c:116:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
backsecs += 60*60*atoi(cwalk->value);
data/xymon-4.3.30/web/svcstatus.c:119:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
backsecs += 24*60*60*atoi(cwalk->value);
data/xymon-4.3.30/web/svcstatus.c:132:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (getenv("TRENDSECONDS")) backsecs = atoi(getenv("TRENDSECONDS"));
data/xymon-4.3.30/web/svcstatus.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timesincechange[100];
data/xymon-4.3.30/web/svcstatus.c:214:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int d = atoi(xgetenv("XYMWEBREFRESH"));
data/xymon-4.3.30/web/svcstatus.c:271:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfn[PATH_MAX];
data/xymon-4.3.30/web/svcstatus.c:275:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(logfn, "r");
data/xymon-4.3.30/web/svcstatus.c:340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *items[25];
data/xymon-4.3.30/web/svcstatus.c:448:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
logage = getcurrenttime(NULL) - atoi(items[4]);
data/xymon-4.3.30/web/svcstatus.c:465:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
logtime = atoi(items[5]);
data/xymon-4.3.30/web/svcstatus.c:466:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (items[7] && strlen(items[7])) acktime = atoi(items[7]);
data/xymon-4.3.30/web/svcstatus.c:467:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (items[8] && strlen(items[8])) disabletime = atoi(items[8]);
data/xymon-4.3.30/web/svcstatus.c:482:46: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clntstamp = ((items[17] && *items[17]) ? atol(items[17]) : 0);
data/xymon-4.3.30/web/svcstatus.c:510:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastchange = atoi(chgs);
data/xymon-4.3.30/web/svcstatus.c:545:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfn[PATH_MAX];
data/xymon-4.3.30/web/svcstatus.c:575:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(logfn, "r");
data/xymon-4.3.30/web/svcstatus.c:662:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfn[PATH_MAX];
data/xymon-4.3.30/web/useradm.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cgisource[1024]; char *p;
data/xymon-4.3.30/web/useradm.c:215:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(passfile, "r");
data/xymon-4.3.30/web/useradm.c:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[1024];
data/xymon-4.3.30/web/xymonpage.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[8192];
data/xymon-4.3.30/xymond/client/aix.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/aix.c:82:63: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strncmp(realmemstr, "realmem ", 8) == 0) memphystotal = atol(realmemstr+8) / 1024L;
data/xymon-4.3.30/xymond/client/bbwin.c:26:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/bbwin.c:40:30: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uptimesecs = atol(p);
data/xymon-4.3.30/xymond/client/bbwin.c:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/bbwin.c:112:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
load1 = atol(p);
data/xymon-4.3.30/xymond/client/bbwin.c:166:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/bbwin.c:198:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clockval.tv_sec = atol(p);
data/xymon-4.3.30/xymond/client/bbwin.c:204:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clockval.tv_usec = atol(p);
data/xymon-4.3.30/xymond/client/bbwin.c:213:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) cachedelay = atoi(p+11);
data/xymon-4.3.30/xymond/client/bbwin.c:231:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "System clock is %ld seconds off\n", (long) clockdiff.tv_sec);
data/xymon-4.3.30/xymond/client/bbwin.c:267:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/bbwin.c:309:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/bbwin.c:382:78: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/bbwin.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/darwin.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/darwin.c:82:50: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) p = strchr(p, ':'); if (p) pagesfree = atol(p+1);
data/xymon-4.3.30/xymond/client/darwin.c:84:52: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) p = strchr(p, ':'); if (p) pagesactive = atol(p+1);
data/xymon-4.3.30/xymond/client/darwin.c:86:54: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) p = strchr(p, ':'); if (p) pagesinactive = atol(p+1);
data/xymon-4.3.30/xymond/client/darwin.c:88:55: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) p = strchr(p, ':'); if (p) pageswireddown = atol(p+1);
data/xymon-4.3.30/xymond/client/freebsd.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/freebsd.c:83:61: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Total:"); if (p) { memphystotal = atol(p+6); found++; }
data/xymon-4.3.30/xymond/client/freebsd.c:84:61: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Actual:"); if (p) memphysactual = atol(p+7);
data/xymon-4.3.30/xymond/client/freebsd.c:90:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memphysfree = atol(p + 19)/1024;
data/xymon-4.3.30/xymond/client/freebsd.c:96:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memphysfree = atol(p + 13)/1024;
data/xymon-4.3.30/xymond/client/freebsd.c:104:61: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Free:"); if (p) { memphysfree = atol(p+5); found++; }
data/xymon-4.3.30/xymond/client/generic.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/hpux.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/hpux.c:85:60: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(memorystr, "Total:"); if (p) { memphystotal = atol(p+6); found++; }
data/xymon-4.3.30/xymond/client/hpux.c:86:60: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(memorystr, "Free:"); if (p) { memphysfree = atol(p+5); found++; }
data/xymon-4.3.30/xymond/client/irix.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/irix.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[20];
data/xymon-4.3.30/xymond/client/irix.c:93:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memphystotal = atol(w);
data/xymon-4.3.30/xymond/client/irix.c:97:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memactfree = atol(w);
data/xymon-4.3.30/xymond/client/irix.c:103:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memphysfree = atol(w);
data/xymon-4.3.30/xymond/client/irix.c:109:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memswaptotal = atol(w);
data/xymon-4.3.30/xymond/client/irix.c:113:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memswapfree = atol(w);
data/xymon-4.3.30/xymond/client/linux.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/linux.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymond/client/linux.c:208:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mdactive = atoi(p+1);
data/xymon-4.3.30/xymond/client/linux.c:210:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mddevices = atoi(p);
data/xymon-4.3.30/xymond/client/mqcollect.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymond/client/mqcollect.c:26:65: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (groups) sprintf(msgline, "status/group:%s ", groups); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/mqcollect.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024], msgline[1024];
data/xymon-4.3.30/xymond/client/mqcollect.c:183:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qlen = atoi(tok+9);
data/xymon-4.3.30/xymond/client/mqcollect.c:186:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (isdigit(*(tok+7))) qage = atoi(tok+7);
data/xymon-4.3.30/xymond/client/netbsd.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/netbsd.c:80:61: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Total:"); if (p) { memphystotal = atol(p+6); found++; }
data/xymon-4.3.30/xymond/client/netbsd.c:81:61: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Free:"); if (p) { memphysfree = atol(p+5); found++; }
data/xymon-4.3.30/xymond/client/netbsd.c:83:65: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Swaptotal:"); if (p) { memswaptotal = atol(p+10); found++; }
data/xymon-4.3.30/xymond/client/netbsd.c:84:65: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Swapused:"); if (p) { memswapused = atol(p+9); found++; }
data/xymon-4.3.30/xymond/client/openbsd.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/openbsd.c:82:61: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Total:"); if (p) { memphystotal = atol(p+6); found++; }
data/xymon-4.3.30/xymond/client/openbsd.c:83:61: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Free:"); if (p) { memphysfree = atol(p+5); found++; }
data/xymon-4.3.30/xymond/client/openbsd.c:85:65: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Swaptotal:"); if (p) { memswaptotal = atol(p+10); found++; }
data/xymon-4.3.30/xymond/client/openbsd.c:86:65: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = strstr(meminfostr, "Swapused:"); if (p) { memswapused = atol(p+9); found++; }
data/xymon-4.3.30/xymond/client/osf.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/osf.c:94:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
phystotal = atol(p+1);
data/xymon-4.3.30/xymond/client/osf.c:100:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pagecnt = atol(bol+1);
data/xymon-4.3.30/xymond/client/osf.c:111:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
physfree = atol(p+1) * pagesize / 1024;
data/xymon-4.3.30/xymond/client/sco_sv.c:36:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/sco_sv.c:80:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memphystotal = (atol(memsizestr) / 1048576);
data/xymon-4.3.30/xymond/client/snmpcollect.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024], msgline[1024];
data/xymon-4.3.30/xymond/client/snmpcollect.c:84:66: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (groups) sprintf(msgline, "status/group:%s ", groups); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/solaris.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/solaris.c:117:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) blktotal += atol(p);
data/xymon-4.3.30/xymond/client/solaris.c:120:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) blkfree += atol(p);
data/xymon-4.3.30/xymond/client/solaris.c:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymond/client/zos.c:25:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loadresult[100];
data/xymon-4.3.30/xymond/client/zos.c:26:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myupstr[100];
data/xymon-4.3.30/xymond/client/zos.c:32:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zos.c:59:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(loadresult, "z/OS CPU Utilization %3.0f%%\n", load1);
data/xymon-4.3.30/xymond/client/zos.c:112:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagingresult[100];
data/xymon-4.3.30/xymond/client/zos.c:115:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zos.c:130:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pagingresult, "z/OS Paging Rate %d per second\n", ipagerate);
data/xymon-4.3.30/xymond/client/zos.c:170:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headstr[100], csastr[100], ecsastr[100], sqastr[100], esqastr[100];
data/xymon-4.3.30/xymond/client/zos.c:177:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zos.c:252:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(headstr, "z/OS Memory Map\n Area Alloc Used HWM Util%\n");
data/xymon-4.3.30/xymond/client/zos.c:253:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(csastr, "CSA %8ld %8ld %8ld %3.1f\n", csaalloc, csaused, csahwm, csautil);
data/xymon-4.3.30/xymond/client/zos.c:254:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ecsastr, "ECSA %8ld %8ld %8ld %3.1f\n", ecsaalloc, ecsaused, ecsahwm, ecsautil);
data/xymon-4.3.30/xymond/client/zos.c:255:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sqastr, "SQA %8ld %8ld %8ld %3.1f\n", sqaalloc, sqaused, sqahwm, sqautil);
data/xymon-4.3.30/xymond/client/zos.c:256:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(esqastr, "ESQA %8ld %8ld %8ld %3.1f\n", esqaalloc, esqaused, esqahwm, esqautil);
data/xymon-4.3.30/xymond/client/zos.c:278:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cicsappl[9], cicsdate[11], cicstime[9];
data/xymon-4.3.30/xymond/client/zos.c:282:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cicsresult[100];
data/xymon-4.3.30/xymond/client/zos.c:283:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempresult[100];
data/xymon-4.3.30/xymond/client/zos.c:288:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zos.c:393:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zos.c:447:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limtxt[1024];
data/xymon-4.3.30/xymond/client/zos.c:450:47: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "%d or more", pmin);
data/xymon-4.3.30/xymond/client/zos.c:451:53: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "none");
data/xymon-4.3.30/xymond/client/zos.c:454:47: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "between %d and %d", pmin, pmax);
data/xymon-4.3.30/xymond/client/zos.c:455:53: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "at most %d", pmax);
data/xymon-4.3.30/xymond/client/zos.c:481:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "&yellow Expected string not found in ps output header\n");
data/xymon-4.3.30/xymond/client/zos.c:489:70: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/zos.c:540:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maxustr[256];
data/xymon-4.3.30/xymond/client/zos.c:546:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zos.c:602:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(maxustr, " Maxuser: %8ld Free: %8ld Used: %8ld %3.1f\nRSVTSTRT: %8ld Free: %8ld Used: %8ld %3.1f\n RSVNONR: %8ld Free: %8ld Used: %8ld %3.1f\n",maxusers,maxufree,maxuused,maxutil,rsvtstrt,rsvtfree,rsvtused,rsvtutil,rsvnonr,rsvnfree,rsvnused,rsvnutil);
data/xymon-4.3.30/xymond/client/zos.c:637:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/zvm.c:24:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loadresult[100];
data/xymon-4.3.30/xymond/client/zvm.c:25:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myupstr[100];
data/xymon-4.3.30/xymond/client/zvm.c:31:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymond/client/zvm.c:58:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(loadresult, "z/VM CPU Utilization %3.0f%%\n", load1);
data/xymon-4.3.30/xymond/client/zvm.c:110:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagingresult[100];
data/xymon-4.3.30/xymond/client/zvm.c:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[256];
data/xymon-4.3.30/xymond/client/zvm.c:125:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pagingresult, "z/VM Paging Rate %d per second\n", pagerate);
data/xymon-4.3.30/xymond/client/zvm.c:164:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mdcresult[100];
data/xymon-4.3.30/xymond/client/zvm.c:166:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[256];
data/xymon-4.3.30/xymond/client/zvm.c:203:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zvm.c:257:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limtxt[1024];
data/xymon-4.3.30/xymond/client/zvm.c:260:47: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "%d or more", pmin);
data/xymon-4.3.30/xymond/client/zvm.c:261:53: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "none");
data/xymon-4.3.30/xymond/client/zvm.c:264:47: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "between %d and %d", pmin, pmax);
data/xymon-4.3.30/xymond/client/zvm.c:265:53: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "at most %d", pmax);
data/xymon-4.3.30/xymond/client/zvm.c:291:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "&yellow Expected string not found in ps output header\n");
data/xymon-4.3.30/xymond/client/zvm.c:299:70: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/zvm.c:320:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmpstr, *tok, *nm[4];
data/xymon-4.3.30/xymond/client/zvm.c:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client/zvse.c:24:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loadresult[100];
data/xymon-4.3.30/xymond/client/zvse.c:25:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myupstr[100];
data/xymon-4.3.30/xymond/client/zvse.c:31:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zvse.c:58:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(loadresult, "z/VSE CPU Utilization %3.0f%%\n", load1);
data/xymon-4.3.30/xymond/client/zvse.c:111:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagingresult[100];
data/xymon-4.3.30/xymond/client/zvse.c:114:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zvse.c:129:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pagingresult, "z/VSE Paging Rate %d per second\n", ipagerate);
data/xymon-4.3.30/xymond/client/zvse.c:168:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cicsappl[9], cicsdate[11], cicstime[9];
data/xymon-4.3.30/xymond/client/zvse.c:172:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cicsresult[100];
data/xymon-4.3.30/xymond/client/zvse.c:173:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempresult[100];
data/xymon-4.3.30/xymond/client/zvse.c:178:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zvse.c:283:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zvse.c:337:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limtxt[1024];
data/xymon-4.3.30/xymond/client/zvse.c:340:47: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "%d or more", pmin);
data/xymon-4.3.30/xymond/client/zvse.c:341:53: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "none");
data/xymon-4.3.30/xymond/client/zvse.c:344:47: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "between %d and %d", pmin, pmax);
data/xymon-4.3.30/xymond/client/zvse.c:345:53: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "at most %d", pmax);
data/xymon-4.3.30/xymond/client/zvse.c:371:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "&yellow Expected string not found in ps output header\n");
data/xymon-4.3.30/xymond/client/zvse.c:379:70: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/client/zvse.c:433:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memorystr[1024];
data/xymon-4.3.30/xymond/client/zvse.c:438:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zvse.c:455:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(memorystr, "z/VSE VSIZE Utilization %3.1f%%\nMemory Allocated %ldK, Memory Available %ldK\n", pctused, totmem, availmem);
data/xymon-4.3.30/xymond/client/zvse.c:495:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jinfo[11], pid[4], jobname[9];
data/xymon-4.3.30/xymond/client/zvse.c:498:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempresult[128];
data/xymon-4.3.30/xymond/client/zvse.c:499:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getvisresult[128];
data/xymon-4.3.30/xymond/client/zvse.c:501:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zvse.c:540:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(jobname, "- "); /* Jobname placeholder */
data/xymon-4.3.30/xymond/client/zvse.c:608:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char npdispstr[256];
data/xymon-4.3.30/xymond/client/zvse.c:614:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/client/zvse.c:648:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(npdispstr, "Nparts: %8ld Free: %8ld Used: %8ld %3.1f\n",nparts,partsavail,runparts,partutil);
data/xymon-4.3.30/xymond/client/zvse.c:683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromline[1024];
data/xymon-4.3.30/xymond/client_config.c:309:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result = (off_t) atol(s);
data/xymon-4.3.30/xymond/client_config.c:533:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymond/client_config.c:731:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.clock.maxdiff = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:765:36: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.disk.warnlevel = atol(tok);
data/xymon-4.3.30/xymond/client_config.c:774:37: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.disk.paniclevel = atol(tok);
data/xymon-4.3.30/xymond/client_config.c:783:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.disk.dmin = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:785:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.disk.dmax = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:809:37: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.inode.warnlevel = atol(tok);
data/xymon-4.3.30/xymond/client_config.c:818:38: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.inode.paniclevel = atol(tok);
data/xymon-4.3.30/xymond/client_config.c:827:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.inode.imin = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:829:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.inode.imax = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:841:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mem.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:843:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mem.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:852:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mem.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:854:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mem.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:863:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mem.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:865:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mem.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:874:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zos_mem.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:876:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zos_mem.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:885:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zos_mem.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:887:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zos_mem.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:896:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zos_mem.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:898:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zos_mem.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:907:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zos_mem.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:909:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zos_mem.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:924:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.cics.dsawarnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:926:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.cics.dsapaniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:930:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.cics.edsawarnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:932:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.cics.edsapaniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:938:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.cics.dsawarnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:940:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.cics.dsapaniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:944:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.cics.edsawarnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:946:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.cics.edsapaniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:970:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.proc.pmin = atoi(tok+4);
data/xymon-4.3.30/xymond/client_config.c:973:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.proc.pmax = atoi(tok+4);
data/xymon-4.3.30/xymond/client_config.c:987:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.proc.pmin = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:991:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.proc.pmax = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1093:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.minlinks = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1097:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.maxlinks = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1101:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.eqllinks = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1143:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.minmtimedif = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1147:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.maxmtimedif = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1151:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.mtimeeql = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1155:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.minctimedif = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1159:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.maxctimedif = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1163:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.ctimeeql = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1167:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.minatimedif = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1171:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.maxatimedif = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1175:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.fcheck.atimeeql = atol(tok+6);
data/xymon-4.3.30/xymond/client_config.c:1230:38: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.dcheck.maxsize = atol(tok+5);
data/xymon-4.3.30/xymond/client_config.c:1234:38: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.dcheck.minsize = atol(tok+5);
data/xymon-4.3.30/xymond/client_config.c:1282:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.port.pmin = atoi(tok+4);
data/xymon-4.3.30/xymond/client_config.c:1285:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.port.pmax = atoi(tok+4);
data/xymon-4.3.30/xymond/client_config.c:1311:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.paging.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1314:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.paging.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1327:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zvse_getvis.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1329:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zvse_getvis.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1332:74: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zvse_getvis.anywarnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1334:75: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zvse_getvis.anypaniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1342:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zvse_vsize.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1344:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.zvse_vsize.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1354:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.asid.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1357:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.asid.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1367:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.asid.warnlevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1370:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.asid.paniclevel = atoi(tok);
data/xymon-4.3.30/xymond/client_config.c:1426:37: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mibval.maxval = atol(tok+4);
data/xymon-4.3.30/xymond/client_config.c:1430:37: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mibval.minval = atol(tok+4);
data/xymon-4.3.30/xymond/client_config.c:1538:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mqqueue.warnlen = atol(tok+14);
data/xymon-4.3.30/xymond/client_config.c:1541:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mqqueue.critlen = atol(tok+15);
data/xymon-4.3.30/xymond/client_config.c:1544:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mqqueue.warnage = atol(tok+12);
data/xymon-4.3.30/xymond/client_config.c:1547:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
currule->rule.mqqueue.critage = atol(tok+13);
data/xymon-4.3.30/xymond/client_config.c:2468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[MAX_LINE_LEN];
data/xymon-4.3.30/xymond/client_config.c:2481:59: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dval = delimp + 1; dval += strspn(dval, " ="); actval = atol(dval);
data/xymon-4.3.30/xymond/client_config.c:2563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[PATH_MAX];
data/xymon-4.3.30/xymond/client_config.c:2638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[PATH_MAX];
data/xymon-4.3.30/xymond/client_config.c:2678:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
linkcount = atoi(boln+6);
data/xymon-4.3.30/xymond/client_config.c:2681:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ownerid = atoi(boln+6);
data/xymon-4.3.30/xymond/client_config.c:2690:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
groupid = atoi(boln+6);
data/xymon-4.3.30/xymond/client_config.c:2702:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clock = atoi(boln+6);
data/xymon-4.3.30/xymond/client_config.c:2705:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atime = atoi(boln+6);
data/xymon-4.3.30/xymond/client_config.c:2708:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctime = atoi(boln+6);
data/xymon-4.3.30/xymond/client_config.c:2711:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mtime = atoi(boln+6);
data/xymon-4.3.30/xymond/client_config.c:2782:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File is mode %03o - should be %03o\n",
data/xymon-4.3.30/xymond/client_config.c:2791:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File has size %lld - should be >%lld\n",
data/xymon-4.3.30/xymond/client_config.c:2794:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File has size %ld - should be >%ld\n",
data/xymon-4.3.30/xymond/client_config.c:2804:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File has size %lld - should be <%lld\n",
data/xymon-4.3.30/xymond/client_config.c:2807:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File has size %ld - should be <%ld\n",
data/xymon-4.3.30/xymond/client_config.c:2817:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File has size %lld - should be %lld\n",
data/xymon-4.3.30/xymond/client_config.c:2820:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File has size %ld - should be %ld\n",
data/xymon-4.3.30/xymond/client_config.c:2829:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File has linkcount %u - should be >%u\n",
data/xymon-4.3.30/xymond/client_config.c:2837:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File has linkcount %u - should be <%u\n",
data/xymon-4.3.30/xymond/client_config.c:2845:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File is owned by user %u - should be %u\n",
data/xymon-4.3.30/xymond/client_config.c:2862:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File is owned by group %u - should be %u\n",
data/xymon-4.3.30/xymond/client_config.c:2879:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File status changed %u seconds ago - should be >%u\n",
data/xymon-4.3.30/xymond/client_config.c:2887:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File status changed %u seconds ago - should be <%u\n",
data/xymon-4.3.30/xymond/client_config.c:2895:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File was modified %u seconds ago - should be >%u\n",
data/xymon-4.3.30/xymond/client_config.c:2903:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File was modified %u seconds ago - should be <%u\n",
data/xymon-4.3.30/xymond/client_config.c:2911:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File was accessed %u seconds ago - should be >%u\n",
data/xymon-4.3.30/xymond/client_config.c:2919:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "File was accessed %u seconds ago - should be <%u\n",
data/xymon-4.3.30/xymond/client_config.c:3010:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[PATH_MAX];
data/xymon-4.3.30/xymond/client_config.c:3031:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sz = atol(boln);
data/xymon-4.3.30/xymond/client_config.c:3057:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "Directory has size %lu - should be <%lu\n",
data/xymon-4.3.30/xymond/client_config.c:3065:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "Directory has size %lu - should be >%lu\n",
data/xymon-4.3.30/xymond/client_config.c:3085:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymond/client_config.c:3139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[100];
data/xymon-4.3.30/xymond/client_config.c:3141:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fmt, "&N=&V (");
data/xymon-4.3.30/xymond/client_config.c:3142:36: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (rule->flags & RRDDSCHK_GT) strcat(fmt, " > &L");
data/xymon-4.3.30/xymond/client_config.c:3143:41: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (rule->flags & RRDDSCHK_GE) strcat(fmt, " >= &L");
data/xymon-4.3.30/xymond/client_config.c:3144:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fmt, " and");
data/xymon-4.3.30/xymond/client_config.c:3145:36: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (rule->flags & RRDDSCHK_LT) strcat(fmt, " < &U)");
data/xymon-4.3.30/xymond/client_config.c:3146:41: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else if (rule->flags & RRDDSCHK_LE) strcat(fmt, " <= &U)");
data/xymon-4.3.30/xymond/client_config.c:3194:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'L': sprintf(msgline, "%.2f", rule->rule.rrdds.limitval);
data/xymon-4.3.30/xymond/client_config.c:3199:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 'U': sprintf(msgline, "%.2f", (rule->flags & RRDDSCHK_INTVL) ? rule->rule.rrdds.limitval2 : rule->rule.rrdds.limitval);
data/xymon-4.3.30/xymond/combostatus.c:212:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*errptr += sprintf(*errptr, "Could not access xymond board, error %d\n", xymondresult);
data/xymon-4.3.30/xymond/combostatus.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtext[1024];
data/xymon-4.3.30/xymond/combostatus.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr[MAX_LINE_LEN];
data/xymon-4.3.30/xymond/combostatus.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[MAX_LINE_LEN];
data/xymon-4.3.30/xymond/combostatus.c:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtext[1024];
data/xymon-4.3.30/xymond/combostatus.c:323:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outp, "%ld", oneval);
data/xymon-4.3.30/xymond/combostatus.c:370:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[MAX_LINE_LEN];
data/xymon-4.3.30/xymond/combostatus.c:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outp, inp, n);
data/xymon-4.3.30/xymond/combostatus.c:390:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, " OR "); outp += 4;
data/xymon-4.3.30/xymond/combostatus.c:393:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, " bOR "); outp += 5;
data/xymon-4.3.30/xymond/combostatus.c:400:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, " AND "); outp += 5;
data/xymon-4.3.30/xymond/combostatus.c:403:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, " bAND "); outp += 6;
data/xymon-4.3.30/xymond/combostatus.c:439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[MAX_LINE_LEN];
data/xymon-4.3.30/xymond/combostatus.c:453:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "%ld\n", t->result);
data/xymon-4.3.30/xymond/do_alert.c:57:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[33];
data/xymon-4.3.30/xymond/do_alert.c:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[16];
data/xymon-4.3.30/xymond/do_alert.c:71:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
for (i=0, j=0; (i < 16); i++, j+=2) sprintf(result+j, "%02x", id[i]);
data/xymon-4.3.30/xymond/do_alert.c:101:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(p+1);
data/xymon-4.3.30/xymond/do_alert.c:188:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char subj[250];
data/xymon-4.3.30/xymond/do_alert.c:189:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *sevtxt[COL_COUNT] = {
data/xymon-4.3.30/xymond/do_alert.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[4096];
data/xymon-4.3.30/xymond/do_alert.c:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *alerttxt[A_DEAD+1] = { "Paging", "Norecip", "Acked", "Recovered", "Disabled", "Notify", "Dead" };
data/xymon-4.3.30/xymond/do_alert.c:389:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_alertmsg_scripts = atoi(xgetenv("MAXMSG_ALERTSCRIPT")) + len;
data/xymon-4.3.30/xymond/do_alert.c:451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[32768];
data/xymon-4.3.30/xymond/do_alert.c:473:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "mail ");
data/xymon-4.3.30/xymond/do_alert.c:528:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cfidtxt, "CFID=%d", recip->cfid);
data/xymon-4.3.30/xymond/do_alert.c:535:124: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
errprintf("Truncated large alert message from %d bytes; consider increasing MAXMSG_ALERTSCRIPT above %d\n", msglen, atoi(xgetenv("MAXMSG_ALERTSCRIPT")));
data/xymon-4.3.30/xymond/do_alert.c:542:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ackcode, "ACKCODE=%d", alert->cookie);
data/xymon-4.3.30/xymond/do_alert.c:563:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "BBNUMERIC=");
data/xymon-4.3.30/xymond/do_alert.c:564:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%03d", servicecode(alert->testname));
data/xymon-4.3.30/xymond/do_alert.c:566:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%03d%03d%03d%03d", ip1, ip2, ip3, ip4);
data/xymon-4.3.30/xymond/do_alert.c:567:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d", alert->cookie);
data/xymon-4.3.30/xymond/do_alert.c:571:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(machip, "MACHIP=%03d%03d%03d%03d", ip1, ip2, ip3, ip4);
data/xymon-4.3.30/xymond/do_alert.c:579:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bbsvcnum, "BBSVCNUM=%d", servicecode(alert->testname));
data/xymon-4.3.30/xymond/do_alert.c:589:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(recovered, "RECOVERED=1");
data/xymon-4.3.30/xymond/do_alert.c:592:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(recovered, "RECOVERED=2");
data/xymon-4.3.30/xymond/do_alert.c:595:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(recovered, "RECOVERED=0");
data/xymon-4.3.30/xymond/do_alert.c:601:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(downsecs, "DOWNSECS=%ld", (long)(getcurrenttime(NULL) - alert->eventstart));
data/xymon-4.3.30/xymond/do_alert.c:605:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(eventtstamp, "EVENTSTART=%ld", (long)alert->eventstart);
data/xymon-4.3.30/xymond/do_alert.c:610:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(downsecsmsg, "DOWNSECSMSG=Event duration : %ld", (long)(getcurrenttime(NULL) - alert->eventstart));
data/xymon-4.3.30/xymond/do_alert.c:815:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen(filename, "w");
data/xymon-4.3.30/xymond/do_alert.c:827:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen(filename, "r");
data/xymon-4.3.30/xymond/do_alert.c:843:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(STRBUF(inbuf)) > getcurrenttime(NULL)) {
data/xymon-4.3.30/xymond/do_alert.c:864:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newrpt->nextalert = atoi(STRBUF(inbuf));
data/xymon-4.3.30/xymond/do_rrd.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rrdvalues[MAX_LINE_LEN];
data/xymon-4.3.30/xymond/do_rrd.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rrdfn[PATH_MAX]; /* Base filename without directories, from setupfn() */
data/xymon-4.3.30/xymond/do_rrd.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filedir[PATH_MAX]; /* Full path filename */
data/xymon-4.3.30/xymond/do_rrd.c:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *fnparams[4] = { NULL, }; /* Saved parameters passed to setupfn() */
data/xymon-4.3.30/xymond/do_rrd.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vals[CACHESZ];
data/xymon-4.3.30/xymond/do_rrd.c:124:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/xymon-4.3.30/xymond/do_rrd.c:219:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *updparams[5+CACHESZ+1] = { "rrdupdate", filedir, "-t", NULL, NULL, NULL, };
data/xymon-4.3.30/xymond/do_rrd.c:336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stepsetting[10];
data/xymon-4.3.30/xymond/do_rrd.c:349:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stepsetting, "%d", pollinterval);
data/xymon-4.3.30/xymond/do_rrd.c:393:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
updtime = atoi(rrdvalues);
data/xymon-4.3.30/xymond/rrd/do_apache.c:32:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if ((p = strstr(msg, "BusyServers:")) != NULL) memcpy(p, "BusyWorkers:", strlen("BusyWorkers:"));
data/xymon-4.3.30/xymond/rrd/do_apache.c:33:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if ((p = strstr(msg, "IdleServers:")) != NULL) memcpy(p, "IdleWorkers:", strlen("IdleWorkers:"));
data/xymon-4.3.30/xymond/rrd/do_cics.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cicsappl[9], rrdfn[20];
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:92:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rrdvalues, "%d:%05.2f:%05.2f:%05.2f:%05.2f:%05.2f:%05.2f:%05.2f:%05.2f:%05.2f:%05.2f",
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:130:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rrdvalues, "%d:%ld:%ld:%05.2f:%ld:%ld:%05.2f",
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:166:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rrdvalues, "%d:%05.2f", (int) tstamp, pct);
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:267:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *columns[20];
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:294:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pused = atoi(columns[4]);
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:332:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(diskname, ",root");
data/xymon-4.3.30/xymond/rrd/do_devmon.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *devmon_params[MAXCOLS+7] = { NULL, };
data/xymon-4.3.30/xymond/rrd/do_devmon.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *columns[MAXCOLS];
data/xymon-4.3.30/xymond/rrd/do_disk.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *columns[20];
data/xymon-4.3.30/xymond/rrd/do_disk.c:114:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pused = atoi(columns[5]);
data/xymon-4.3.30/xymond/rrd/do_disk.c:131:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pused = atoi(columns[columncount-1]);
data/xymon-4.3.30/xymond/rrd/do_disk.c:139:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pused = atoi(columns[4]);
data/xymon-4.3.30/xymond/rrd/do_disk.c:145:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pused = atoi(columns[4]);
data/xymon-4.3.30/xymond/rrd/do_disk.c:150:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pused = atoi(columns[5]);
data/xymon-4.3.30/xymond/rrd/do_disk.c:161:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pused = atoi(columns[7]);
data/xymon-4.3.30/xymond/rrd/do_disk.c:203:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(diskname, ",root");
data/xymon-4.3.30/xymond/rrd/do_external.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymond/rrd/do_external.c:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extcmd[2*PATH_MAX];
data/xymon-4.3.30/xymond/rrd/do_external.c:37:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "w");
data/xymon-4.3.30/xymond/rrd/do_fd_lib.c:34:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value=atol(r);
data/xymon-4.3.30/xymond/rrd/do_fd_lib.c:63:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value=atol(++r);
data/xymon-4.3.30/xymond/rrd/do_fd_lib.c:107:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (r) value=atoi(++r);
data/xymon-4.3.30/xymond/rrd/do_getvis.c:22:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid[4], jnm[9];
data/xymon-4.3.30/xymond/rrd/do_ifmib.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *values[sizeof(ifmib_valnames)/sizeof(ifmib_valnames[0])];
data/xymon-4.3.30/xymond/rrd/do_ifmib.c:116:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pollinterval = atoi(bol+9);
data/xymon-4.3.30/xymond/rrd/do_iishealth.c:37:67: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(rrdvalues, sizeof(rrdvalues), "%d:%lu", (int)tstamp, atol(tok));
data/xymon-4.3.30/xymond/rrd/do_iishealth.c:45:67: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(rrdvalues, sizeof(rrdvalues), "%d:%lu", (int)tstamp, atol(tok));
data/xymon-4.3.30/xymond/rrd/do_iishealth.c:53:67: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(rrdvalues, sizeof(rrdvalues), "%d:%lu", (int)tstamp, atol(tok));
data/xymon-4.3.30/xymond/rrd/do_iostat.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *elems[12];
data/xymon-4.3.30/xymond/rrd/do_iostat.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[MAX_LINE_LEN];
data/xymon-4.3.30/xymond/rrd/do_la.c:53:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
load = atoi(p);
data/xymon-4.3.30/xymond/rrd/do_la.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[100];
data/xymon-4.3.30/xymond/rrd/do_la.c:85:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
load = atoi(w); gotload = 1;
data/xymon-4.3.30/xymond/rrd/do_la.c:122:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
load = atoi(p);
data/xymon-4.3.30/xymond/rrd/do_la.c:126:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
load = 100*atoi(p);
data/xymon-4.3.30/xymond/rrd/do_la.c:129:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
load += atoi(p+1);
data/xymon-4.3.30/xymond/rrd/do_la.c:133:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
load = atoi(p);
data/xymon-4.3.30/xymond/rrd/do_la.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[100];
data/xymon-4.3.30/xymond/rrd/do_la.c:159:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
users = atoi(w); gotusers = 1;
data/xymon-4.3.30/xymond/rrd/do_la.c:164:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
load = atoi(w); gotload = 1;
data/xymon-4.3.30/xymond/rrd/do_la.c:183:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
load = atoi(p+1);
data/xymon-4.3.30/xymond/rrd/do_mailq.c:46:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = outqueue + strcspn(outqueue, "0123456789"); outq = atoi(p);
data/xymon-4.3.30/xymond/rrd/do_mailq.c:47:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = inqueue + strcspn(inqueue, "0123456789"); inq = atoi(p);
data/xymon-4.3.30/xymond/rrd/do_mailq.c:72:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mailq = atoi(valptr);
data/xymon-4.3.30/xymond/rrd/do_memory.c:33:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(p+1);
data/xymon-4.3.30/xymond/rrd/do_memory.c:229:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(p+1);
data/xymon-4.3.30/xymond/rrd/do_memory.c:240:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(p+1);
data/xymon-4.3.30/xymond/rrd/do_memory.c:251:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(p+1);
data/xymon-4.3.30/xymond/rrd/do_ncv.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dsdef[1024]; /* destination DS syntax for rrd engine */
data/xymon-4.3.30/xymond/rrd/do_ncv.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dsname[250]; /* name of ncv in status message (with space and all) */
data/xymon-4.3.30/xymond/rrd/do_ncv.c:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dskey[252]; /* name of final DS key (stripped) */
data/xymon-4.3.30/xymond/rrd/do_ncv.c:185:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dskey, ",*:");
data/xymon-4.3.30/xymond/rrd/do_ncv.c:205:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dsdef, "DS:lambda:DERIVE:600:U:U");
data/xymon-4.3.30/xymond/rrd/do_net.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dataforntpstat[100];
data/xymon-4.3.30/xymond/rrd/do_net.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offsetbuf[40];
data/xymon-4.3.30/xymond/rrd/do_netapp.c:193:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *columns[5];
data/xymon-4.3.30/xymond/rrd/do_netapp.c:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *columns[30];
data/xymon-4.3.30/xymond/rrd/do_netapp.c:533:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *columns[20];
data/xymon-4.3.30/xymond/rrd/do_netapp.c:579:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pused = atoi(columns[4+snapreserve]);
data/xymon-4.3.30/xymond/rrd/do_netapp.c:617:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(diskname, ",root");
data/xymon-4.3.30/xymond/rrd/do_netstat.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char udpstr[20];
data/xymon-4.3.30/xymond/rrd/do_netstat.c:111:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (udperr1) { udperrs = atol(udperr1); udperrtotal += udperrs; xfree(udperr1); }
data/xymon-4.3.30/xymond/rrd/do_netstat.c:112:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (udperr2) { udperrs = atol(udperr2); udperrtotal += udperrs; xfree(udperr2); }
data/xymon-4.3.30/xymond/rrd/do_netstat.c:113:27: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (udperr3) { udperrs = atol(udperr3); udperrtotal += udperrs; xfree(udperr3); }
data/xymon-4.3.30/xymond/rrd/do_netstat.c:114:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(udpstr, "%ld", udperrtotal); udperrors = strdup(udpstr);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:391:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*outp = ':'; outp++; memcpy(outp, ln, numlen); outp += numlen; *outp = '\0';
data/xymon-4.3.30/xymond/rrd/do_netstat.c:397:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!gotval) outp += sprintf(outp, ":U");
data/xymon-4.3.30/xymond/rrd/do_netstat.c:420:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*outp = ':'; outp++; memcpy(outp, ln, numlen); outp += numlen; *outp = '\0';
data/xymon-4.3.30/xymond/rrd/do_netstat.c:425:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!gotval) outp += sprintf(outp, ":U");
data/xymon-4.3.30/xymond/rrd/do_netstat.c:481:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outp = rrdvalues + sprintf(rrdvalues, "%d", (int)tstamp);
data/xymon-4.3.30/xymond/rrd/do_sendmail.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailer[1024];
data/xymon-4.3.30/xymond/rrd/do_snmpmib.c:147:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*pollinterval = atoi(bol+9);
data/xymon-4.3.30/xymond/rrd/do_snmpmib.c:201:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (intvl) pollinterval = atoi(intvl+9);
data/xymon-4.3.30/xymond/rrd/do_temperature.c:100:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpC = atoi(p);
data/xymon-4.3.30/xymond/rrd/do_vmstat.c:386:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
values[datacount++] = atoi(p);
data/xymon-4.3.30/xymond/rrd/do_vmstat.c:473:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
creparams[defidx] = (char *)malloc(strlen(layout[defidx].name) + strlen("DS::GAUGE:600:0:U") + 1);
data/xymon-4.3.30/xymond/rrd/do_xymond.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstr[50];
data/xymon-4.3.30/xymond/rrd/do_xymond.c:92:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat(rrdvalues, ":U");
data/xymon-4.3.30/xymond/rrd/do_xymond.c:94:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat(rrdvalues, ":U");
data/xymon-4.3.30/xymond/rrd/do_xymongen.c:100:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*valptr = atoi(p+1);
data/xymon-4.3.30/xymond/rrdcachectl.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xymon-4.3.30/xymond/trimhistory.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xymon-4.3.30/xymond/trimhistory.c:67:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATH_MAX];
data/xymon-4.3.30/xymond/trimhistory.c:71:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname, "w");
data/xymon-4.3.30/xymond/trimhistory.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[4096], prevl[4096], l2[4096];
data/xymon-4.3.30/xymond/trimhistory.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cols[10];
data/xymon-4.3.30/xymond/trimhistory.c:126:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copying = (!cols[1] || (atoi(cols[1]) >= cutoff));
data/xymon-4.3.30/xymond/trimhistory.c:130:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copying = (!cols[6] || (atoi(cols[6]) >= cutoff));
data/xymon-4.3.30/xymond/trimhistory.c:134:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copying = (!cols[3] || (atoi(cols[3]) >= cutoff));
data/xymon-4.3.30/xymond/trimhistory.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[PATH_MAX];
data/xymon-4.3.30/xymond/trimhistory.c:188:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infd = fopen(fwalk->fname, "r");
data/xymon-4.3.30/xymond/trimhistory.c:200:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfd = fopen(outfn, "w");
data/xymon-4.3.30/xymond/trimhistory.c:209:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidfn[PATH_MAX];
data/xymon-4.3.30/xymond/trimhistory.c:214:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(pidfn, "r");
data/xymon-4.3.30/xymond/trimhistory.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[100];
data/xymon-4.3.30/xymond/trimhistory.c:217:38: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = (fgets(l, sizeof(l), fd) ? atol(l) : 0);
data/xymon-4.3.30/xymond/trimhistory.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstamp[25];
data/xymon-4.3.30/xymond/trimhistory.c:262:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmstamp.tm_mday = atoi(tstamp+8);
data/xymon-4.3.30/xymond/trimhistory.c:263:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmstamp.tm_year = atoi(tstamp+20)-1900;
data/xymon-4.3.30/xymond/trimhistory.c:264:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmstamp.tm_hour = atoi(tstamp+11);
data/xymon-4.3.30/xymond/trimhistory.c:265:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmstamp.tm_min = atoi(tstamp+14);
data/xymon-4.3.30/xymond/trimhistory.c:266:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmstamp.tm_sec = atoi(tstamp+17);
data/xymon-4.3.30/xymond/trimhistory.c:278:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmstamp.tm_mday = atoi(tstamp+8);
data/xymon-4.3.30/xymond/trimhistory.c:279:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmstamp.tm_year = atoi(tstamp+19)-1900;
data/xymon-4.3.30/xymond/trimhistory.c:280:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmstamp.tm_hour = atoi(tstamp+10);
data/xymon-4.3.30/xymond/trimhistory.c:281:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmstamp.tm_min = atoi(tstamp+13);
data/xymon-4.3.30/xymond/trimhistory.c:282:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmstamp.tm_sec = atoi(tstamp+16);
data/xymon-4.3.30/xymond/trimhistory.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn1[PATH_MAX], fn2[PATH_MAX];
data/xymon-4.3.30/xymond/trimhistory.c:374:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cutoff = atoi(p+1);
data/xymon-4.3.30/xymond/trimhistory.c:394:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
progressinfo = atoi(p+1);
data/xymon-4.3.30/xymond/trimhistory.c:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymon-mailack.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cookie[10];
data/xymon-4.3.30/xymond/xymon-mailack.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delaytxt[4096];
data/xymon-4.3.30/xymond/xymon-mailack.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgtxt[4096];
data/xymon-4.3.30/xymond/xymond.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sender[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymond.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymond.c:238:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *colnames[COL_COUNT+1];
data/xymon-4.3.30/xymond/xymond.c:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *senders[2];
data/xymon-4.3.30/xymond/xymond.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bootuptxt[40];
data/xymon-4.3.30/xymond/xymond.c:416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uptimetxt[40];
data/xymon-4.3.30/xymond/xymond.c:420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[2048];
data/xymon-4.3.30/xymond/xymond.c:435:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uptimetxt, "%d days, %02d:%02d:%02d",
data/xymon-4.3.30/xymond/xymond.c:441:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "Incoming messages : %10ld\n", msgs_total);
data/xymon-4.3.30/xymond/xymond.c:453:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "Incoming messages/sec : %10ld (average last %d seconds)\n",
data/xymon-4.3.30/xymond/xymond.c:462:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "status channel messages: %10ld (%d readers)\n", statuschn->msgcount, clients);
data/xymon-4.3.30/xymond/xymond.c:465:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "stachg channel messages: %10ld (%d readers)\n", stachgchn->msgcount, clients);
data/xymon-4.3.30/xymond/xymond.c:468:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "page channel messages: %10ld (%d readers)\n", pagechn->msgcount, clients);
data/xymon-4.3.30/xymond/xymond.c:471:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "data channel messages: %10ld (%d readers)\n", datachn->msgcount, clients);
data/xymon-4.3.30/xymond/xymond.c:474:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "notes channel messages: %10ld (%d readers)\n", noteschn->msgcount, clients);
data/xymon-4.3.30/xymond/xymond.c:477:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "enadis channel messages: %10ld (%d readers)\n", enadischn->msgcount, clients);
data/xymon-4.3.30/xymond/xymond.c:480:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "client channel messages: %10ld (%d readers)\n", clientchn->msgcount, clients);
data/xymon-4.3.30/xymond/xymond.c:483:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "clichg channel messages: %10ld (%d readers)\n", clichgchn->msgcount, clients);
data/xymon-4.3.30/xymond/xymond.c:486:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "user channel messages: %10ld (%d readers)\n", userchn->msgcount, clients);
data/xymon-4.3.30/xymond/xymond.c:488:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "backfeed messages : %10ld\n", backfeedcount);
data/xymon-4.3.30/xymond/xymond.c:568:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timetxt[30];
data/xymon-4.3.30/xymond/xymond.c:1068:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[1024];
data/xymon-4.3.30/xymond/xymond.c:1167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymond.c:1381:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) result = 60*atoi(tok+keylen); /* Convert to seconds */
data/xymon-4.3.30/xymond/xymond.c:1733:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(log->message, msg, msglen+1);
data/xymon-4.3.30/xymond/xymond.c:1738:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(log->message, msg, msglen+1);
data/xymon-4.3.30/xymond/xymond.c:1743:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(log->message, msg, msglen+1);
data/xymon-4.3.30/xymond/xymond.c:1774:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scookie[10];
data/xymon-4.3.30/xymond/xymond.c:1781:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scookie, "%d", newcookie);
data/xymon-4.3.30/xymond/xymond.c:2044:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymond.c:2236:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 2: level = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:2237:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 3: itemval = atoi(item);
data/xymon-4.3.30/xymond/xymond.c:2280:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[25];
data/xymon-4.3.30/xymond/xymond.c:2434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[512];
data/xymon-4.3.30/xymond/xymond.c:2491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymond.c:2664:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, item->fdata, item->len);
data/xymon-4.3.30/xymond/xymond.c:2682:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newitem->fdata, buf, buflen);
data/xymon-4.3.30/xymond/xymond.c:2690:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newitem->fdata, buf, buflen);
data/xymon-4.3.30/xymond/xymond.c:2709:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond.c:2765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond.c:2776:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fullfn, O_RDONLY);
data/xymon-4.3.30/xymond/xymond.c:2816:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *result[10] = { NULL, };
data/xymon-4.3.30/xymond/xymond.c:2929:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (skipchar) newrec->wantedvalue = atoi(tok+skipchar+10);
data/xymon-4.3.30/xymond/xymond.c:2938:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (skipchar) newrec->wantedvalue = atoi(tok+skipchar+7);
data/xymon-4.3.30/xymond/xymond.c:2947:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (skipchar) newrec->wantedvalue = atoi(tok+skipchar+9);
data/xymon-4.3.30/xymond/xymond.c:2956:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (skipchar) newrec->wantedvalue = atoi(tok+skipchar+7);
data/xymon-4.3.30/xymond/xymond.c:2965:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (skipchar) newrec->wantedvalue = atoi(tok+skipchar+11);
data/xymon-4.3.30/xymond/xymond.c:3012:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newrec->wantedvalue = atoi(tok+9);
data/xymon-4.3.30/xymond/xymond.c:3046:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hname, *tname, hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymond.c:3346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[1024];
data/xymon-4.3.30/xymond/xymond.c:3430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[1024];
data/xymon-4.3.30/xymond/xymond.c:3476:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sender[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymond.c:3534:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tracefn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond.c:3543:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(tracefn, "w");
data/xymon-4.3.30/xymond/xymond.c:3570:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
startofs = atoi(ofsstr);
data/xymon-4.3.30/xymond/xymond.c:3583:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
endofs = atoi(ofsstr);
data/xymon-4.3.30/xymond/xymond.c:3760:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hname, hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymond.c:3897:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[500];
data/xymon-4.3.30/xymond/xymond.c:4423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[128];
data/xymon-4.3.30/xymond/xymond.c:4450:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[50];
data/xymon-4.3.30/xymond/xymond.c:4467:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newitem->executiontime = (time_t) atoi(cmd);
data/xymon-4.3.30/xymond/xymond.c:4479:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(cmd + 6);
data/xymon-4.3.30/xymond/xymond.c:4538:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymond.c:4668:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymond/xymond.c:4693:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymond/xymond.c:4716:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymond/xymond.c:4771:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(tempfn, "w");
data/xymon-4.3.30/xymond/xymond.c:4853:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymond/xymond.c:4864:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "r");
data/xymon-4.3.30/xymond/xymond.c:4887:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 2: newtask->id = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4888:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 3: newtask->executiontime = (time_t) atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4929:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 4: newack->received = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4930:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 5: newack->validuntil = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4931:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 6: newack->cleartime = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4932:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 7: newack->level = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4970:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 8: logtime = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4971:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 9: lastchange = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4972:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 10: validtime = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4973:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 11: enabletime = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4974:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 12: acktime = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4976:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 14: cookieexpires = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4980:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 18: redstart = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:4981:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 19: yellowstart = atoi(item); break;
data/xymon-4.3.30/xymond/xymond.c:5273:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
defaultcookietime = atoi(xgetenv("ACK_COOKIE_EXPIRATION"));
data/xymon-4.3.30/xymond/xymond.c:5290:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
listenport = atoi(p+1);
data/xymon-4.3.30/xymond/xymond.c:5296:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int newconn_timeout = atoi(p);
data/xymon-4.3.30/xymond/xymond.c:5312:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
checkpointinterval = atoi(p);
data/xymon-4.3.30/xymond/xymond.c:5334:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
listenq = atoi(p);
data/xymon-4.3.30/xymond/xymond.c:5380:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flapthreshold = atoi(p+1);
data/xymon-4.3.30/xymond/xymond.c:5384:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flapcount = atoi(p+1);
data/xymon-4.3.30/xymond/xymond.c:5484:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(xgetenv("STATUSLIFETIME"));
data/xymon-4.3.30/xymond/xymond.c:5495:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
listenport = atoi(xgetenv("XYMONDPORT"));
data/xymon-4.3.30/xymond/xymond.c:5565:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond.c:5573:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen(pidfile, "w");
data/xymon-4.3.30/xymond/xymond.c:5632:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ackinfologfd = fopen(ackinfologfn, "a");
data/xymon-4.3.30/xymond/xymond.c:5639:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATH_MAX];
data/xymon-4.3.30/xymond/xymond.c:5642:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbgfd = fopen(fname, "a");
data/xymon-4.3.30/xymond/xymond_alert.c:239:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen(filename, "w");
data/xymon-4.3.30/xymond/xymond_alert.c:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statuscmd[1024];
data/xymon-4.3.30/xymond/xymond_alert.c:280:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(statuscmd, "xymondboard fields=hostname,testname,color");
data/xymon-4.3.30/xymond/xymond_alert.c:297:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(filename, "r");
data/xymon-4.3.30/xymond/xymond_alert.c:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *item[20], *p;
data/xymon-4.3.30/xymond/xymond_alert.c:331:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newalert->eventstart = (time_t) atoi(item[5]);
data/xymon-4.3.30/xymond/xymond_alert.c:332:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newalert->nextalerttime = (time_t) atoi(item[6]);
data/xymon-4.3.30/xymond/xymond_alert.c:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acklogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_alert.c:390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notiflogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_alert.c:405:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
alertinterval = 60*atoi(xgetenv("ALERTREPEAT"));
data/xymon-4.3.30/xymond/xymond_alert.c:424:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
checkpointinterval = atoi(p);
data/xymon-4.3.30/xymond/xymond_alert.c:428:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reloadinterval = atoi(p);
data/xymon-4.3.30/xymond/xymond_alert.c:465:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fakestarttime = (time_t)atoi(strchr(argv[argi], '=')+1);
data/xymon-4.3.30/xymond/xymond_alert.c:469:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (paramno == 1) testdur = atoi(argv[argi]);
data/xymon-4.3.30/xymond/xymond_alert.c:471:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (paramno == 3) fakestarttime = (time_t) atoi(argv[argi]);
data/xymon-4.3.30/xymond/xymond_alert.c:498:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(awalk->ip, "127.0.0.1");
data/xymon-4.3.30/xymond/xymond_alert.c:507:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfd = fopen("/dev/null", "w");
data/xymon-4.3.30/xymond/xymond_alert.c:566:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
acklogfd = fopen(acklogfn, "a");
data/xymon-4.3.30/xymond/xymond_alert.c:568:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
notiflogfd = fopen(notiflogfn, "a");
data/xymon-4.3.30/xymond/xymond_alert.c:589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metadata[20];
data/xymon-4.3.30/xymond/xymond_alert.c:685:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
awalk->eventstart = atoi(metadata[9]);
data/xymon-4.3.30/xymond/xymond_alert.c:736:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
awalk->cookie = atoi(metadata[11]);
data/xymon-4.3.30/xymond/xymond_alert.c:761:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
time_t nextalert = atoi(metadata[6]);
data/xymon-4.3.30/xymond/xymond_capture.c:68:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout->tv_sec = (atoi(argv[argi]+10));
data/xymon-4.3.30/xymond/xymond_capture.c:103:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfd = fopen(fn, "a");
data/xymon-4.3.30/xymond/xymond_capture.c:111:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
batchtimeout = atoi(p+1);
data/xymon-4.3.30/xymond/xymond_capture.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metadata[MAX_META+1];
data/xymon-4.3.30/xymond/xymond_channel.c:113:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
peerport = atoi(delim+1);
data/xymon-4.3.30/xymond/xymond_channel.c:125:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, *(hent->h_addr_list), sizeof(struct in_addr));
data/xymon-4.3.30/xymond/xymond_channel.c:138:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (peerport == 0) peerport = atoi(xgetenv("XYMONDPORT"));
data/xymon-4.3.30/xymond/xymond_channel.c:455:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
messagetimeout = atoi(p+1);
data/xymon-4.3.30/xymond/xymond_channel.c:545:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (pidfile) fd = fopen(pidfile, "w");
data/xymon-4.3.30/xymond/xymond_channel.c:615:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inbuf+checksumsize, channel->channelbuf, msgsz+1); /* Include \0 */
data/xymon-4.3.30/xymond/xymond_channel.c:678:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inbuf+hlen+1, hashstr, strlen(hashstr));
data/xymon-4.3.30/xymond/xymond_client.c:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loadresult[100];
data/xymon-4.3.30/xymond/xymond_client.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myupstr[100];
data/xymon-4.3.30/xymond/xymond_client.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/xymond_client.c:348:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uptimesecs = atoi(uptimeresult) * 86400;
data/xymon-4.3.30/xymond/xymond_client.c:393:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (days) sprintf(myupstr, "up: %d days", days);
data/xymon-4.3.30/xymond/xymond_client.c:394:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(myupstr, "up: %02d:%02d", hours, mins);
data/xymon-4.3.30/xymond/xymond_client.c:406:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(loadresult, "%.2f", load5);
data/xymon-4.3.30/xymond/xymond_client.c:480:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) cachedelay = atoi(p+11);
data/xymon-4.3.30/xymond/xymond_client.c:498:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "System clock is %ld seconds off\n", (long) clockdiff.tv_sec);
data/xymon-4.3.30/xymond/xymond_client.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/xymond_client.c:603:64: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
levelstr = getcolumn(p, freecol); if (levelstr) levelabs = atol(levelstr);
data/xymon-4.3.30/xymond/xymond_client.c:605:64: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
levelstr = getcolumn(p, capacol); if (levelstr) levelpct = atol(levelstr);
data/xymon-4.3.30/xymond/xymond_client.c:620:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (abspanic) msgp += sprintf(msgp, "(%lu units free)", levelabs);
data/xymon-4.3.30/xymond/xymond_client.c:621:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else msgp += sprintf(msgp, "(%lu%% used)", levelpct);
data/xymon-4.3.30/xymond/xymond_client.c:623:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
msgp += sprintf(msgp, " has reached the PANIC level ");
data/xymon-4.3.30/xymond/xymond_client.c:625:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (abspanic) msgp += sprintf(msgp, "(%lu units)\n", paniclevel);
data/xymon-4.3.30/xymond/xymond_client.c:626:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else msgp += sprintf(msgp, "(%lu%%)\n", paniclevel);
data/xymon-4.3.30/xymond/xymond_client.c:637:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (abswarn) msgp += sprintf(msgp, "(%lu units free)", levelabs);
data/xymon-4.3.30/xymond/xymond_client.c:638:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else msgp += sprintf(msgp, "(%lu%% used)", levelpct);
data/xymon-4.3.30/xymond/xymond_client.c:640:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
msgp += sprintf(msgp, " has reached the WARNING level ");
data/xymon-4.3.30/xymond/xymond_client.c:642:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (abswarn) msgp += sprintf(msgp, "(%lu units)\n", warnlevel);
data/xymon-4.3.30/xymond/xymond_client.c:643:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else msgp += sprintf(msgp, "(%lu%%)\n", warnlevel);
data/xymon-4.3.30/xymond/xymond_client.c:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limtxt[1024];
data/xymon-4.3.30/xymond/xymond_client.c:678:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (dmin > 0) sprintf(limtxt, "%d or more", dmin);
data/xymon-4.3.30/xymond/xymond_client.c:679:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (dmin == 0) sprintf(limtxt, "none");
data/xymon-4.3.30/xymond/xymond_client.c:682:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (dmin > 0) sprintf(limtxt, "between %d and %d", dmin, dmax);
data/xymon-4.3.30/xymond/xymond_client.c:683:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (dmin == 0) sprintf(limtxt, "at most %d", dmax);
data/xymon-4.3.30/xymond/xymond_client.c:698:63: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/xymond_client.c:783:64: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
levelstr = getcolumn(p, freecol); if (levelstr) levelabs = atol(levelstr);
data/xymon-4.3.30/xymond/xymond_client.c:785:64: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
levelstr = getcolumn(p, capacol); if (levelstr) levelpct = atol(levelstr);
data/xymon-4.3.30/xymond/xymond_client.c:800:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (abspanic) msgp += sprintf(msgp, "(%lu units free)", levelabs);
data/xymon-4.3.30/xymond/xymond_client.c:801:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else msgp += sprintf(msgp, "(%lu%% used)", levelpct);
data/xymon-4.3.30/xymond/xymond_client.c:803:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
msgp += sprintf(msgp, " has reached the PANIC level ");
data/xymon-4.3.30/xymond/xymond_client.c:805:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (abspanic) msgp += sprintf(msgp, "(%lu units)\n", paniclevel);
data/xymon-4.3.30/xymond/xymond_client.c:806:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else msgp += sprintf(msgp, "(%lu%%)\n", paniclevel);
data/xymon-4.3.30/xymond/xymond_client.c:817:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (abswarn) msgp += sprintf(msgp, "(%lu units free)", levelabs);
data/xymon-4.3.30/xymond/xymond_client.c:818:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else msgp += sprintf(msgp, "(%lu%% used)", levelpct);
data/xymon-4.3.30/xymond/xymond_client.c:820:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
msgp += sprintf(msgp, " has reached the WARNING level ");
data/xymon-4.3.30/xymond/xymond_client.c:822:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (abswarn) msgp += sprintf(msgp, "(%lu units)\n", warnlevel);
data/xymon-4.3.30/xymond/xymond_client.c:823:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else msgp += sprintf(msgp, "(%lu%%)\n", warnlevel);
data/xymon-4.3.30/xymond/xymond_client.c:844:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "&green No filesystems reporting inode data\n");
data/xymon-4.3.30/xymond/xymond_client.c:861:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limtxt[1024];
data/xymon-4.3.30/xymond/xymond_client.c:866:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (imin > 0) sprintf(limtxt, "%d or more", imin);
data/xymon-4.3.30/xymond/xymond_client.c:867:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (imin == 0) sprintf(limtxt, "none");
data/xymon-4.3.30/xymond/xymond_client.c:870:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (imin > 0) sprintf(limtxt, "between %d and %d", imin, imax);
data/xymon-4.3.30/xymond/xymond_client.c:871:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (imin == 0) sprintf(limtxt, "at most %d", imax);
data/xymon-4.3.30/xymond/xymond_client.c:886:63: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:924:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/xymond_client.c:1012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/xymond_client.c:1098:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limtxt[1024];
data/xymon-4.3.30/xymond/xymond_client.c:1101:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "%d or more", pmin);
data/xymon-4.3.30/xymond/xymond_client.c:1102:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "none");
data/xymon-4.3.30/xymond/xymond_client.c:1105:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "between %d and %d", pmin, pmax);
data/xymon-4.3.30/xymond/xymond_client.c:1106:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "at most %d", pmax);
data/xymon-4.3.30/xymond/xymond_client.c:1140:63: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:1170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/xymond_client.c:1209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_client.c:1284:63: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:1346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_client.c:1347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sectionname[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_client.c:1477:64: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:1523:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_client.c:1566:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_client.c:1609:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/xymond_client.c:1626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/xymond_client.c:1643:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/xymond_client.c:1672:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymond/xymond_client.c:1717:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limtxt[1024];
data/xymon-4.3.30/xymond/xymond_client.c:1721:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "%d or more", pmin);
data/xymon-4.3.30/xymond/xymond_client.c:1722:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "none");
data/xymon-4.3.30/xymond/xymond_client.c:1725:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "between %d and %d", pmin, pmax);
data/xymon-4.3.30/xymond/xymond_client.c:1726:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "at most %d", pmax);
data/xymon-4.3.30/xymond/xymond_client.c:1763:64: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (group) sprintf(msgline, "status/group:%s ", group); else strcpy(msgline, "status ");
data/xymon-4.3.30/xymond/xymond_client.c:1836:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[1024], clientclass[1024];
data/xymon-4.3.30/xymond/xymond_client.c:1837:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4096];
data/xymon-4.3.30/xymond/xymond_client.c:1934:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(s+1, "r");
data/xymon-4.3.30/xymond/xymond_client.c:1970:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(s+1, "r");
data/xymon-4.3.30/xymond/xymond_client.c:2012:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(s+1, "r");
data/xymon-4.3.30/xymond/xymond_client.c:2036:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char limtxt[1024];
data/xymon-4.3.30/xymond/xymond_client.c:2039:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "%d or more", pmin);
data/xymon-4.3.30/xymond/xymond_client.c:2040:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "none");
data/xymon-4.3.30/xymond/xymond_client.c:2043:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (pmin > 0) sprintf(limtxt, "between %d and %d", pmin, pmax);
data/xymon-4.3.30/xymond/xymond_client.c:2044:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (pmin == 0) sprintf(limtxt, "at most %d", pmax);
data/xymon-4.3.30/xymond/xymond_client.c:2167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metadata[MAX_META+1];
data/xymon-4.3.30/xymond/xymond_client.c:2206:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
time_t timestamp = atoi(metadata[1]);
data/xymon-4.3.30/xymond/xymond_distribute.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newmsg[4096];
data/xymon-4.3.30/xymond/xymond_distribute.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metadata[MAX_META+1];
data/xymon-4.3.30/xymond/xymond_distribute.c:134:57: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
distime = (strcmp(metadata[5], "-1") == 0) ? -1 : ((atol(metadata[5]) - time(NULL)) / 60);
data/xymon-4.3.30/xymond/xymond_filestore.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_filestore.c:59:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfd = fopen(tmpfn, mode);
data/xymon-4.3.30/xymond/xymond_filestore.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[100];
data/xymon-4.3.30/xymond/xymond_filestore.c:65:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (timesincechange > 86400) p += sprintf(p, "%ld days, ", (timesincechange / 86400));
data/xymon-4.3.30/xymond/xymond_filestore.c:66:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%ld hours, %ld minutes",
data/xymon-4.3.30/xymond/xymond_filestore.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[100];
data/xymon-4.3.30/xymond/xymond_filestore.c:101:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(tmpfn, "w");
data/xymon-4.3.30/xymond/xymond_filestore.c:116:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (timesincechange > 86400) p += sprintf(p, "%ld days, ", (timesincechange / 86400));
data/xymon-4.3.30/xymond/xymond_filestore.c:117:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%ld hours, %ld minutes",
data/xymon-4.3.30/xymond/xymond_filestore.c:155:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
enablefd = fopen(fn, "w");
data/xymon-4.3.30/xymond/xymond_filestore.c:264:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metadata[20] = { NULL, };
data/xymon-4.3.30/xymond/xymond_filestore.c:270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_filestore.c:309:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
expiretime = atoi(metadata[6]);
data/xymon-4.3.30/xymond/xymond_filestore.c:312:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timesincechange = logtime - atoi(metadata[10]);
data/xymon-4.3.30/xymond/xymond_filestore.c:317:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htmllogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_filestore.c:321:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (metadata[11]) acktime = atoi(metadata[11]);
data/xymon-4.3.30/xymond/xymond_filestore.c:325:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (metadata[13]) disabletime = atoi(metadata[13]);
data/xymon-4.3.30/xymond/xymond_filestore.c:367:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
expiretime = atoi(metadata[5]);
data/xymon-4.3.30/xymond/xymond_filestore.c:407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newlogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_filestore.c:435:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newcol2[3];
data/xymon-4.3.30/xymond/xymond_history.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcol2[3];
data/xymon-4.3.30/xymond/xymond_history.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alleventsfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:105:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minlogspace = atoi(strchr(argv[argi], '=')+1);
data/xymon-4.3.30/xymond/xymond_history.c:161:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pidfd = fopen(pidfn, "w");
data/xymon-4.3.30/xymond/xymond_history.c:170:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alleventsfd = fopen(alleventsfn, "a");
data/xymon-4.3.30/xymond/xymond_history.c:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metadata[20] = { NULL, };
data/xymon-4.3.30/xymond/xymond_history.c:204:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alleventsfd = fopen(alleventsfn, "a");
data/xymon-4.3.30/xymond/xymond_history.c:248:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastchg = atoi(metadata[9]);
data/xymon-4.3.30/xymond/xymond_history.c:249:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
disabletime = atoi(metadata[10]);
data/xymon-4.3.30/xymond/xymond_history.c:251:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
downtimeactive = (atoi(metadata[12]) > 0);
data/xymon-4.3.30/xymond/xymond_history.c:252:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clienttstamp = atoi(metadata[13]);
data/xymon-4.3.30/xymond/xymond_history.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statuslogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldcol[100];
data/xymon-4.3.30/xymond/xymond_history.c:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[40];
data/xymon-4.3.30/xymond/xymond_history.c:287:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statuslogfd = fopen(statuslogfn, "r+");
data/xymon-4.3.30/xymond/xymond_history.c:301:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[1024];
data/xymon-4.3.30/xymond/xymond_history.c:365:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statuslogfd = fopen(statuslogfn, "a");
data/xymon-4.3.30/xymond/xymond_history.c:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:427:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
histlogfd = fopen(fname, "w");
data/xymon-4.3.30/xymond/xymond_history.c:516:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostlogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:522:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hostlogfd = fopen(hostlogfn, "a");
data/xymon-4.3.30/xymond/xymond_history.c:552:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testdir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:566:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostlogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:583:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statuslogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:620:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testdir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:634:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statuslogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char olddir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:658:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newdir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:674:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostlogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:675:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newhostlogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:691:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statuslogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:692:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newlogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:733:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char olddir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:734:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newdir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:749:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statuslogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_history.c:750:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newstatuslogfn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_hostdata.c:100:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
recentperiod = 60*atoi(p+1);
data/xymon-4.3.30/xymond/xymond_hostdata.c:104:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxrecentcount = atoi(p+1);
data/xymon-4.3.30/xymond/xymond_hostdata.c:107:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minlogspace = atoi(strchr(argv[argi], '=')+1);
data/xymon-4.3.30/xymond/xymond_hostdata.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metadata[MAX_META+1];
data/xymon-4.3.30/xymond/xymond_hostdata.c:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostdir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_hostdata.c:188:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_hostdata.c:214:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "w");
data/xymon-4.3.30/xymond/xymond_hostdata.c:267:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostdir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_hostdata.c:274:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldhostdir[PATH_MAX], newhostdir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_locator.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/xymon-4.3.30/xymond/xymond_locator.c:354:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "r");
data/xymon-4.3.30/xymond/xymond_locator.c:369:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
enum locator_sticky_t sticky = (atoi(ssticky) == 1) ? LOC_STICKY : LOC_ROAMING;
data/xymon-4.3.30/xymond/xymond_locator.c:372:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srv = register_server(sname, stype, atoi(sconfweight), sticky, sextra);
data/xymon-4.3.30/xymond/xymond_locator.c:373:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srv->serveractualweight = atoi(sactweight);
data/xymon-4.3.30/xymond/xymond_locator.c:385:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "r");
data/xymon-4.3.30/xymond/xymond_locator.c:416:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "w");
data/xymon-4.3.30/xymond/xymond_locator.c:437:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "w");
data/xymon-4.3.30/xymond/xymond_locator.c:494:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) { serverweight = atoi(tok); tok = strtok(NULL, delims); }
data/xymon-4.3.30/xymond/xymond_locator.c:495:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) { sticky = ((atoi(tok) == 1) ? LOC_STICKY : LOC_ROAMING); tok = strtok(NULL, delims); }
data/xymon-4.3.30/xymond/xymond_locator.c:503:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "OK");
data/xymon-4.3.30/xymond/xymond_locator.c:505:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(buf, "BADSYNTAX");
data/xymon-4.3.30/xymond/xymond_locator.c:521:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "OK");
data/xymon-4.3.30/xymond/xymond_locator.c:523:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(buf, "BADSYNTAX");
data/xymon-4.3.30/xymond/xymond_locator.c:542:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "OK");
data/xymon-4.3.30/xymond/xymond_locator.c:544:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(buf, "BADSYNTAX");
data/xymon-4.3.30/xymond/xymond_locator.c:563:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "OK");
data/xymon-4.3.30/xymond/xymond_locator.c:566:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "FAILED");
data/xymon-4.3.30/xymond/xymond_locator.c:569:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(buf, "BADSYNTAX");
data/xymon-4.3.30/xymond/xymond_locator.c:622:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(buf, "BADSYNTAX");
data/xymon-4.3.30/xymond/xymond_locator.c:634:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "OK");
data/xymon-4.3.30/xymond/xymond_locator.c:638:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "BADREQUEST");
data/xymon-4.3.30/xymond/xymond_locator.c:667:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) { locport = atoi(p+1); *p = '\0'; } else locport = 1984;
data/xymon-4.3.30/xymond/xymond_locator.c:752:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32768];
data/xymon-4.3.30/xymond/xymond_rrd.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_rrd.c:282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metadata[MAX_META+1];
data/xymon-4.3.30/xymond/xymond_rrd.c:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctlbuf[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_rrd.c:367:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tstamp = atoi(metadata[1]);
data/xymon-4.3.30/xymond/xymond_rrd.c:384:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tstamp = atoi(metadata[1]);
data/xymon-4.3.30/xymond/xymond_rrd.c:413:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostdir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_rrd.c:431:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldhostdir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_rrd.c:432:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newhostdir[PATH_MAX];
data/xymon-4.3.30/xymond/xymond_sample.c:58:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout->tv_sec = (atoi(argv[argi]+10));
data/xymon-4.3.30/xymond/xymond_sample.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *metadata[MAX_META+1];
data/xymon-4.3.30/xymond/xymond_worker.c:103:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
listenport = atoi(p+1);
data/xymon-4.3.30/xymond/xymond_worker.c:237:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
locatorweight = atoi(p+1);
data/xymon-4.3.30/xymond/xymond_worker.c:464:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(endpos, "\n@@\n", 4); /* Simulate end-of-message and flush data */
data/xymon-4.3.30/xymond/xymond_worker.c:592:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*seq = atoi(p+1);
data/xymon-4.3.30/xymond/xymond_worker.c:638:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md_value[16];
data/xymon-4.3.30/xymond/xymond_worker.c:639:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_string[2*16+1];
data/xymon-4.3.30/xymond/xymond_worker.c:649:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%02x", md_value[i]);
data/xymon-4.3.30/xymond/xymonfetch.c:104:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char res[100];
data/xymon-4.3.30/xymond/xymonfetch.c:107:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (includeport) sprintf(res+n, ":%d", ntohs(addr->sin_port));
data/xymon-4.3.30/xymond/xymonfetch.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgmsg[100];
data/xymon-4.3.30/xymond/xymonfetch.c:242:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int portnum = atoi(xgetenv("XYMONDPORT"));
data/xymon-4.3.30/xymond/xymonfetch.c:265:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msgbytes = atoi(mptr);
data/xymon-4.3.30/xymond/xymonfetch.c:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgcachesection[100];
data/xymon-4.3.30/xymond/xymonfetch.c:299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sourcemsg[100];
data/xymon-4.3.30/xymond/xymonfetch.c:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/xymon-4.3.30/xymond/xymonfetch.c:435:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pollinterval = atoi(p+1);
data/xymon-4.3.30/xymond/xymonfetch.c:439:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
errorloginterval = atoi(p+1);
data/xymon-4.3.30/xymond/xymonfetch.c:443:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
serverid = atoi(p+1);
data/xymon-4.3.30/xymond/xymonfetch.c:578:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[30];
data/xymon-4.3.30/xymond/xymonfetch.c:605:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[100];
data/xymon-4.3.30/xymond/xymonfetch.c:619:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(xgetenv("XYMONDPORT"));
data/xymon-4.3.30/xymond/xymonfetch.c:631:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) { *p = '\0'; port = atoi(p+1); }
data/xymon-4.3.30/xymond/xymonfetch.c:662:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, "pullclient %d\n", serverid);
data/xymon-4.3.30/xymongen/csvreport.c:25:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "w");
data/xymon-4.3.30/xymongen/debug.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[512];
data/xymon-4.3.30/xymongen/debug.c:32:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(format, "Host: %s, ip: %s, name: %s, color: %d, old: %d, anywaps: %d, wapcolor: %d, pretitle: '%s', noprop-y: %s, noprop-r: %s, noprop-p: %s, noprop-ack: %s, waps: %s\n");
data/xymon-4.3.30/xymongen/debug.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[512];
data/xymon-4.3.30/xymongen/debug.c:56:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(format, "Group: %s, pretitle: '%s'\n");
data/xymon-4.3.30/xymongen/debug.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newindent[100];
data/xymon-4.3.30/xymongen/debug.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newindentextra[105];
data/xymon-4.3.30/xymongen/debug.c:99:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newindentextra, " ");
data/xymon-4.3.30/xymongen/loaddata.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullfn[PATH_MAX];
data/xymon-4.3.30/xymongen/loaddata.c:184:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(fullfn, "r")) == NULL) {
data/xymon-4.3.30/xymongen/loaddata.c:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/xymongen/loaddata.c:457:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymongen/loaddata.c:483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymongen/loaddata.c:507:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(dumpfn, "r");
data/xymon-4.3.30/xymongen/loaddata.c:546:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
purplelog = fopen(purplelogfn, "w");
data/xymon-4.3.30/xymongen/loaddata.c:581:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 4: log.lastchange = atoi(p); break;
data/xymon-4.3.30/xymongen/loaddata.c:582:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 5: log.logtime = atoi(p); break;
data/xymon-4.3.30/xymongen/loaddata.c:583:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 6: log.validtime = atoi(p); break;
data/xymon-4.3.30/xymongen/loaddata.c:584:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 7: log.acktime = atoi(p); break;
data/xymon-4.3.30/xymongen/loaddata.c:585:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 8: log.disabletime = atoi(p); break;
data/xymon-4.3.30/xymongen/loaddata.c:587:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 10: log.cookie = atoi(p); break;
data/xymon-4.3.30/xymongen/loaddata.c:624:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (tok) log.acktime = atol(tok);
data/xymon-4.3.30/xymongen/loadlayout.c:64:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[MAX_LINE_LEN];
data/xymon-4.3.30/xymongen/loadlayout.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[MAX_LINE_LEN];
data/xymon-4.3.30/xymongen/loadlayout.c:192:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(newhost->ip, "%d.%d.%d.%d", ip1, ip2, ip3, ip4);
data/xymon-4.3.30/xymongen/loadlayout.c:358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grouponlytag[100], groupexcepttag[100], grouptag[100];
data/xymon-4.3.30/xymongen/loadlayout.c:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagetag[100], subpagetag[100], subparenttag[100],
data/xymon-4.3.30/xymongen/loadlayout.c:423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAX_LINE_LEN];
data/xymon-4.3.30/xymongen/loadlayout.c:600:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *targetpagelist[MAX_TARGETPAGES_PER_HOST];
data/xymon-4.3.30/xymongen/loadlayout.c:742:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wantedgroup = atoi(p+1);
data/xymon-4.3.30/xymongen/loadlayout.c:810:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sumname[MAX_LINE_LEN];
data/xymon-4.3.30/xymongen/loadlayout.c:811:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char receiver[MAX_LINE_LEN];
data/xymon-4.3.30/xymongen/loadlayout.c:812:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[MAX_LINE_LEN];
data/xymon-4.3.30/xymongen/pagegen.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hf_prefix[3]; /* header/footer prefixes for xymon, nongreen, critical pages*/
data/xymon-4.3.30/xymongen/pagegen.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htaccessfn[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htaccesscontent[1024];
data/xymon-4.3.30/xymongen/pagegen.c:300:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(htaccessfn, "w");
data/xymon-4.3.30/xymongen/pagegen.c:350:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(xgetenv("DOTWIDTH"));
data/xymon-4.3.30/xymongen/pagegen.c:482:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(xgetenv("DOTWIDTH"));
data/xymon-4.3.30/xymongen/pagegen.c:634:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htmlrepfn[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:635:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textrepfn[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:636:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textrepurl[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:647:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
htmlrep = fopen(htmlrepfn, "w");
data/xymon-4.3.30/xymongen/pagegen.c:652:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
textrep = fopen(textrepfn, "w");
data/xymon-4.3.30/xymongen/pagegen.c:820:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagelink[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:901:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagepath[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:902:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:903:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfilename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rssfilename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:905:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmprssfilename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:906:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curdir[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:922:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indexfilename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:934:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmppath[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:953:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(tmpfilename, "w");
data/xymon-4.3.30/xymongen/pagegen.c:955:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indexfilename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:956:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagebasename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:973:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(tmpfilename, "w");
data/xymon-4.3.30/xymongen/pagegen.c:1001:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rssoutput = fopen(tmprssfilename, "w");
data/xymon-4.3.30/xymongen/pagegen.c:1085:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extfn[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:1086:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/xymon-4.3.30/xymongen/pagegen.c:1133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:1134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfilename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:1135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rssfilename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:1136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmprssfilename[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:1203:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newhost, h->hostentry, sizeof(host_t));
data/xymon-4.3.30/xymongen/pagegen.c:1252:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(tmpfilename, "w");
data/xymon-4.3.30/xymongen/pagegen.c:1260:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rssoutput = fopen(tmprssfilename, "w");
data/xymon-4.3.30/xymongen/pagegen.c:1319:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[MAX_LINE_LEN];
data/xymon-4.3.30/xymongen/pagegen.c:1321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nklogfn[PATH_MAX];
data/xymon-4.3.30/xymongen/pagegen.c:1325:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nklog = fopen(nklogfn, "a");
data/xymon-4.3.30/xymongen/process.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymongen/rssgen.c:56:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ttlvalue = (xgetenv("TASKSLEEP") ? (atoi(xgetenv("TASKSLEEP")) / 60) : 5);
data/xymon-4.3.30/xymongen/rssgen.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfn[PATH_MAX];
data/xymon-4.3.30/xymongen/rssgen.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destfn[PATH_MAX];
data/xymon-4.3.30/xymongen/rssgen.c:221:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ttlvalue = (xgetenv("TASKSLEEP") ? atoi(xgetenv("TASKSLEEP")) : 300);
data/xymon-4.3.30/xymongen/rssgen.c:231:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(tmpfn, "w");
data/xymon-4.3.30/xymongen/util.c:38:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pagelink[PATH_MAX];
data/xymon-4.3.30/xymongen/util.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmppath[PATH_MAX];
data/xymon-4.3.30/xymongen/util.c:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pagename[PATH_MAX];
data/xymon-4.3.30/xymongen/util.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[PATH_MAX];
data/xymon-4.3.30/xymongen/util.c:81:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pagename, "Top page");
data/xymon-4.3.30/xymongen/wmlgen.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wmldir[PATH_MAX];
data/xymon-4.3.30/xymongen/wmlgen.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymongen/wmlgen.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymongen/wmlgen.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN], lineout[MAX_LINE_LEN];
data/xymon-4.3.30/xymongen/wmlgen.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xymondreq[1024];
data/xymon-4.3.30/xymongen/wmlgen.c:123:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "w");
data/xymon-4.3.30/xymongen/wmlgen.c:169:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, "<br/>");
data/xymon-4.3.30/xymongen/wmlgen.c:186:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, "<");
data/xymon-4.3.30/xymongen/wmlgen.c:196:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, ">");
data/xymon-4.3.30/xymongen/wmlgen.c:200:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, "<b>red</b>");
data/xymon-4.3.30/xymongen/wmlgen.c:204:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, "<b>green</b>");
data/xymon-4.3.30/xymongen/wmlgen.c:208:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, "<b>purple</b>");
data/xymon-4.3.30/xymongen/wmlgen.c:212:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, "<b>yellow</b>");
data/xymon-4.3.30/xymongen/wmlgen.c:216:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, "<b>clear</b>");
data/xymon-4.3.30/xymongen/wmlgen.c:220:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, "<b>blue</b>");
data/xymon-4.3.30/xymongen/wmlgen.c:224:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, "&");
data/xymon-4.3.30/xymongen/wmlgen.c:228:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, "'");
data/xymon-4.3.30/xymongen/wmlgen.c:232:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outp, """);
data/xymon-4.3.30/xymongen/wmlgen.c:254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nongreenfn[PATH_MAX], hostfn[PATH_MAX];
data/xymon-4.3.30/xymongen/wmlgen.c:273:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wmlmaxchars = atol(xgetenv("WMLMAXCHARS"));
data/xymon-4.3.30/xymongen/wmlgen.c:316:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nongreenfd = fopen(nongreenfn, "w");
data/xymon-4.3.30/xymongen/wmlgen.c:340:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hostfd = fopen(hostfn, "w");
data/xymon-4.3.30/xymongen/wmlgen.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldnongreenfn[PATH_MAX];
data/xymon-4.3.30/xymongen/wmlgen.c:390:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nongreenfd = fopen(nongreenfn, "w");
data/xymon-4.3.30/xymongen/xymongen.c:113:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(xgetenv("XYMONPAGECOLREPEAT"));
data/xymon-4.3.30/xymongen/xymongen.c:236:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char style[MAX_LINE_LEN];
data/xymon-4.3.30/xymongen/xymongen.c:278:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snapshot = atol(lp+1);
data/xymon-4.3.30/xymongen/xymongen.c:292:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
subpagecolumns = atoi(lp+1);
data/xymon-4.3.30/xymongen/xymongen.c:298:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxrowsbeforeheading = atoi(lp+1);
data/xymon-4.3.30/xymongen/xymongen.c:346:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nongreeneventlogmaxcount = atoi(lp+1);
data/xymon-4.3.30/xymongen/xymongen.c:351:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nongreeneventlogmaxtime = atoi(lp+1);
data/xymon-4.3.30/xymongen/xymongen.c:356:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nongreenacklogmaxcount = atoi(lp+1);
data/xymon-4.3.30/xymongen/xymongen.c:361:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nongreenacklogmaxtime = atoi(lp+1);
data/xymon-4.3.30/xymongen/xymongen.c:694:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymongen/xymongen.c:696:44: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long tasksleep = (xgetenv("TASKSLEEP") ? atol(xgetenv("TASKSLEEP")) : -1);
data/xymon-4.3.30/xymongen/xymongen.c:715:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " Hosts : %5d\n", hostcount);
data/xymon-4.3.30/xymongen/xymongen.c:717:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " Pages : %5d\n", pagecount);
data/xymon-4.3.30/xymongen/xymongen.c:719:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " Status messages : %5d\n", statuscount);
data/xymon-4.3.30/xymongen/xymongen.c:721:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " - Red : %5d (%5.2f %%)\n",
data/xymon-4.3.30/xymongen/xymongen.c:724:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " - Red (non-propagating) : %5d (%5.2f %%)\n",
data/xymon-4.3.30/xymongen/xymongen.c:727:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " - Yellow : %5d (%5.2f %%)\n",
data/xymon-4.3.30/xymongen/xymongen.c:730:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " - Yellow (non-propagating) : %5d (%5.2f %%)\n",
data/xymon-4.3.30/xymongen/xymongen.c:733:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " - Clear : %5d (%5.2f %%)\n",
data/xymon-4.3.30/xymongen/xymongen.c:736:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " - Green : %5d (%5.2f %%)\n",
data/xymon-4.3.30/xymongen/xymongen.c:739:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " - Purple : %5d (%5.2f %%)\n",
data/xymon-4.3.30/xymongen/xymongen.c:742:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgline, " - Blue : %5d (%5.2f %%)\n",
data/xymon-4.3.30/xymongen/xymongen.h:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char age[20];
data/xymon-4.3.30/xymongen/xymongen.h:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymonnet/beastat.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msgline[MAX_LINE_LEN];
data/xymon-4.3.30/xymonnet/beastat.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[4096];
data/xymon-4.3.30/xymonnet/beastat.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keystr[4096];
data/xymon-4.3.30/xymonnet/beastat.c:200:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extcmdtimeout = atoi(p+1);
data/xymon-4.3.30/xymonnet/beastat.c:204:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
default_port = atoi(p+1);
data/xymon-4.3.30/xymonnet/beastat.c:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pipecmd[4096];
data/xymon-4.3.30/xymonnet/beastat.c:251:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snmpport = atoi(p+1);
data/xymon-4.3.30/xymonnet/contest.c:139:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->banner+item->bannerbytes, buf, len);
data/xymon-4.3.30/xymonnet/contest.c:313:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (item->telnetbuflen) memcpy(item->telnetbuf, obuf, item->telnetbuflen);
data/xymon-4.3.30/xymonnet/contest.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passfn[PATH_MAX];
data/xymon-4.3.30/xymonnet/contest.c:370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passphrase[1024];
data/xymon-4.3.30/xymonnet/contest.c:381:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, ".pass");
data/xymon-4.3.30/xymonnet/contest.c:383:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
passfd = fopen(passfn, "r");
data/xymon-4.3.30/xymonnet/contest.c:402:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[256];
data/xymon-4.3.30/xymonnet/contest.c:448:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portinfo[100];
data/xymon-4.3.30/xymonnet/contest.c:453:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msglin[2048];
data/xymon-4.3.30/xymonnet/contest.c:460:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX]; /* Path for the random file */
data/xymon-4.3.30/xymonnet/contest.c:540:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sslerrmsg[256];
data/xymon-4.3.30/xymonnet/contest.c:560:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char certfn[PATH_MAX];
data/xymon-4.3.30/xymonnet/contest.c:572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sslerrmsg[256];
data/xymon-4.3.30/xymonnet/contest.c:587:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sslerrmsg[256];
data/xymon-4.3.30/xymonnet/contest.c:624:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sslerrmsg[256];
data/xymon-4.3.30/xymonnet/contest.c:642:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(portinfo, "%d/tcp", item->addr.sin_port);
data/xymon-4.3.30/xymonnet/contest.c:645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sslerrmsg[256];
data/xymon-4.3.30/xymonnet/contest.c:719:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (keyline) keysz = atoi(keyline+1);
data/xymon-4.3.30/xymonnet/contest.c:794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtxt[1024];
data/xymon-4.3.30/xymonnet/contest.c:885:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[4096];
data/xymon-4.3.30/xymonnet/contest.c:1180:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!item->open) {
data/xymon-4.3.30/xymonnet/contest.c:1192:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!item->open) item->errcode = CONTEST_ENOCONN;
data/xymon-4.3.30/xymonnet/contest.c:1193:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
do_talk = item->open;
data/xymon-4.3.30/xymonnet/contest.c:1197:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open && (item->svcinfo->flags & TCP_SSL)) {
data/xymon-4.3.30/xymonnet/contest.c:1272:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!item->open || !item->readpending) {
data/xymon-4.3.30/xymonnet/contest.c:1273:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open) {
data/xymon-4.3.30/xymonnet/contest.c:1360:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (item->open) {
data/xymon-4.3.30/xymonnet/contest.c:1390:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
item->open, item->connres, item->errcode,
data/xymon-4.3.30/xymonnet/contest.c:1419:46: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
httptest->httpstatus, httptest->tcptest->open, httptest->tcptest->errcode, httptest->parsestatus);
data/xymon-4.3.30/xymonnet/contest.c:1472:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(p+1);
data/xymon-4.3.30/xymonnet/contest.c:1477:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
concurrency = atoi(p+1);
data/xymon-4.3.30/xymonnet/contest.c:1556:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
add_tcp_test(ip, atoi(port), testspec, NULL, srcip, NULL, 0, NULL, NULL, NULL, NULL);
data/xymon-4.3.30/xymonnet/contest.h:97:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open; /* Result - is it open? */
data/xymon-4.3.30/xymonnet/dns.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100];
data/xymon-4.3.30/xymonnet/dns2.c:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[1024];
data/xymon-4.3.30/xymonnet/dns2.c:466:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, aptr, sizeof(struct in_addr));
data/xymon-4.3.30/xymonnet/dns2.c:474:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr6, aptr, sizeof(struct in6_addr));
data/xymon-4.3.30/xymonnet/httpcookies.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cookiefn[PATH_MAX];
data/xymon-4.3.30/xymonnet/httpcookies.c:112:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(cookiefn, "w");
data/xymon-4.3.30/xymonnet/httpcookies.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[4096];
data/xymon-4.3.30/xymonnet/httpcookies.c:141:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(cookiefn, "r");
data/xymon-4.3.30/xymonnet/httpcookies.c:163:38: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) { fieldcount++; c_expire = atol(p); p = strtok(NULL, "\t"); }
data/xymon-4.3.30/xymonnet/httpcookies.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cookiefn[PATH_MAX];
data/xymon-4.3.30/xymonnet/httpresult.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codestr[15];
data/xymon-4.3.30/xymonnet/httpresult.c:211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m1[100];
data/xymon-4.3.30/xymonnet/httpresult.c:240:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m1[100];
data/xymon-4.3.30/xymonnet/httpresult.c:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymonnet/httpresult.c:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m1[100];
data/xymon-4.3.30/xymonnet/httpresult.c:319:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymonnet/httpresult.c:344:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m1[100];
data/xymon-4.3.30/xymonnet/httpresult.c:383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymonnet/httpresult.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cause[100];
data/xymon-4.3.30/xymonnet/httptest.c:152:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->output+item->outlen, buf, len1chunk);
data/xymon-4.3.30/xymonnet/httptest.c:185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->headers+item->hdrlen, buf, len);
data/xymon-4.3.30/xymonnet/httptest.c:251:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contlen = atoi(p1);
data/xymon-4.3.30/xymonnet/httptest.c:397:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contentfn[PATH_MAX];
data/xymon-4.3.30/xymonnet/httptest.c:399:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
contentfd = fopen(contentfn, "r");
data/xymon-4.3.30/xymonnet/httptest.c:401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/xymonnet/httptest.c:530:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostporthdr[20];
data/xymon-4.3.30/xymonnet/httptest.c:538:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[100];
data/xymon-4.3.30/xymonnet/httptest.c:543:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pf = fopen(httptest->weburl.postdata+5, "r");
data/xymon-4.3.30/xymonnet/httptest.c:591:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char useragent[100];
data/xymon-4.3.30/xymonnet/ldaptest.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char versionstring[100];
data/xymon-4.3.30/xymonnet/ldaptest.c:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_LINE_LEN];
data/xymon-4.3.30/xymonnet/ldaptest.c:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymonnet/ldaptest.c:534:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ldapdebug = atoi(p+1);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hostip[10]; /* Hostname(s) or IP(s) used for testing. Max 10 IP's */
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:170:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newkey, kwalk, sizeof(keyrecord_t));
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:191:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newkey, kwalk, sizeof(keyrecord_t));
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:629:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tasksleep = atoi(xgetenv("TASKSLEEP"));
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:674:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(intvl+1) != tasksleep) continue;
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:804:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endmarks[6];
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:944:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(xgetenv("TASKSLEEP")),
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:970:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ival = atoi(owalk->result);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:1004:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:1062:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = 1000000*atoi(p+1);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:1066:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retries = atoi(p+1);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:1070:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_pending_requests = atoi(p+1);
data/xymon-4.3.30/xymonnet/xymonnet.c:101:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pinglog[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:102:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pingerrlog[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:165:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
printf("\tOpen : %d\n", iwalk->open);
data/xymon-4.3.30/xymonnet/xymonnet.c:201:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[1024];
data/xymon-4.3.30/xymonnet/xymonnet.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char depitem[MAX_LINE_LEN];
data/xymon-4.3.30/xymonnet/xymonnet.c:238:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (t && !t->open) {
data/xymon-4.3.30/xymonnet/xymonnet.c:463:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) h->mincipherbits = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:685:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
specialport = atoi(option);
data/xymon-4.3.30/xymonnet/xymonnet.c:696:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
specialport = atoi(option);
data/xymon-4.3.30/xymonnet/xymonnet.c:882:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/xymon-4.3.30/xymonnet/xymonnet.c:907:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statusfn[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:908:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/xymonnet/xymonnet.c:909:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAX_LINE_LEN];
data/xymon-4.3.30/xymonnet/xymonnet.c:916:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusfd = fopen(statusfn, "r");
data/xymon-4.3.30/xymonnet/xymonnet.c:940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statusfn[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:945:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusfd = fopen(statusfn, "w");
data/xymon-4.3.30/xymonnet/xymonnet.c:963:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statusfn[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:964:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/xymonnet/xymonnet.c:965:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[MAX_LINE_LEN];
data/xymon-4.3.30/xymonnet/xymonnet.c:973:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusfd = fopen(statusfn, "r");
data/xymon-4.3.30/xymonnet/xymonnet.c:1001:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statusfn[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:1006:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusfd = fopen(statusfn, "w");
data/xymon-4.3.30/xymonnet/xymonnet.c:1025:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:1032:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fn, "w");
data/xymon-4.3.30/xymonnet/xymonnet.c:1073:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX+1024];
data/xymon-4.3.30/xymonnet/xymonnet.c:1075:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdpath[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:1102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX+1024];
data/xymon-4.3.30/xymonnet/xymonnet.c:1104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdpath[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:1132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[IP_ADDR_STRLEN+1];
data/xymon-4.3.30/xymonnet/xymonnet.c:1210:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = open(pinglog, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR);
data/xymon-4.3.30/xymonnet/xymonnet.c:1212:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
errfile = open(pingerrlog, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR);
data/xymon-4.3.30/xymonnet/xymonnet.c:1233:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[IP_ADDR_STRLEN+1]; /* Must have room for the \n at the end also */
data/xymon-4.3.30/xymonnet/xymonnet.c:1270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_LINE_LEN];
data/xymon-4.3.30/xymonnet/xymonnet.c:1271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pingip[MAX_LINE_LEN];
data/xymon-4.3.30/xymonnet/xymonnet.c:1274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:1321:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfd = fopen(fn, "r");
data/xymon-4.3.30/xymonnet/xymonnet.c:1332:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xymon-4.3.30/xymonnet/xymonnet.c:1334:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
errfd = fopen(fn, "r");
data/xymon-4.3.30/xymonnet/xymonnet.c:1364:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (t->open) dbgprintf("More than one ping result for %s\n", pingip);
data/xymon-4.3.30/xymonnet/xymonnet.c:1373:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (t->open) dbgprintf("More than one ping result for %s\n", pingip);
data/xymon-4.3.30/xymonnet/xymonnet.c:1394:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!t->open && t->host->routerdeps) {
data/xymon-4.3.30/xymonnet/xymonnet.c:1404:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (router && !router->open) t->host->deprouterdown = router->host;
data/xymon-4.3.30/xymonnet/xymonnet.c:1430:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Xymon system failure");
data/xymon-4.3.30/xymonnet/xymonnet.c:1435:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Ping test disabled (noping)");
data/xymon-4.3.30/xymonnet/xymonnet.c:1439:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "DNS lookup failure");
data/xymon-4.3.30/xymonnet/xymonnet.c:1446:55: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sprintf(cause, "Host %s respond to ping", (test->open ? "does" : "does not"));
data/xymon-4.3.30/xymonnet/xymonnet.c:1453:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int okcount = test->open;
data/xymon-4.3.30/xymonnet/xymonnet.c:1457:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (walk->open) okcount++;
data/xymon-4.3.30/xymonnet/xymonnet.c:1466:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cause, "Host does not respond to ping on any of %d IP's",
data/xymon-4.3.30/xymonnet/xymonnet.c:1474:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cause, "Host responds to ping on %d of %d IP's",
data/xymon-4.3.30/xymonnet/xymonnet.c:1490:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cause, "\nIntermediate ");
data/xymon-4.3.30/xymonnet/xymonnet.c:1492:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cause, " down ");
data/xymon-4.3.30/xymonnet/xymonnet.c:1508:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX];
data/xymon-4.3.30/xymonnet/xymonnet.c:1524:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "DNS lookup failure");
data/xymon-4.3.30/xymonnet/xymonnet.c:1534:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (test->open) {
data/xymon-4.3.30/xymonnet/xymonnet.c:1535:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Service responds when it should not");
data/xymon-4.3.30/xymonnet/xymonnet.c:1539:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Host appears to be down");
data/xymon-4.3.30/xymonnet/xymonnet.c:1544:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!test->open) {
data/xymon-4.3.30/xymonnet/xymonnet.c:1546:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Host appears to be down");
data/xymon-4.3.30/xymonnet/xymonnet.c:1552:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Service unavailable");
data/xymon-4.3.30/xymonnet/xymonnet.c:1556:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cause, " (connect timeout)");
data/xymon-4.3.30/xymonnet/xymonnet.c:1559:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cause, " (");
data/xymon-4.3.30/xymonnet/xymonnet.c:1564:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cause, " (DNS error)");
data/xymon-4.3.30/xymonnet/xymonnet.c:1567:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cause, " (I/O error)");
data/xymon-4.3.30/xymonnet/xymonnet.c:1570:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cause, " (SSL error)");
data/xymon-4.3.30/xymonnet/xymonnet.c:1582:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Unexpected service response");
data/xymon-4.3.30/xymonnet/xymonnet.c:1590:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Service listening but unavailable (connect timeout)");
data/xymon-4.3.30/xymonnet/xymonnet.c:1594:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Service listening but unavailable (");
data/xymon-4.3.30/xymonnet/xymonnet.c:1600:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Service listening but unavailable (DNS error)");
data/xymon-4.3.30/xymonnet/xymonnet.c:1604:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Service listening but unavailable (I/O error)");
data/xymon-4.3.30/xymonnet/xymonnet.c:1608:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cause, "Service listening but unavailable (SSL error)");
data/xymon-4.3.30/xymonnet/xymonnet.c:1641:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cause, "\nDialup host or service");
data/xymon-4.3.30/xymonnet/xymonnet.c:1678:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymonnet/xymonnet.c:1679:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgtext[4096];
data/xymon-4.3.30/xymonnet/xymonnet.c:1680:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char causetext[1024];
data/xymon-4.3.30/xymonnet/xymonnet.c:1689:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[10];
data/xymon-4.3.30/xymonnet/xymonnet.c:1695:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
flags[i++] = (t->open ? 'O' : 'o');
data/xymon-4.3.30/xymonnet/xymonnet.c:1813:67: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
snprintf(msgtext, sizeof(msgtext), "\n&%s %s\n", colorname(t->open ? COL_GREEN : COL_RED), STRBUF(t->banner));
data/xymon-4.3.30/xymonnet/xymonnet.c:1820:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
colorname(walk->open ? COL_GREEN : COL_RED), STRBUF(walk->banner));
data/xymon-4.3.30/xymonnet/xymonnet.c:1852:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[2048];
data/xymon-4.3.30/xymonnet/xymonnet.c:1854:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char causetext[1024];
data/xymon-4.3.30/xymonnet/xymonnet.c:1878:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aprotocol[10];
data/xymon-4.3.30/xymonnet/xymonnet.c:1932:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (t->open) {
data/xymon-4.3.30/xymonnet/xymonnet.c:1959:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[1024];
data/xymon-4.3.30/xymonnet/xymonnet.c:2057:40: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
runtimewarn = (xgetenv("TASKSLEEP") ? atol(xgetenv("TASKSLEEP")) : 300);
data/xymon-4.3.30/xymonnet/xymonnet.c:2062:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; timeout = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2067:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; newtimeout = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2073:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; extcmdtimeout = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2077:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; concurrency = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2081:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; dnstimeout = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2095:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_dns_per_run = atoi(p+1);
data/xymon-4.3.30/xymonnet/xymonnet.c:2099:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dnsfaillog = fopen(fn+1, "w");
data/xymon-4.3.30/xymonnet/xymonnet.c:2114:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; frequenttestlimit = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2118:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; runtimewarn = atol(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2122:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; warnbytesread = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2161:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pingchildcount = atoi(p+1);
data/xymon-4.3.30/xymonnet/xymonnet.c:2200:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; sslwarndays = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2204:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; sslalarmdays = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2208:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; mincipherbits = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2212:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; validity = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2216:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p++; sslminkeysize = atoi(p);
data/xymon-4.3.30/xymonnet/xymonnet.c:2390:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[128];
data/xymon-4.3.30/xymonnet/xymonnet.c:2411:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/xymon-4.3.30/xymonnet/xymonnet.c:2445:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t->open = testresult->open;
data/xymon-4.3.30/xymonnet/xymonnet.c:2595:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgline[4096];
data/xymon-4.3.30/xymonnet/xymonnet.h:75:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open;
data/xymon-4.3.30/xymonnet/xymonnet.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[IP_ADDR_STRLEN];
data/xymon-4.3.30/xymonnet/xymonnet.h:141:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open; /* Is the service open ? NB: Shows true state of service, ignores flags */
data/xymon-4.3.30/xymonnet/xymonping.c:89:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4096];
data/xymon-4.3.30/xymonnet/xymonping.c:166:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buffer[PING_PACKET_SIZE];
data/xymon-4.3.30/xymonnet/xymonping.c:233:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buffer[4096];
data/xymon-4.3.30/xymonnet/xymonping.c:386:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tries = 1 + atoi(delim+1);
data/xymon-4.3.30/xymonnet/xymonping.c:390:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(delim+1);
data/xymon-4.3.30/xymonnet/xymonping.c:394:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minresponses = atoi(delim+1);
data/xymon-4.3.30/xymonnet/xymonping.c:402:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
senddelay = (1000000 / atoi(delim+1));
data/xymon-4.3.30/xymonnet/xymonping.c:418:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (isdigit((int) *val)) senddelay = atoi(val);
data/xymon-4.3.30/xymonnet/xymonping.c:422:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (isdigit((int) *val)) tries = atoi(val);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *statename[P_CLEANUP+1] = {
data/xymon-4.3.30/xymonproxy/xymonproxy.c:260:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) { locport = atoi(p+1); *p = '\0'; } else locport = 1984;
data/xymon-4.3.30/xymonproxy/xymonproxy.c:281:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p) { port1 = atoi(p+1); *p = '\0'; } else port1 = 1984;
data/xymon-4.3.30/xymonproxy/xymonproxy.c:299:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(p+1);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:303:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
listenq = atoi(p+1);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvrs[500];
data/xymon-4.3.30/xymonproxy/xymonproxy.c:424:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen(pidfile, "w");
data/xymon-4.3.30/xymonproxy/xymonproxy.c:459:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char runtime_s[30];
data/xymon-4.3.30/xymonproxy/xymonproxy.c:477:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(runtime_s, "%lu days, %02lu:%02lu:%02lu",
data/xymon-4.3.30/xymonproxy/xymonproxy.c:504:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "\nTimeout/failure details\n");
data/xymon-4.3.30/xymonproxy/xymonproxy.c:656:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctmp, cwalk, sizeof(conn_t));
data/xymon-4.3.30/xymonproxy/xymonproxy.c:902:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cwalk->buf, "\n\n");
data/xymon-4.3.30/xymonproxy/xymonproxy.c:1101:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newconn->buf, "combo\n");
data/xymon-4.3.30/build/merge-lines.c:61:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curbckfn = (char *)malloc(strlen(curfn) + 5);
data/xymon-4.3.30/build/merge-lines.c:66:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(alldelims, ";");
data/xymon-4.3.30/build/merge-lines.c:89:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastblankandcomment = (char *)realloc(lastblankandcomment, strlen(lastblankandcomment) + strlen(bol) + 1);
data/xymon-4.3.30/build/merge-lines.c:89:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastblankandcomment = (char *)realloc(lastblankandcomment, strlen(lastblankandcomment) + strlen(bol) + 1);
data/xymon-4.3.30/build/merge-lines.c:108:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tail->extralines[tail->extracount-1] = (char *)malloc(1 + strlen(bol) + strlen(lastblankandcomment));
data/xymon-4.3.30/build/merge-lines.c:108:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tail->extralines[tail->extracount-1] = (char *)malloc(1 + strlen(bol) + strlen(lastblankandcomment));
data/xymon-4.3.30/build/merge-lines.c:159:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
walk->extralines[walk->extracount-1] = (char *)malloc(1 + strlen(bol) + strlen(lastblankandcomment));
data/xymon-4.3.30/build/merge-lines.c:159:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
walk->extralines[walk->extracount-1] = (char *)malloc(1 + strlen(bol) + strlen(lastblankandcomment));
data/xymon-4.3.30/build/merge-lines.c:220:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newval = (char *)malloc(strlen(nwalk->newname) + strlen(oval) + 1);
data/xymon-4.3.30/build/merge-lines.c:220:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newval = (char *)malloc(strlen(nwalk->newname) + strlen(oval) + 1);
data/xymon-4.3.30/build/merge-sects.c:63:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curbckfn = (char *)malloc(strlen(curfn) + 5);
data/xymon-4.3.30/build/merge-sects.c:88:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newent->val = (char *)malloc(strlen(nwalk->newname) + 4);
data/xymon-4.3.30/build/merge-sects.c:108:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newent->val = (char *)realloc(newent->val, strlen(newent->val) + strlen(l) + 1);
data/xymon-4.3.30/build/merge-sects.c:108:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newent->val = (char *)realloc(newent->val, strlen(newent->val) + strlen(l) + 1);
data/xymon-4.3.30/client/clientupdate.c:60:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
versionfn = (char *)malloc(strlen(xgetenv("XYMONHOME")) + strlen(CLIENTVERSIONFILE) + 2);
data/xymon-4.3.30/client/clientupdate.c:60:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
versionfn = (char *)malloc(strlen(xgetenv("XYMONHOME")) + strlen(CLIENTVERSIONFILE) + 2);
data/xymon-4.3.30/client/clientupdate.c:62:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inprogressfn = (char *)malloc(strlen(xgetenv("XYMONHOME")) + strlen(INPROGRESSFILE) + 2);
data/xymon-4.3.30/client/clientupdate.c:62:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inprogressfn = (char *)malloc(strlen(xgetenv("XYMONHOME")) + strlen(INPROGRESSFILE) + 2);
data/xymon-4.3.30/client/clientupdate.c:210:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newverreq = (char *)malloc(100+strlen(newversion));
data/xymon-4.3.30/client/logfetch.c:180:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = (char *)malloc(1024 + strlen(filename));
data/xymon-4.3.30/client/logfetch.c:254:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz += 1023 + strlen(curpostxt);
data/xymon-4.3.30/client/logfetch.c:324:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytesin += strlen(fillpos);
data/xymon-4.3.30/client/logfetch.c:330:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fillpos, curpostxt, strlen(curpostxt)); /* add in the CURRENT + \n */
data/xymon-4.3.30/client/logfetch.c:330:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(fillpos, curpostxt, strlen(curpostxt)); /* add in the CURRENT + \n */
data/xymon-4.3.30/client/logfetch.c:331:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fillpos+strlen(curpostxt), t, strlen(t)); /* add in whatever this line originally was */
data/xymon-4.3.30/client/logfetch.c:331:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(fillpos+strlen(curpostxt), t, strlen(t)); /* add in whatever this line originally was */
data/xymon-4.3.30/client/logfetch.c:331:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(fillpos+strlen(curpostxt), t, strlen(t)); /* add in whatever this line originally was */
data/xymon-4.3.30/client/logfetch.c:332:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(fillpos+strlen(curpostxt)+strlen(t)) = '\0'; /* and terminate it */
data/xymon-4.3.30/client/logfetch.c:332:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(fillpos+strlen(curpostxt)+strlen(t)) = '\0'; /* and terminate it */
data/xymon-4.3.30/client/logfetch.c:434:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fillpos += strlen(fillpos);
data/xymon-4.3.30/client/logfetch.c:461:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = (char *)malloc(1024 + strlen(filename));
data/xymon-4.3.30/client/logfetch.c:479:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
triggerbytes += strlen(triggerptrs[i][0]) - strlen(triggerptrs[i][1]);
data/xymon-4.3.30/client/logfetch.c:479:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
triggerbytes += strlen(triggerptrs[i][0]) - strlen(triggerptrs[i][1]);
data/xymon-4.3.30/client/logfetch.c:480:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
skiptxtbytes += strlen(skiptxt) * 2;
data/xymon-4.3.30/client/logfetch.c:500:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pos, skiptxt, strlen(skiptxt));
data/xymon-4.3.30/client/logfetch.c:500:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(pos, skiptxt, strlen(skiptxt));
data/xymon-4.3.30/client/logfetch.c:501:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(skiptxt);
data/xymon-4.3.30/client/logfetch.c:503:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(triggerptrs[i][0]) - strlen(triggerptrs[i][1]);
data/xymon-4.3.30/client/logfetch.c:503:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(triggerptrs[i][0]) - strlen(triggerptrs[i][1]);
data/xymon-4.3.30/client/logfetch.c:504:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pos, triggerptrs[i][0], size);
data/xymon-4.3.30/client/logfetch.c:537:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pos, skiptxt, strlen(skiptxt));
data/xymon-4.3.30/client/logfetch.c:537:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(pos, skiptxt, strlen(skiptxt));
data/xymon-4.3.30/client/logfetch.c:538:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(skiptxt);
data/xymon-4.3.30/client/logfetch.c:543:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pos, finalstartptr, nontriggerbytes);
data/xymon-4.3.30/client/logfetch.c:548:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*(pos = &replacement[strlen(replacement) - 1]) != '\n') {
data/xymon-4.3.30/client/logfetch.c:556:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytesread = strlen(startpos);
data/xymon-4.3.30/client/logfetch.c:561:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(startpos, skiptxt, strlen(skiptxt));
data/xymon-4.3.30/client/logfetch.c:633:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *)malloc(strlen(s) + strlen(symlink) + 100);
data/xymon-4.3.30/client/logfetch.c:633:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *)malloc(strlen(s) + strlen(symlink) + 100);
data/xymon-4.3.30/client/logfetch.c:782:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = (char *)malloc(strlen(ducmd) + strlen(fn) + 10);
data/xymon-4.3.30/client/logfetch.c:782:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = (char *)malloc(strlen(ducmd) + strlen(fn) + 10);
data/xymon-4.3.30/client/logfetch.c:1402:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((*(argv[i]) == '-') && (strlen(argv[i]) > 1)) {
data/xymon-4.3.30/client/logfetch.c:1419:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!p || (strlen(p) == 0) ) scrollback = DEFAULTSCROLLBACK;
data/xymon-4.3.30/client/msgcache.c:100:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(conn->sockfd, buf, sizeof(buf)-1);
data/xymon-4.3.30/common/xymon.c:84:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((*(argv[argi]) == '-') && (strlen(argv[argi]) > 1)) {
data/xymon-4.3.30/common/xymoncfg.c:58:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!fn || (strlen(fn) == 0)) {
data/xymon-4.3.30/common/xymoncmd.c:60:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evar = (char *)malloc(strlen(buf) + 13);
data/xymon-4.3.30/common/xymoncmd.c:83:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evar = (char *)malloc(strlen(buf) + 14);
data/xymon-4.3.30/common/xymoncmd.c:93:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(homedir) > 4) {
data/xymon-4.3.30/common/xymoncmd.c:94:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = homedir + strlen(homedir) - 4;
data/xymon-4.3.30/common/xymoncmd.c:97:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evar = (char *)malloc(20 + strlen(homedir));
data/xymon-4.3.30/common/xymongrep.c:75:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mark = (char *)malloc(strlen(hostname) + strlen(conncolumn) + 4);
data/xymon-4.3.30/common/xymongrep.c:75:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mark = (char *)malloc(strlen(hostname) + strlen(conncolumn) + 4);
data/xymon-4.3.30/common/xymongrep.c:79:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colorstr += strlen(mark); /* Skip to the color data */
data/xymon-4.3.30/common/xymongrep.c:81:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(connstatus, mark+1, strlen(mark+1)) == 0) {
data/xymon-4.3.30/common/xymongrep.c:82:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colorstr = connstatus + strlen(mark+1); /* First entry we get */
data/xymon-4.3.30/common/xymongrep.c:90:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mark = (char *)malloc(strlen(hostname) + strlen(testcolumn) + 4);
data/xymon-4.3.30/common/xymongrep.c:90:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mark = (char *)malloc(strlen(hostname) + strlen(testcolumn) + 4);
data/xymon-4.3.30/common/xymongrep.c:94:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colorstr += strlen(mark); /* Skip to the color data */
data/xymon-4.3.30/common/xymongrep.c:96:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(teststatus, mark+1, strlen(mark+1)) == 0) {
data/xymon-4.3.30/common/xymongrep.c:97:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colorstr = teststatus + strlen(mark+1); /* First entry we get */
data/xymon-4.3.30/common/xymongrep.c:167:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((*(argv[argi]) == '-') && (strlen(argv[argi]) > 1)) {
data/xymon-4.3.30/common/xymongrep.c:177:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((hostsfn == NULL) || (strlen(hostsfn) == 0)) {
data/xymon-4.3.30/common/xymongrep.c:183:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostsfn = (char *)realloc(hostsfn, strlen(hostsfn) + 2);
data/xymon-4.3.30/common/xymongrep.c:184:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(hostsfn+1, hostsfn, strlen(hostsfn)+1);
data/xymon-4.3.30/common/xymongrep.c:201:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((p == NULL) || (strlen(p) == 0)) p = xgetenv("BBLOCATION");
data/xymon-4.3.30/common/xymongrep.c:202:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p && strlen(p)) netstring = strdup(p);
data/xymon-4.3.30/common/xymongrep.c:227:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lookv[i][strlen(lookv[i])-1] == '*') {
data/xymon-4.3.30/common/xymongrep.c:228:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(realitem, lookv[i], strlen(lookv[i])-1) == 0) {
data/xymon-4.3.30/common/xymonlaunch.c:185:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l1 = strlen(curtask->cmd);
data/xymon-4.3.30/common/xymonlaunch.c:186:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l2 = strlen(p);
data/xymon-4.3.30/common/xymonlaunch.c:189:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newcmd,curtask->cmd,l1);
data/xymon-4.3.30/common/xymonlaunch.c:190:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newcmd+l1,p,l2);
data/xymon-4.3.30/common/xymonlaunch.c:200:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(p)-1;
data/xymon-4.3.30/common/xymonlaunch.c:547:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config = (char *)malloc(strlen(xgetenv("XYMONHOME")) + strlen("/etc/tasks.cfg") + 1);
data/xymon-4.3.30/common/xymonlaunch.c:547:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config = (char *)malloc(strlen(xgetenv("XYMONHOME")) + strlen("/etc/tasks.cfg") + 1);
data/xymon-4.3.30/demotool/demotool.c:141:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*bufsz = strlen(newtext) + 4096;
data/xymon-4.3.30/demotool/demotool.c:145:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen(*buf) + strlen(newtext) + 1) > *bufsz) {
data/xymon-4.3.30/demotool/demotool.c:145:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen(*buf) + strlen(newtext) + 1) > *bufsz) {
data/xymon-4.3.30/demotool/demotool.c:146:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*bufsz += strlen(newtext) + 4096;
data/xymon-4.3.30/demotool/demotool.c:240:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newitem->respsize = (newitem->response ? strlen(newitem->response) : 0);
data/xymon-4.3.30/demotool/demotool.c:352:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(awalk->fd, rbuf, sizeof(rbuf));
data/xymon-4.3.30/demotool/demotool.c:448:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conn->respbuf = (char *)malloc(strlen(cwalk->msg) + 4096);
data/xymon-4.3.30/demotool/demotool.c:456:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conn->bytesleft = strlen(conn->respbuf);
data/xymon-4.3.30/lib/acklog.c:101:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*p == '%') && (strlen(p) >= 3) && isxdigit((int)*(p+1)) && isxdigit((int)*(p+2))) {
data/xymon-4.3.30/lib/acklog.c:127:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ackmsg) > 30) ackmsg[30] = '\0';
data/xymon-4.3.30/lib/acklog.c:178:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(color, " ", (sizeof(color) - strlen(color))); acks[num].color = parse_color(color);
data/xymon-4.3.30/lib/acklog.c:178:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(color, " ", (sizeof(color) - strlen(color))); acks[num].color = parse_color(color);
data/xymon-4.3.30/lib/acknowledgementslog.c:225:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(svc,p+1, sizeof(svc));
data/xymon-4.3.30/lib/acknowledgementslog.c:230:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(recipient,p+12, sizeof(recipient));
data/xymon-4.3.30/lib/acknowledgementslog.c:234:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(recipient,"UnknownUser", sizeof(recipient));
data/xymon-4.3.30/lib/acknowledgementslog.c:257:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pagematch = (pcre_exec(pageregexp, NULL, pagename, strlen(pagename), 0, 0,
data/xymon-4.3.30/lib/acknowledgementslog.c:272:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pagematch = (pcre_exec(expageregexp, NULL, pagename, strlen(pagename), 0, 0,
data/xymon-4.3.30/lib/acknowledgementslog.c:282:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostmatch = (pcre_exec(hostregexp, NULL, hostname, strlen(hostname), 0, 0,
data/xymon-4.3.30/lib/acknowledgementslog.c:289:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostmatch = (pcre_exec(exhostregexp, NULL, hostname, strlen(hostname), 0, 0,
data/xymon-4.3.30/lib/acknowledgementslog.c:296:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testmatch = (pcre_exec(testregexp, NULL, svcname, strlen(svcname), 0, 0,
data/xymon-4.3.30/lib/acknowledgementslog.c:303:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testmatch = (pcre_exec(extestregexp, NULL, svcname, strlen(svcname), 0, 0,
data/xymon-4.3.30/lib/acknowledgementslog.c:310:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcptmatch = (pcre_exec(rcptregexp, NULL, recipient, strlen(recipient), 0, 0,
data/xymon-4.3.30/lib/acknowledgementslog.c:317:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcptmatch = (pcre_exec(exrcptregexp, NULL, recipient, strlen(recipient), 0, 0,
data/xymon-4.3.30/lib/acknowledgementslog.c:395:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(title, "No acknowledgements logged", sizeof(title));
data/xymon-4.3.30/lib/availability.c:41:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(dur, "none", sizeof(dur));
data/xymon-4.3.30/lib/availability.c:48:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dur, dhelp, 100);
data/xymon-4.3.30/lib/availability.c:52:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dur, dhelp, (100 - strlen(dur)));
data/xymon-4.3.30/lib/availability.c:52:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(dur, dhelp, (100 - strlen(dur)));
data/xymon-4.3.30/lib/availability.c:178:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(cause) + strlen(p) + strlen("<BR>\n") + 1) < MAX_LINE_LEN) {
data/xymon-4.3.30/lib/availability.c:178:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(cause) + strlen(p) + strlen("<BR>\n") + 1) < MAX_LINE_LEN) {
data/xymon-4.3.30/lib/availability.c:178:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(cause) + strlen(p) + strlen("<BR>\n") + 1) < MAX_LINE_LEN) {
data/xymon-4.3.30/lib/availability.c:179:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cause, p, (MAX_LINE_LEN - strlen(cause)));
data/xymon-4.3.30/lib/availability.c:179:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(cause, p, (MAX_LINE_LEN - strlen(cause)));
data/xymon-4.3.30/lib/availability.c:180:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cause, "<BR>\n", (MAX_LINE_LEN - strlen(cause)));
data/xymon-4.3.30/lib/availability.c:180:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(cause, "<BR>\n", (MAX_LINE_LEN - strlen(cause)));
data/xymon-4.3.30/lib/availability.c:187:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cause) == 0) {
data/xymon-4.3.30/lib/availability.c:188:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cause, "See detailed log", MAX_LINE_LEN);
data/xymon-4.3.30/lib/availability.c:193:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cause) == 0) {
data/xymon-4.3.30/lib/availability.c:199:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cause, l+offset, MAX_LINE_LEN);
data/xymon-4.3.30/lib/availability.c:210:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cause[MAX_LINE_LEN - strlen(" [Truncated]") - 1] = '\0';
data/xymon-4.3.30/lib/availability.c:211:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(cause, " [Truncated]", (MAX_LINE_LEN - strlen(cause)));
data/xymon-4.3.30/lib/availability.c:211:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(cause, " [Truncated]", (MAX_LINE_LEN - strlen(cause)));
data/xymon-4.3.30/lib/availability.c:217:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cause, "No historical status available", MAX_LINE_LEN);
data/xymon-4.3.30/lib/availability.c:235:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) < 25) {
data/xymon-4.3.30/lib/availability.c:280:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(colstr, "clear", colstr_buflen);
data/xymon-4.3.30/lib/availability.c:290:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(colstr, "clear", colstr_buflen);
data/xymon-4.3.30/lib/availability.c:418:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(colstr, "clear", MAX_LINE_LEN);
data/xymon-4.3.30/lib/availability.c:441:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(colstr, " ", (MAX_LINE_LEN - strlen(colstr))); color = parse_color(colstr);
data/xymon-4.3.30/lib/availability.c:441:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(colstr, " ", (MAX_LINE_LEN - strlen(colstr))); color = parse_color(colstr);
data/xymon-4.3.30/lib/availability.c:566:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(colstr, " ", (MAX_LINE_LEN - strlen(colstr)));
data/xymon-4.3.30/lib/availability.c:566:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(colstr, " ", (MAX_LINE_LEN - strlen(colstr)));
data/xymon-4.3.30/lib/availability.c:640:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dur, dhelp, MAXDURSIZE);
data/xymon-4.3.30/lib/availability.c:643:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dur, dhelp, (MAXDURSIZE - strlen(dur)));
data/xymon-4.3.30/lib/availability.c:643:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(dur, dhelp, (MAXDURSIZE - strlen(dur)));
data/xymon-4.3.30/lib/calc.c:40:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exp = (char *) malloc(strlen(expression)+1);
data/xymon-4.3.30/lib/cgi.c:109:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(q) < MAX_REQ_SIZE) {
data/xymon-4.3.30/lib/cgi.c:161:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*(delim + strlen(delim) - 1) == '\r') {
data/xymon-4.3.30/lib/cgi.c:163:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(delim + strlen(delim) - 1) = '\0';
data/xymon-4.3.30/lib/cgi.c:169:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(bol, delim, strlen(delim)) == 0) {
data/xymon-4.3.30/lib/cgi.c:181:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(bol+strlen(delim), "--") != 0) {
data/xymon-4.3.30/lib/cgi.c:206:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(name + strlen(name) - 1) = '\0';
data/xymon-4.3.30/lib/cgi.c:216:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(filename + strlen(filename) - 1) = '\0';
data/xymon-4.3.30/lib/cgi.c:236:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
currelemend = (eoln ? eoln+1 : bol + strlen(bol));
data/xymon-4.3.30/lib/cgi.c:286:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
returnstr = (char *)malloc(3 * strlen(csppol) + 512);
data/xymon-4.3.30/lib/cgi.c:287:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(returnstr, (3 * strlen(csppol) + 512), "Content-Security-Policy: %s\nX-Content-Security-Policy: %s\nX-Webkit-CSP: %s\n", csppol, csppol, csppol);
data/xymon-4.3.30/lib/cgi.c:310:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(p, cgi_checkstr, strlen(cgi_checkstr)) == 0) isok = 1;
data/xymon-4.3.30/lib/cgi.c:324:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(p, cgi_checkstr, strlen(cgi_checkstr)) == 0) isok = 1;
data/xymon-4.3.30/lib/cgi.c:343:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cookiename);
data/xymon-4.3.30/lib/cgiurls.c:36:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:36:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:36:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:55:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + (section ? strlen(section) : 0);
data/xymon-4.3.30/lib/cgiurls.c:55:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + (section ? strlen(section) : 0);
data/xymon-4.3.30/lib/cgiurls.c:55:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + (section ? strlen(section) : 0);
data/xymon-4.3.30/lib/cgiurls.c:72:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:72:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:72:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:88:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:88:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:88:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 1024 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:113:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 4096 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:113:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 4096 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/cgiurls.c:113:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url_buflen = 4096 + strlen(cgibinurl) + strlen(hostname) + strlen(service);
data/xymon-4.3.30/lib/clientlocal.c:48:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int configfn_buflen = strlen(xgetenv("XYMONHOME"))+ strlen("/etc/client-local.cfg") + 1;
data/xymon-4.3.30/lib/clientlocal.c:48:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int configfn_buflen = strlen(xgetenv("XYMONHOME"))+ strlen("/etc/client-local.cfg") + 1;
data/xymon-4.3.30/lib/clientlocal.c:143:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (*(ptn + strlen(ptn) - 1) == '*') {
data/xymon-4.3.30/lib/color.c:51:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inpcolor, colortext, 7);
data/xymon-4.3.30/lib/color.c:55:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(inpcolor, " ", sizeof(inpcolor)-strlen(inpcolor));
data/xymon-4.3.30/lib/color.c:55:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(inpcolor, " ", sizeof(inpcolor)-strlen(inpcolor));
data/xymon-4.3.30/lib/color.c:111:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, colorname(color), bytesleft); bytesleft -= strlen(filename);
data/xymon-4.3.30/lib/color.c:111:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(filename, colorname(color), bytesleft); bytesleft -= strlen(filename);
data/xymon-4.3.30/lib/color.c:113:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(filename, "-ack", bytesleft); bytesleft -= 4;
data/xymon-4.3.30/lib/color.c:116:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(filename, (oldage ? "" : "-recent"), bytesleft); bytesleft -= 7;
data/xymon-4.3.30/lib/color.c:118:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(filename+strlen(filename), bytesleft, ".%s", xgetenv("IMAGEFILETYPE"));
data/xymon-4.3.30/lib/digest.c:40:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
myMD5_Update(ctx->mdctx, input, strlen(input));
data/xymon-4.3.30/lib/digest.c:163:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(md_string, (2*md_len + strlen(ctx->digestname) + 2)*sizeof(char));
data/xymon-4.3.30/lib/digest.c:170:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(md_string, (2*md_len + strlen(ctx->digestname) + 2)*sizeof(char));
data/xymon-4.3.30/lib/digest.c:177:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(md_string, (2*md_len + strlen(ctx->digestname) + 2)*sizeof(char));
data/xymon-4.3.30/lib/digest.c:184:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(md_string, (2*md_len + strlen(ctx->digestname) + 2)*sizeof(char));
data/xymon-4.3.30/lib/digest.c:191:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(md_string, (2*md_len + strlen(ctx->digestname) + 2)*sizeof(char));
data/xymon-4.3.30/lib/digest.c:198:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(md_string, (2*md_len + strlen(ctx->digestname) + 2)*sizeof(char));
data/xymon-4.3.30/lib/digest.c:205:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(md_string, (2*md_len + strlen(ctx->digestname) + 2)*sizeof(char));
data/xymon-4.3.30/lib/digest.c:211:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0, p = md_string + strlen(md_string); (i < md_len); i++) p += snprintf(p, (md_string_buflen - (p - md_string)), "%02x", md_value[i]);
data/xymon-4.3.30/lib/encoding.c:31:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = malloc(4*(strlen(buf)/3 + 1) + 1);
data/xymon-4.3.30/lib/encoding.c:34:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(inp) >= 3) {
data/xymon-4.3.30/lib/encoding.c:50:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inp) == 1) {
data/xymon-4.3.30/lib/encoding.c:60:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(inp) == 2) {
data/xymon-4.3.30/lib/encoding.c:86:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bytesleft = strlen(buf);
data/xymon-4.3.30/lib/encoding.c:92:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; (i < strlen(b64chars)); i++) bval[(int)b64chars[i]] = i;
data/xymon-4.3.30/lib/encoding.c:125:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp = *buf = malloc(strlen(msg)+1);
data/xymon-4.3.30/lib/encoding.c:183:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxneeded = 2*strlen(msg)+1;
data/xymon-4.3.30/lib/environ.c:185:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(10 + strlen(xgetenv("MACHINEDOTS")));
data/xymon-4.3.30/lib/environ.c:208:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(newstr, strlen(name) + strlen(result) + 2);
data/xymon-4.3.30/lib/environ.c:208:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(newstr, strlen(name) + strlen(result) + 2);
data/xymon-4.3.30/lib/environ.c:279:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oneenv_buflen = strlen(oneenv)+1;
data/xymon-4.3.30/lib/environ.c:285:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oneenv_buflen = strlen(oneenv)+1;
data/xymon-4.3.30/lib/environ.c:292:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p+1, p+2, strlen(p+2)+1);
data/xymon-4.3.30/lib/environ.c:294:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*(oneenv + strlen(oneenv) - 1) == '"') *(oneenv + strlen(oneenv) - 1) = '\0';
data/xymon-4.3.30/lib/environ.c:294:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*(oneenv + strlen(oneenv) - 1) == '"') *(oneenv + strlen(oneenv) - 1) = '\0';
data/xymon-4.3.30/lib/environ.c:307:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(combinedenv, strlen(oneenv) + strlen(oldval) + strlen(addstring) + 2);
data/xymon-4.3.30/lib/environ.c:307:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(combinedenv, strlen(oneenv) + strlen(oldval) + strlen(addstring) + 2);
data/xymon-4.3.30/lib/environ.c:307:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(combinedenv, strlen(oneenv) + strlen(oldval) + strlen(addstring) + 2);
data/xymon-4.3.30/lib/environ.c:314:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(oneenv, "=", oneenv_buflen-strlen(oneenv));
data/xymon-4.3.30/lib/environ.c:314:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(oneenv, "=", oneenv_buflen-strlen(oneenv));
data/xymon-4.3.30/lib/environ.c:315:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(oneenv+strlen(oneenv), addstring, strlen(addstring) + 1);
data/xymon-4.3.30/lib/environ.c:315:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(oneenv+strlen(oneenv), addstring, strlen(addstring) + 1);
data/xymon-4.3.30/lib/environ.c:338:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int val_buflen = strlen(envname) + strlen(envdefault) + 2;
data/xymon-4.3.30/lib/environ.c:338:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int val_buflen = strlen(envname) + strlen(envdefault) + 2;
data/xymon-4.3.30/lib/environ.c:383:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(myxp->result) + strlen(bot) + 1) > myxp->resultlen) {
data/xymon-4.3.30/lib/environ.c:383:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(myxp->result) + strlen(bot) + 1) > myxp->resultlen) {
data/xymon-4.3.30/lib/environ.c:384:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
myxp->resultlen += strlen(bot) + 4096;
data/xymon-4.3.30/lib/environ.c:387:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(myxp->result, bot, (myxp->resultlen - strlen(myxp->result)));
data/xymon-4.3.30/lib/environ.c:387:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(myxp->result, bot, (myxp->resultlen - strlen(myxp->result)));
data/xymon-4.3.30/lib/environ.c:416:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(myxp->result) + strlen(envval) + 1) > myxp->resultlen) {
data/xymon-4.3.30/lib/environ.c:416:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(myxp->result) + strlen(envval) + 1) > myxp->resultlen) {
data/xymon-4.3.30/lib/environ.c:417:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
myxp->resultlen += strlen(envval) + 4096;
data/xymon-4.3.30/lib/environ.c:420:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(myxp->result, envval, (myxp->resultlen - strlen(myxp->result)));
data/xymon-4.3.30/lib/environ.c:420:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(myxp->result, envval, (myxp->resultlen - strlen(myxp->result)));
data/xymon-4.3.30/lib/errormsg.c:66:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen(errbuf) + strlen(msg)) > errbuf_buflen) {
data/xymon-4.3.30/lib/errormsg.c:66:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen(errbuf) + strlen(msg)) > errbuf_buflen) {
data/xymon-4.3.30/lib/errormsg.c:70:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errbuf, msg, (errbuf_buflen - strlen(errbuf)));
data/xymon-4.3.30/lib/errormsg.c:70:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(errbuf, msg, (errbuf_buflen - strlen(errbuf)));
data/xymon-4.3.30/lib/eventlog.c:43:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!eventignorecolumns || (strlen(service) > (sizeof(svc)-3))) return 1;
data/xymon-4.3.30/lib/eventlog.c:197:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pagematch = (pcre_exec(pageregexp, NULL, pagename, strlen(pagename), 0, 0,
data/xymon-4.3.30/lib/eventlog.c:212:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pagematch = (pcre_exec(expageregexp, NULL, pagename, strlen(pagename), 0, 0,
data/xymon-4.3.30/lib/eventlog.c:222:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostmatch = (pcre_exec(hostregexp, NULL, hostname, strlen(hostname), 0, 0,
data/xymon-4.3.30/lib/eventlog.c:229:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostmatch = (pcre_exec(exhostregexp, NULL, hostname, strlen(hostname), 0, 0,
data/xymon-4.3.30/lib/eventlog.c:236:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testmatch = (pcre_exec(testregexp, NULL, testname, strlen(testname), 0, 0,
data/xymon-4.3.30/lib/eventlog.c:243:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testmatch = (pcre_exec(extestregexp, NULL, testname, strlen(testname), 0, 0,
data/xymon-4.3.30/lib/eventlog.c:660:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colrmatch = ( (pcre_exec(colrregexp, NULL, newcolname, strlen(newcolname), 0, 0,
data/xymon-4.3.30/lib/eventlog.c:662:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(pcre_exec(colrregexp, NULL, oldcolname, strlen(oldcolname), 0, 0,
data/xymon-4.3.30/lib/eventlog.c:774:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(title, "Events in summary", sizeof(title));
data/xymon-4.3.30/lib/eventlog.c:832:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(title, "No events logged", sizeof(title));
data/xymon-4.3.30/lib/headfoot.c:331:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += (strlen(p) - 1);
data/xymon-4.3.30/lib/headfoot.c:379:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(hostpattern, NULL, hostname, strlen(hostname), 0, 0,
data/xymon-4.3.30/lib/headfoot.c:386:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(pagepattern, NULL, pname, strlen(pname), 0, 0,
data/xymon-4.3.30/lib/headfoot.c:393:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(ippattern, NULL, hostip, strlen(hostip), 0, 0,
data/xymon-4.3.30/lib/headfoot.c:402:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(classpattern, NULL, hostclass, strlen(hostclass), 0, 0,
data/xymon-4.3.30/lib/headfoot.c:435:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(walk) && (strncmp(walk, "summary|", 8) != 0)) {
data/xymon-4.3.30/lib/headfoot.c:532:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(idtag, id, idtaglen);
data/xymon-4.3.30/lib/headfoot.c:592:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outpos += strlen(outpos);
data/xymon-4.3.30/lib/headfoot.c:900:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hrec->name) + 3);
data/xymon-4.3.30/lib/headfoot.c:904:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(statusboard, (key+1), strlen(key+1)) == 0)
data/xymon-4.3.30/lib/headfoot.c:912:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tname = bwalk + strlen(key+1);
data/xymon-4.3.30/lib/headfoot.c:1171:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(t_start, "GENERICLIST", strlen("GENERICLIST")) == 0) {
data/xymon-4.3.30/lib/headfoot.c:1172:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
listpool_t *pool = find_listpool(t_start + strlen("GENERICLIST"));
data/xymon-4.3.30/lib/headfoot.c:1485:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(t_start) && xgetenv(t_start)) {
data/xymon-4.3.30/lib/headfoot.c:1513:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondrel, 12+strlen(VERSION));
data/xymon-4.3.30/lib/headfoot.c:1532:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*(hfpath + strlen(hfpath) - 1) == '/') *(hfpath + strlen(hfpath) - 1) = '\0';
data/xymon-4.3.30/lib/headfoot.c:1532:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*(hfpath + strlen(hfpath) - 1) == '/') *(hfpath + strlen(hfpath) - 1) = '\0';
data/xymon-4.3.30/lib/headfoot.c:1538:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((fd == -1) && strlen(hfpath)) {
data/xymon-4.3.30/lib/headfoot.c:1552:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(filename, elemstart, (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/headfoot.c:1552:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(filename, elemstart, (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/headfoot.c:1553:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(filename, "_", (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/headfoot.c:1553:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(filename, "_", (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/headfoot.c:1558:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(filename, elemstart, (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/headfoot.c:1558:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(filename, elemstart, (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/headfoot.c:1559:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(filename, "_", (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/headfoot.c:1559:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(filename, "_", (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/headfoot.c:1560:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(filename, head_or_foot, (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/headfoot.c:1560:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(filename, head_or_foot, (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/headfoot.c:1591:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, templatedata, st.st_size);
data/xymon-4.3.30/lib/headfoot.c:1604:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(bulletinfile, strlen(xgetenv("XYMONHOME")) + strlen("/web/bulletin_") + strlen(head_or_foot)+1);
data/xymon-4.3.30/lib/headfoot.c:1604:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(bulletinfile, strlen(xgetenv("XYMONHOME")) + strlen("/web/bulletin_") + strlen(head_or_foot)+1);
data/xymon-4.3.30/lib/headfoot.c:1604:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(bulletinfile, strlen(xgetenv("XYMONHOME")) + strlen("/web/bulletin_") + strlen(head_or_foot)+1);
data/xymon-4.3.30/lib/headfoot.c:1612:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, templatedata, st.st_size);
data/xymon-4.3.30/lib/headfoot.c:1645:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(formfile, inbuf, st.st_size);
data/xymon-4.3.30/lib/htmllog.c:86:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(dbuf, strlen(xgetenv("XYMONWEB")) + 6);
data/xymon-4.3.30/lib/htmllog.c:101:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(tmp2, strlen(service)+3);
data/xymon-4.3.30/lib/htmllog.c:104:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(tmp1, strlen(xgetenv("NONHISTS"))+3);
data/xymon-4.3.30/lib/htmllog.c:150:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
acked = (strncmp(p + 1 + strlen(colorname(color)), "-acked", 6) == 0);
data/xymon-4.3.30/lib/htmllog.c:151:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
recent = (strncmp(p + 1 + strlen(colorname(color)), "-recent", 7) == 0);
data/xymon-4.3.30/lib/htmllog.c:158:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
restofmsg = p+1+strlen(colorname(color));
data/xymon-4.3.30/lib/htmllog.c:223:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(formfile, inbuf, st.st_size);
data/xymon-4.3.30/lib/htmllog.c:247:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(formfile, inbuf, st.st_size);
data/xymon-4.3.30/lib/htmllog.c:334:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(firstline)) {
data/xymon-4.3.30/lib/htmllog.c:367:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(txt)) {
data/xymon-4.3.30/lib/htmllog.c:384:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(timesincechange)) fprintf(output, "Status unchanged in %s<br>\n", timesincechange);
data/xymon-4.3.30/lib/htmllog.c:455:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(multikey, strlen(service) + 3);
data/xymon-4.3.30/lib/htmllog.c:482:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) > 10 && *p == '<' ) {
data/xymon-4.3.30/lib/htmllog.c:508:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(graphs, 7 + strlen(service) + 1);
data/xymon-4.3.30/lib/htmllog.c:548:16: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (acked) { strncat(tag, "acked:", remain); remain -= 6; }
data/xymon-4.3.30/lib/htmllog.c:549:21: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (!propagate) { strncat(tag, "nopropagate:", remain); remain -= 12; }
data/xymon-4.3.30/lib/htmllog.c:550:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tag, age, remain);
data/xymon-4.3.30/lib/htmllog.c:583:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(result, strlen(disp) + strlen(cmt) + 30);
data/xymon-4.3.30/lib/htmllog.c:583:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(result, strlen(disp) + strlen(cmt) + 30);
data/xymon-4.3.30/lib/htmllog.c:587:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(result, strlen(disp) + strlen(cmt) + 4);
data/xymon-4.3.30/lib/htmllog.c:587:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(result, strlen(disp) + strlen(cmt) + 4);
data/xymon-4.3.30/lib/links.c:102:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fn, d->d_name, sizeof(fn));
data/xymon-4.3.30/lib/links.c:129:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(notesskin, strlen(xgetenv("XYMONWEB")) + strlen("/notes") + 1);
data/xymon-4.3.30/lib/links.c:129:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(notesskin, strlen(xgetenv("XYMONWEB")) + strlen("/notes") + 1);
data/xymon-4.3.30/lib/links.c:135:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(helpskin, strlen(xgetenv("XYMONWEB")) + strlen("/help") + 1);
data/xymon-4.3.30/lib/links.c:135:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(helpskin, strlen(xgetenv("XYMONWEB")) + strlen("/help") + 1);
data/xymon-4.3.30/lib/links.c:142:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!hostdocurl || (strlen(hostdocurl) == 0)) {
data/xymon-4.3.30/lib/links.c:143:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dirname, xgetenv("XYMONNOTESDIR"), sizeof(dirname));
data/xymon-4.3.30/lib/links.c:148:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dirname, xgetenv("XYMONNOTESDIR"), sizeof(dirname));
data/xymon-4.3.30/lib/links.c:149:40: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
p = strrchr(dirname, '/'); *p = '\0'; strncat(dirname, "/help", (sizeof(dirname) - strlen(dirname)));
data/xymon-4.3.30/lib/links.c:149:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strrchr(dirname, '/'); *p = '\0'; strncat(dirname, "/help", (sizeof(dirname) - strlen(dirname)));
data/xymon-4.3.30/lib/loadalerts.c:207:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (configfn) strncpy(fn, configfn, sizeof(fn)); else snprintf(fn, sizeof(fn), "%s/etc/alerts.cfg", xgetenv("XYMONHOME"));
data/xymon-4.3.30/lib/loadalerts.c:304:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cfline, STRBUF(inbuf), (sizeof(cfline)-1));
data/xymon-4.3.30/lib/loadalerts.c:867:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(grouplist, strlen(alert->groups));
data/xymon-4.3.30/lib/loadalerts.c:868:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(grouplist, alert->groups, grouplist_buflen);
data/xymon-4.3.30/lib/loadalerts.c:901:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(grouplist, alert->groups, grouplist_buflen); /* Might have been used in the include list */
data/xymon-4.3.30/lib/loadalerts.c:1220:38: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (recip->noalerts) { if (*codes) strncat(codes, ",A", codes_bytesleft); else strncat(codes, "-A", codes_bytesleft); codes_bytesleft -= 2; }
data/xymon-4.3.30/lib/loadalerts.c:1220:82: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (recip->noalerts) { if (*codes) strncat(codes, ",A", codes_bytesleft); else strncat(codes, "-A", codes_bytesleft); codes_bytesleft -= 2; }
data/xymon-4.3.30/lib/loadalerts.c:1221:52: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (recovered && !recip->noalerts) { if (*codes) strncat(codes, ",R", codes_bytesleft); else strncat(codes, "R", codes_bytesleft); codes_bytesleft -= 2; }
data/xymon-4.3.30/lib/loadalerts.c:1221:96: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
if (recovered && !recip->noalerts) { if (*codes) strncat(codes, ",R", codes_bytesleft); else strncat(codes, "R", codes_bytesleft); codes_bytesleft -= 2; }
data/xymon-4.3.30/lib/loadalerts.c:1222:29: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (notice) { if (*codes) strncat(codes, ",N", codes_bytesleft); else strncat(codes, "N", codes_bytesleft); codes_bytesleft -= 2; }
data/xymon-4.3.30/lib/loadalerts.c:1222:73: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
if (notice) { if (*codes) strncat(codes, ",N", codes_bytesleft); else strncat(codes, "N", codes_bytesleft); codes_bytesleft -= 2; }
data/xymon-4.3.30/lib/loadalerts.c:1223:38: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (recip->stoprule) { if (*codes) strncat(codes, ",S", codes_bytesleft); else strncat(codes, "S", codes_bytesleft); codes_bytesleft -= 2; }
data/xymon-4.3.30/lib/loadalerts.c:1223:82: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
if (recip->stoprule) { if (*codes) strncat(codes, ",S", codes_bytesleft); else strncat(codes, "S", codes_bytesleft); codes_bytesleft -= 2; }
data/xymon-4.3.30/lib/loadalerts.c:1224:43: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (recip->unmatchedonly) { if (*codes) strncat(codes, ",U", codes_bytesleft); else strncat(codes, "U", codes_bytesleft); codes_bytesleft -= 2; }
data/xymon-4.3.30/lib/loadalerts.c:1224:87: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
if (recip->unmatchedonly) { if (*codes) strncat(codes, ",U", codes_bytesleft); else strncat(codes, "U", codes_bytesleft); codes_bytesleft -= 2; }
data/xymon-4.3.30/lib/loadalerts.c:1226:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(codes) == 0)
data/xymon-4.3.30/lib/loadalerts.c:1246:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
else strncpy(l, "<td align=center>-</td>", sizeof(l));
data/xymon-4.3.30/lib/loadalerts.c:1267:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p) { p += strlen("rowspan="); memcpy(p, l, 3); }
data/xymon-4.3.30/lib/loadcriticalconf.c:38:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*(key + strlen(key) - 1) == '=') {
data/xymon-4.3.30/lib/loadcriticalconf.c:64:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(defaultfn, strlen(xymonhome) + strlen(DEFAULT_CRITCONFIGFN) + 2);
data/xymon-4.3.30/lib/loadcriticalconf.c:64:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(defaultfn, strlen(xymonhome) + strlen(DEFAULT_CRITCONFIGFN) + 2);
data/xymon-4.3.30/lib/loadcriticalconf.c:127:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(ehost) + 2);
data/xymon-4.3.30/lib/loadcriticalconf.c:144:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_buflen = strlen(ehost) + strlen(eservice) + 15;
data/xymon-4.3.30/lib/loadcriticalconf.c:144:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_buflen = strlen(ehost) + strlen(eservice) + 15;
data/xymon-4.3.30/lib/loadcriticalconf.c:205:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(clonekey, strlen(pointsto) + strlen(service) + 2);
data/xymon-4.3.30/lib/loadcriticalconf.c:205:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(clonekey, strlen(pointsto) + strlen(service) + 2);
data/xymon-4.3.30/lib/loadcriticalconf.c:255:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(realkey, rec->key, strlen(realkey)) != 0) handle=xtreeEnd(rbconf);
data/xymon-4.3.30/lib/loadcriticalconf.c:275:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
isclone = (*(realkey + strlen(realkey) - 1) == '=');
data/xymon-4.3.30/lib/loadcriticalconf.c:288:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
isclone = (*(realkey + strlen(realkey) - 1) == '=');
data/xymon-4.3.30/lib/loadcriticalconf.c:312:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delim = realkey + strlen(key); /* OK even if past end of realkey */
data/xymon-4.3.30/lib/loadcriticalconf.c:313:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
found = ((strncmp(realkey, key, strlen(key)) == 0) &&
data/xymon-4.3.30/lib/loadcriticalconf.c:318:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((handle != xtreeEnd(rbconf)) && (*(realkey + strlen(realkey) - 1) == '=')) {
data/xymon-4.3.30/lib/loadcriticalconf.c:350:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(bakfn, strlen(configfn) + 5);
data/xymon-4.3.30/lib/loadcriticalconf.c:386:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*(onekey + strlen(onekey) - 1) == '=') {
data/xymon-4.3.30/lib/loadcriticalconf.c:391:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(hostname + strlen(hostname) - 1) = '\0';
data/xymon-4.3.30/lib/loadcriticalconf.c:425:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(newkey, strlen(newclone) + 2);
data/xymon-4.3.30/lib/loadcriticalconf.c:438:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(drop) + 2);
data/xymon-4.3.30/lib/loadcriticalconf.c:471:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*(key + strlen(key) - 1) == '=') && (strcmp(hostname, ptr) == 0)) {
data/xymon-4.3.30/lib/loadhosts.c:235:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (host->elems[i] && strncasecmp(host->elems[i], xmh_item_key[item], strlen(xmh_item_key[item]))) i++;
data/xymon-4.3.30/lib/loadhosts.c:236:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (host->elems[i] ? (host->elems[i] + strlen(xmh_item_key[item])) : NULL);
data/xymon-4.3.30/lib/loadhosts.c:476:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(result->ip, "127.0.0.1", sizeof(result->ip));
data/xymon-4.3.30/lib/loadhosts.c:549:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(host->page->pagetitle)) return host->page->pagetitle;
data/xymon-4.3.30/lib/loadhosts.c:576:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(result, strlen(p) + strlen(host->hostname) + 1);
data/xymon-4.3.30/lib/loadhosts.c:576:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(result, strlen(p) + strlen(host->hostname) + 1);
data/xymon-4.3.30/lib/loadhosts.c:640:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (host->elems[i] && strncmp(host->elems[i], key, strlen(key))) i++;
data/xymon-4.3.30/lib/loadhosts.c:686:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (xmh_item_key[i] && strncmp(xmh_item_key[i], value, strlen(xmh_item_key[i]))) i++;
data/xymon-4.3.30/lib/loadhosts_file.c:21:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*name = buf + strlen(key); *name += strspn(*name, " \t\r\n");
data/xymon-4.3.30/lib/loadhosts_file.c:22:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*name) > 0) {
data/xymon-4.3.30/lib/loadhosts_file.c:113:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(contentmd5, fhash, sizeof(contentmd5));
data/xymon-4.3.30/lib/loadhosts_file.c:216:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(curtoppage->pagepath) + strlen(name) + 2;
data/xymon-4.3.30/lib/loadhosts_file.c:216:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(curtoppage->pagepath) + strlen(name) + 2;
data/xymon-4.3.30/lib/loadhosts_file.c:219:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(curtoppage->pagetitle) + strlen(title) + 2;
data/xymon-4.3.30/lib/loadhosts_file.c:219:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(curtoppage->pagetitle) + strlen(title) + 2;
data/xymon-4.3.30/lib/loadhosts_file.c:245:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(parent->pagepath) + strlen(name) + 2;
data/xymon-4.3.30/lib/loadhosts_file.c:245:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(parent->pagepath) + strlen(name) + 2;
data/xymon-4.3.30/lib/loadhosts_file.c:248:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(parent->pagetitle) + strlen(title) + 2;
data/xymon-4.3.30/lib/loadhosts_file.c:248:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(parent->pagetitle) + strlen(title) + 2;
data/xymon-4.3.30/lib/loadhosts_file.c:275:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(dgname, strlen(tok) + 1);
data/xymon-4.3.30/lib/loadhosts_file.c:287:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
if (*inp) strncat(dgname, inp, (dgname_buflen - strlen(dgname)));
data/xymon-4.3.30/lib/loadhosts_file.c:287:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*inp) strncat(dgname, inp, (dgname_buflen - strlen(dgname)));
data/xymon-4.3.30/lib/loadhosts_file.c:294:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dgname, tagstart, (dgname_buflen - strlen(dgname)));
data/xymon-4.3.30/lib/loadhosts_file.c:294:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(dgname, tagstart, (dgname_buflen - strlen(dgname)));
data/xymon-4.3.30/lib/loadhosts_file.c:295:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inp += strlen(inp);
data/xymon-4.3.30/lib/loadhosts_file.c:299:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dgname, inp, (dgname_buflen - strlen(dgname)));
data/xymon-4.3.30/lib/loadhosts_file.c:299:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(dgname, inp, (dgname_buflen - strlen(dgname)));
data/xymon-4.3.30/lib/loadhosts_file.c:300:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inp += strlen(inp);
data/xymon-4.3.30/lib/loadhosts_file.c:324:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*hostname == '@') memmove(hostname, hostname+1, strlen(hostname));
data/xymon-4.3.30/lib/loadhosts_file.c:373:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(delim, delim+1, strlen(delim));
data/xymon-4.3.30/lib/loadhosts_net.c:42:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(msg, 200 + strlen(targethost));
data/xymon-4.3.30/lib/loadhosts_net.c:54:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hivalbuf) == 0) {
data/xymon-4.3.30/lib/loadhosts_net.c:95:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hival_hostinfo.ip, hivals[XMH_IP], sizeof(hival_hostinfo.ip));
data/xymon-4.3.30/lib/locator.c:73:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytesleft = strlen(buf)+1;
data/xymon-4.3.30/lib/locator.c:209:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pingbuf, cmd, sizeof(pingbuf));
data/xymon-4.3.30/lib/locator.c:272:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(servername) + 100;
data/xymon-4.3.30/lib/locator.c:273:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (extras) bufsz += (strlen(extras) + 1);
data/xymon-4.3.30/lib/locator.c:292:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(servername) + strlen(hostname) + 100;
data/xymon-4.3.30/lib/locator.c:292:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(servername) + strlen(hostname) + 100;
data/xymon-4.3.30/lib/locator.c:308:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(oldhostname) + strlen(newhostname) + 100;
data/xymon-4.3.30/lib/locator.c:308:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(oldhostname) + strlen(newhostname) + 100;
data/xymon-4.3.30/lib/locator.c:324:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufneeded = strlen(hostname) + 100;
data/xymon-4.3.30/lib/locator.c:356:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((strlen(buf) > 2) ? buf+2 : NULL);
data/xymon-4.3.30/lib/locator.c:372:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(servername) + 100;
data/xymon-4.3.30/lib/locator.c:389:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(servername) + 100;
data/xymon-4.3.30/lib/locator.c:405:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsz = strlen(servername) + 100;
data/xymon-4.3.30/lib/matching.c:58:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(pcrecode, NULL, needle, strlen(needle), 0, 0, ovector, (sizeof(ovector)/sizeof(int)));
data/xymon-4.3.30/lib/matching.c:165:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = pcre_exec(expr, NULL, buf, strlen(buf), 0, 0, ovector, (sizeof(ovector)/sizeof(int)));
data/xymon-4.3.30/lib/memory.c:179:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_to_memlist(result, strlen(result)+1);
data/xymon-4.3.30/lib/memory.c:205:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) <= maxlen)
data/xymon-4.3.30/lib/memory.c:206:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copyend = dest + strlen(dest) + strlen(src);
data/xymon-4.3.30/lib/memory.c:206:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copyend = dest + strlen(dest) + strlen(src);
data/xymon-4.3.30/lib/memory.c:208:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copyend = dest + strlen(dest) + maxlen;
data/xymon-4.3.30/lib/memory.c:215:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dest) + strlen(src) >= maxlen) {
data/xymon-4.3.30/lib/memory.c:215:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dest) + strlen(src) >= maxlen) {
data/xymon-4.3.30/lib/memory.c:220:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dest, src, maxlen);
data/xymon-4.3.30/lib/memory.c:244:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) <= maxlen)
data/xymon-4.3.30/lib/memory.c:245:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copyend = dest + strlen(src);
data/xymon-4.3.30/lib/memory.c:253:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) >= maxlen) {
data/xymon-4.3.30/lib/memory.c:258:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, maxlen);
data/xymon-4.3.30/lib/memory.h:80:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#undef strncat
data/xymon-4.3.30/lib/memory.h:82:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#undef strncpy
data/xymon-4.3.30/lib/memory.h:86:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define strncat(D,S,L) xstrncat((D), (S), (L))
data/xymon-4.3.30/lib/memory.h:88:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define strncpy(D,S,L) xstrncpy((D), (S), (L))
data/xymon-4.3.30/lib/misc.c:48:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nam, osname, n);
data/xymon-4.3.30/lib/misc.c:166:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(s, strlen(hostname)+1);
data/xymon-4.3.30/lib/misc.c:167:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, hostname, s_buflen);
data/xymon-4.3.30/lib/misc.c:169:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(hostname) > strlen(s)) {
data/xymon-4.3.30/lib/misc.c:169:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(hostname) > strlen(s)) {
data/xymon-4.3.30/lib/misc.c:171:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(s, strlen(hostname)+1);
data/xymon-4.3.30/lib/misc.c:172:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, hostname, s_buflen);
data/xymon-4.3.30/lib/misc.c:175:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, hostname, s_buflen);
data/xymon-4.3.30/lib/misc.c:241:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strncmp(arg, match, strlen(match)) == 0);
data/xymon-4.3.30/lib/misc.c:301:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (n == strlen(whereat)) {
data/xymon-4.3.30/lib/misc.c:344:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!p) n = strlen(whereat);
data/xymon-4.3.30/lib/misc.c:349:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n == strlen(whereat)) {
data/xymon-4.3.30/lib/misc.c:369:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = result + strlen(result) - 1;
data/xymon-4.3.30/lib/misc.c:480:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(text) == strspn(text, "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ._-"));
data/xymon-4.3.30/lib/misc.c:677:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(alist, strlen(alertlist) + 3);
data/xymon-4.3.30/lib/misc.c:679:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(aname, strlen(testname) + 3);
data/xymon-4.3.30/lib/netservices.c:87:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf && (buflen == 0)) buflen = strlen(buf);
data/xymon-4.3.30/lib/netservices.c:140:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(filename, "protocols.cfg", (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/netservices.c:140:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(filename, "protocols.cfg", (sizeof(filename) - strlen(filename)));
data/xymon-4.3.30/lib/netservices.c:170:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xymonnetsvcs_buflen = strlen(xymonnetsvcs)+1;
data/xymon-4.3.30/lib/netservices.c:196:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svcnamebytes += (strlen(svcname) + 1);
data/xymon-4.3.30/lib/netservices.c:300:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
searchstring_buflen = strlen(searchstring) + 1;
data/xymon-4.3.30/lib/netservices.c:301:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymonnetsvcs, strlen(xgetenv("XYMONNETSVCS")) + svcnamebytes + 1);
data/xymon-4.3.30/lib/netservices.c:302:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xymonnetsvcs, xgetenv("XYMONNETSVCS"), xymonnetsvcs_buflen);
data/xymon-4.3.30/lib/netservices.c:306:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(searchstring, xgetenv("XYMONNETSVCS"), searchstring_buflen);
data/xymon-4.3.30/lib/netservices.c:311:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *eos = xymonnetsvcs + strlen(xymonnetsvcs);
data/xymon-4.3.30/lib/notifylog.c:224:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pagematch = (pcre_exec(pageregexp, NULL, pagename, strlen(pagename), 0, 0,
data/xymon-4.3.30/lib/notifylog.c:239:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pagematch = (pcre_exec(expageregexp, NULL, pagename, strlen(pagename), 0, 0,
data/xymon-4.3.30/lib/notifylog.c:249:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostmatch = (pcre_exec(hostregexp, NULL, hostname, strlen(hostname), 0, 0,
data/xymon-4.3.30/lib/notifylog.c:256:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostmatch = (pcre_exec(exhostregexp, NULL, hostname, strlen(hostname), 0, 0,
data/xymon-4.3.30/lib/notifylog.c:263:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testmatch = (pcre_exec(testregexp, NULL, svcname, strlen(svcname), 0, 0,
data/xymon-4.3.30/lib/notifylog.c:270:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testmatch = (pcre_exec(extestregexp, NULL, svcname, strlen(svcname), 0, 0,
data/xymon-4.3.30/lib/notifylog.c:277:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcptmatch = (pcre_exec(rcptregexp, NULL, recipient, strlen(recipient), 0, 0,
data/xymon-4.3.30/lib/notifylog.c:284:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcptmatch = (pcre_exec(exrcptregexp, NULL, recipient, strlen(recipient), 0, 0,
data/xymon-4.3.30/lib/notifylog.c:357:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(title, "No notifications logged", sizeof(title));
data/xymon-4.3.30/lib/readmib.c:90:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(fn, strlen(xgetenv("XYMONHOME")) + strlen("/etc/snmpmibs.cfg") + 1);
data/xymon-4.3.30/lib/readmib.c:90:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(fn, strlen(xgetenv("XYMONHOME")) + strlen("/etc/snmpmibs.cfg") + 1);
data/xymon-4.3.30/lib/run.c:126:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(pfd[0], l, sizeof(l)-1);
data/xymon-4.3.30/lib/sendmsg.c:106:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(xymonproxyhost, "http://", 7) == 0) xymonproxyhost += strlen("http://");
data/xymon-4.3.30/lib/sendmsg.c:181:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(recipient, "http://", strlen("http://")) != 0) {
data/xymon-4.3.30/lib/sendmsg.c:203:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcptip = strdup(recipient+strlen("http://"));
data/xymon-4.3.30/lib/sendmsg.c:234:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strchr(recipient + strlen("http://"), '/');
data/xymon-4.3.30/lib/sendmsg.c:237:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
posthost = strdup(recipient + strlen("http://"));
data/xymon-4.3.30/lib/sendmsg.c:248:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails + strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "Unable to parse HTTP recipient");
data/xymon-4.3.30/lib/sendmsg.c:248:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails + strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "Unable to parse HTTP recipient");
data/xymon-4.3.30/lib/sendmsg.c:255:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(httpmessage, strlen(message)+strlen(posthost)+1024);
data/xymon-4.3.30/lib/sendmsg.c:255:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(httpmessage, strlen(message)+strlen(posthost)+1024);
data/xymon-4.3.30/lib/sendmsg.c:259:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
posturl, (int)strlen(message), posthost, message);
data/xymon-4.3.30/lib/sendmsg.c:277:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hostip, inet_ntoa(addr), sizeof(hostip));
data/xymon-4.3.30/lib/sendmsg.c:285:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "Cannot determine IP address of message recipient %s", rcptip);
data/xymon-4.3.30/lib/sendmsg.c:285:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "Cannot determine IP address of message recipient %s", rcptip);
data/xymon-4.3.30/lib/sendmsg.c:307:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "connect to Xymon daemon@%s:%d failed (%s)", rcptip, rcptport, strerror(errno));
data/xymon-4.3.30/lib/sendmsg.c:307:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "connect to Xymon daemon@%s:%d failed (%s)", rcptip, rcptport, strerror(errno));
data/xymon-4.3.30/lib/sendmsg.c:322:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "Select failure while sending to Xymon daemon@%s:%d", rcptip, rcptport);
data/xymon-4.3.30/lib/sendmsg.c:322:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "Select failure while sending to Xymon daemon@%s:%d", rcptip, rcptport);
data/xymon-4.3.30/lib/sendmsg.c:351:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "Could not connect to Xymon daemon@%s:%d (%s)",
data/xymon-4.3.30/lib/sendmsg.c:351:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "Could not connect to Xymon daemon@%s:%d (%s)",
data/xymon-4.3.30/lib/sendmsg.c:416:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = write(sockfd, msgptr, strlen(msgptr));
data/xymon-4.3.30/lib/sendmsg.c:418:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "Write error while sending message to Xymon daemon@%s:%d", rcptip, rcptport);
data/xymon-4.3.30/lib/sendmsg.c:418:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "Write error while sending message to Xymon daemon@%s:%d", rcptip, rcptport);
data/xymon-4.3.30/lib/sendmsg.c:425:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wdone = (strlen(msgptr) == 0);
data/xymon-4.3.30/lib/sendmsg.c:472:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(msgcmd, msg, i); *(msgcmd+i) = '\0';
data/xymon-4.3.30/lib/sendmsg.c:483:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "No recipients listed! XYMSRV was %s, XYMSERVERS %s",
data/xymon-4.3.30/lib/sendmsg.c:483:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(errordetails+strlen(errordetails), (sizeof(errordetails) - strlen(errordetails)), "No recipients listed! XYMSRV was %s, XYMSERVERS %s",
data/xymon-4.3.30/lib/sendmsg.c:617:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msglen = strlen(msg);
data/xymon-4.3.30/lib/sendmsg.c:686:24: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (sleepbetweenmsgs) usleep(sleepbetweenmsgs);
data/xymon-4.3.30/lib/sha2.c:840:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(output+2*i, (sizeof(output) - strlen(output)), "%02x", digest[i]);
data/xymon-4.3.30/lib/sha2.c:905:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha224((const unsigned char *) message1, strlen(message1), digest);
data/xymon-4.3.30/lib/sha2.c:907:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha224((const unsigned char *) message2a, strlen(message2a), digest);
data/xymon-4.3.30/lib/sha2.c:915:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256((const unsigned char *) message1, strlen(message1), digest);
data/xymon-4.3.30/lib/sha2.c:917:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256((const unsigned char *) message2a, strlen(message2a), digest);
data/xymon-4.3.30/lib/sha2.c:925:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha384((const unsigned char *) message1, strlen(message1), digest);
data/xymon-4.3.30/lib/sha2.c:927:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha384((const unsigned char *)message2b, strlen(message2b), digest);
data/xymon-4.3.30/lib/sha2.c:935:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha512((const unsigned char *) message1, strlen(message1), digest);
data/xymon-4.3.30/lib/sha2.c:937:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha512((const unsigned char *) message2b, strlen(message2b), digest);
data/xymon-4.3.30/lib/sig.c:101:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(signal_xymoncmd, xgetenv("XYMON"), sizeof(signal_xymoncmd));
data/xymon-4.3.30/lib/sig.c:102:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(signal_xymondserver, xgetenv("XYMSRV"), sizeof(signal_xymondserver));
data/xymon-4.3.30/lib/sig.c:103:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(signal_tmpdir, xgetenv("XYMONTMP"), sizeof(signal_tmpdir));
data/xymon-4.3.30/lib/stackio.c:207:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stackfd_filename, filename, sizeof(stackfd_filename));
data/xymon-4.3.30/lib/stackio.c:211:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stackfd_filename, filename, sizeof(stackfd_filename));
data/xymon-4.3.30/lib/stackio.c:338:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (*dirname == '/') strncpy(dirfn, dirname, sizeof(dirfn)); else snprintf(dirfn, sizeof(dirfn), "%s/%s", stackfd_base, dirname);
data/xymon-4.3.30/lib/stackio.c:360:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fnlen = strlen(d->d_name);
data/xymon-4.3.30/lib/stackio.c:436:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(extraincl && (strncmp(bufpastwhitespace, extraincl, strlen(extraincl)) == 0)) ) {
data/xymon-4.3.30/lib/stackio.c:442:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*newfn && isspace(*(newfn + strlen(newfn) - 1))) *(newfn + strlen(newfn) -1) = '\0';
data/xymon-4.3.30/lib/stackio.c:442:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*newfn && isspace(*(newfn + strlen(newfn) - 1))) *(newfn + strlen(newfn) -1) = '\0';
data/xymon-4.3.30/lib/stackio.c:460:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*dirfn && isspace(*(dirfn + strlen(dirfn) - 1))) *(dirfn + strlen(dirfn) -1) = '\0';
data/xymon-4.3.30/lib/stackio.c:460:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*dirfn && isspace(*(dirfn + strlen(dirfn) - 1))) *(dirfn + strlen(dirfn) -1) = '\0';
data/xymon-4.3.30/lib/stackio.c:532:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(cmd, "!", sizeof(cmd));
data/xymon-4.3.30/lib/stackio.c:563:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(cmd, "!", sizeof(cmd));
data/xymon-4.3.30/lib/strfunc.c:55:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newbuf->used = strlen(buffer);
data/xymon-4.3.30/lib/strfunc.c:99:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/xymon-4.3.30/lib/strfunc.c:129:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (newtext) strbuf_addtobuffer(buf, newtext, strlen(newtext));
data/xymon-4.3.30/lib/strfunc.c:140:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strbuf_addtobuffer(buf, newtext, strlen(newtext));
data/xymon-4.3.30/lib/strfunc.c:177:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf->used = strlen(buf->s);
data/xymon-4.3.30/lib/strfunc.c:280:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(oldtext);
data/xymon-4.3.30/lib/timefunc.c:57:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(timestamp, ctime(&now), 30);
data/xymon-4.3.30/lib/timefunc.c:58:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timestamp[strlen(timestamp)-1] = '\0';
data/xymon-4.3.30/lib/timefunc.c:88:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(wkdays, strlen(daynames[1]) + strlen(daynames[5]) + 2);
data/xymon-4.3.30/lib/timefunc.c:88:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(wkdays, strlen(daynames[1]) + strlen(daynames[5]) + 2);
data/xymon-4.3.30/lib/timefunc.c:315:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(dayspec, strlen(tag)+1+12); /* Leave room for expanding 'W' and '*' */
data/xymon-4.3.30/lib/timefunc.c:316:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(starttime, strlen(tag)+1);
data/xymon-4.3.30/lib/timefunc.c:317:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(endtime, strlen(tag)+1);
data/xymon-4.3.30/lib/timefunc.c:319:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dayspec, (tag+1), dayspec_buflen);
data/xymon-4.3.30/lib/timefunc.c:327:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(starttime, p, starttime_buflen); p = starttime;
data/xymon-4.3.30/lib/timefunc.c:328:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(starttime) < 4) ||
data/xymon-4.3.30/lib/timefunc.c:337:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(endtime, p, endtime_buflen); p = endtime;
data/xymon-4.3.30/lib/timefunc.c:338:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(endtime) < 4) ||
data/xymon-4.3.30/lib/timefunc.c:354:28: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (strchr(dayspec, 'W')) strncat(dayspec, "12345", (dayspec_buflen - strlen(dayspec)));
data/xymon-4.3.30/lib/timefunc.c:354:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr(dayspec, 'W')) strncat(dayspec, "12345", (dayspec_buflen - strlen(dayspec)));
data/xymon-4.3.30/lib/timefunc.c:355:28: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (strchr(dayspec, '*')) strncat(dayspec, "0123456", (dayspec_buflen - strlen(dayspec)));
data/xymon-4.3.30/lib/timefunc.c:355:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strchr(dayspec, '*')) strncat(dayspec, "0123456", (dayspec_buflen - strlen(dayspec)));
data/xymon-4.3.30/lib/timefunc.c:541:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) != 12) {
data/xymon-4.3.30/lib/timing.c:136:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(outbuf, "\n\nTIME SPENT\n", outbuf_buflen);
data/xymon-4.3.30/lib/timing.c:137:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(outbuf, "Event ", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:137:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(outbuf, "Event ", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:138:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(outbuf, " Start time", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:138:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(outbuf, " Start time", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:139:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(outbuf, " Duration\n", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:139:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(outbuf, " Duration\n", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:143:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:143:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:145:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:145:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:149:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:149:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:151:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
else strncat(outbuf, " -", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:151:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else strncat(outbuf, " -", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:152:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(outbuf, "\n", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:152:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(outbuf, "\n", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:154:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((outbuf_buflen - strlen(outbuf)) < 200) {
data/xymon-4.3.30/lib/timing.c:160:56: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
snprintf(buf1, sizeof(buf1), "%-40s ", "TIME TOTAL"); strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:160:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf1, sizeof(buf1), "%-40s ", "TIME TOTAL"); strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:161:45: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
snprintf(buf1, sizeof(buf1), "%-18s", ""); strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:161:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf1, sizeof(buf1), "%-18s", ""); strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:162:106: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
snprintf(buf1, sizeof(buf1), "%10u.%06u ", (unsigned int)dif.tv_sec, (unsigned int)dif.tv_nsec / 1000); strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:162:145: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf1, sizeof(buf1), "%10u.%06u ", (unsigned int)dif.tv_sec, (unsigned int)dif.tv_nsec / 1000); strncat(outbuf, buf1, (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:163:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(outbuf, "\n", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/timing.c:163:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(outbuf, "\n", (outbuf_buflen - strlen(outbuf)));
data/xymon-4.3.30/lib/url.c:48:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pout = result = (char *) malloc(strlen(url) + 1);
data/xymon-4.3.30/lib/url.c:56:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(pin) >= 2) && isxdigit((int)*pin) && isxdigit((int)*(pin+1))) {
data/xymon-4.3.30/lib/url.c:222:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int login_len = strlen(login) + strlen(password) + 1;
data/xymon-4.3.30/lib/url.c:222:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int login_len = strlen(login) + strlen(password) + 1;
data/xymon-4.3.30/lib/url.c:253:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cleaned = (char *)malloc(strlen(url)+1);
data/xymon-4.3.30/lib/url.c:255:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cleaned = (char *)realloc(cleaned, strlen(url)+1);
data/xymon-4.3.30/lib/url.c:311:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(startp) > 5) url->schemeopts = strdup(startp+5);
data/xymon-4.3.30/lib/url.c:315:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(startp) > 4) url->schemeopts = strdup(startp+4);
data/xymon-4.3.30/lib/url.c:353:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else startp += strlen(startp);
data/xymon-4.3.30/lib/url.c:394:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url->relurl = malloc(strlen(startp) + 2);
data/xymon-4.3.30/lib/url.c:395:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(url->relurl, (strlen(startp)+2), "/%s", startp);
data/xymon-4.3.30/lib/url.c:408:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
canonurllen += strlen(url->scheme)+3; /* Add room for the "://" */
data/xymon-4.3.30/lib/url.c:409:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
canonurllen += strlen(url->host);
data/xymon-4.3.30/lib/url.c:411:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
canonurllen += strlen(url->relurl);
data/xymon-4.3.30/lib/url.c:621:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (okstart && (strlen(okstart) == 0)) okstart = NULL;
data/xymon-4.3.30/lib/url.c:622:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (notokstart && (strlen(notokstart) == 0)) notokstart = NULL;
data/xymon-4.3.30/lib/webaccess.c:45:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(group) + strlen(member) + 2);
data/xymon-4.3.30/lib/webaccess.c:45:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(group) + strlen(member) + 2);
data/xymon-4.3.30/lib/webaccess.c:67:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(username) + 6);
data/xymon-4.3.30/lib/webaccess.c:82:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(onepg) + strlen(username) + 2);
data/xymon-4.3.30/lib/webaccess.c:82:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(onepg) + strlen(username) + 2);
data/xymon-4.3.30/lib/webaccess.c:97:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(username) + 2);
data/xymon-4.3.30/lib/webaccess.c:97:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(username) + 2);
data/xymon-4.3.30/lib/webaccess.c:108:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(testname) + strlen(username) + 2);
data/xymon-4.3.30/lib/webaccess.c:108:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(testname) + strlen(username) + 2);
data/xymon-4.3.30/lib/xymonrrd.c:84:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(tcptests, strlen(services)+1);
data/xymon-4.3.30/lib/xymonrrd.c:85:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tcptests, services, tcptests_buflen);
data/xymon-4.3.30/lib/xymonrrd.c:87:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tcptests, services, tcptests_buflen);
data/xymon-4.3.30/lib/xymonrrd.c:90:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(lenv, strlen(xgetenv("TEST2RRD")) + strlen(tcptests) + count*strlen(",=tcp") + 1);
data/xymon-4.3.30/lib/xymonrrd.c:90:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(lenv, strlen(xgetenv("TEST2RRD")) + strlen(tcptests) + count*strlen(",=tcp") + 1);
data/xymon-4.3.30/lib/xymonrrd.c:90:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(lenv, strlen(xgetenv("TEST2RRD")) + strlen(tcptests) + count*strlen(",=tcp") + 1);
data/xymon-4.3.30/lib/xymonrrd.c:91:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lenv, xgetenv("TEST2RRD"), lenv_buflen);
data/xymon-4.3.30/lib/xymonrrd.c:92:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = lenv+strlen(lenv)-1; if (*p == ',') *p = '\0'; /* Drop a trailing comma */
data/xymon-4.3.30/lib/xymonrrd.c:95:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int curlen = strlen(lenv);
data/xymon-4.3.30/lib/xymonrrd.c:126:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = lenv+strlen(lenv)-1; if (*p == ',') *p = '\0'; /* Drop a trailing comma */
data/xymon-4.3.30/lib/xymonrrd.c:141:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grec->xymonpartname) == 0) {
data/xymon-4.3.30/lib/xymonrrd.c:190:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
found = (strncmp(grec->xymonrrdname, rrdname, strlen(grec->xymonrrdname)) == 0);
data/xymon-4.3.30/lib/xymonrrd.c:193:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dchar = rrdname + strlen(grec->xymonrrdname);
data/xymon-4.3.30/lib/xymonrrd.c:244:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rrdservicename, graphdef->xymonrrdname, sizeof(rrdservicename));
data/xymon-4.3.30/lib/xymonrrd.c:249:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cgiurl) +
data/xymon-4.3.30/lib/xymonrrd.c:250:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hostname) +
data/xymon-4.3.30/lib/xymonrrd.c:251:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rrdservicename) +
data/xymon-4.3.30/lib/xymonrrd.c:252:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(urlencode(dispname ? dispname : hostname)));
data/xymon-4.3.30/lib/xymonrrd.c:255:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fmt) +
data/xymon-4.3.30/lib/xymonrrd.c:257:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rrdservicename) +
data/xymon-4.3.30/lib/xymonrrd.c:258:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(xgetenv("XYMONSKIN"));
data/xymon-4.3.30/lib/xymonrrd.c:292:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(svcurl, "&disp=", (svcurl_buflen - strlen(svcurl)));
data/xymon-4.3.30/lib/xymonrrd.c:292:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(svcurl, "&disp=", (svcurl_buflen - strlen(svcurl)));
data/xymon-4.3.30/lib/xymonrrd.c:293:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(svcurl, urlencode(dispname ? dispname : hostname), (svcurl_buflen - strlen(svcurl)));
data/xymon-4.3.30/lib/xymonrrd.c:293:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(svcurl, urlencode(dispname ? dispname : hostname), (svcurl_buflen - strlen(svcurl)));
data/xymon-4.3.30/lib/xymonrrd.c:295:42: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (nostale == HG_WITHOUT_STALE_RRDS) strncat(svcurl, "&nostale", (svcurl_buflen - strlen(svcurl)));
data/xymon-4.3.30/lib/xymonrrd.c:295:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nostale == HG_WITHOUT_STALE_RRDS) strncat(svcurl, "&nostale", (svcurl_buflen - strlen(svcurl)));
data/xymon-4.3.30/lib/xymonrrd.c:296:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bgcolor != -1) snprintf(svcurl+strlen(svcurl), (svcurl_buflen - strlen(svcurl)), "&color=%s", colorname(bgcolor));
data/xymon-4.3.30/lib/xymonrrd.c:296:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bgcolor != -1) snprintf(svcurl+strlen(svcurl), (svcurl_buflen - strlen(svcurl)), "&color=%s", colorname(bgcolor));
data/xymon-4.3.30/lib/xymonrrd.c:297:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(svcurl+strlen(svcurl), (svcurl_buflen - strlen(svcurl)), "&graph_start=%d&graph_end=%d", (int)starttime, (int)endtime);
data/xymon-4.3.30/lib/xymonrrd.c:297:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(svcurl+strlen(svcurl), (svcurl_buflen - strlen(svcurl)), "&graph_start=%d&graph_end=%d", (int)starttime, (int)endtime);
data/xymon-4.3.30/lib/xymonrrd.c:300:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(rrdparturl) + strlen(rrdurl) + 1) >= rrdurl_buflen) {
data/xymon-4.3.30/lib/xymonrrd.c:300:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(rrdparturl) + strlen(rrdurl) + 1) >= rrdurl_buflen) {
data/xymon-4.3.30/lib/xymonrrd.c:301:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(rrdurl, rrdurl_buflen + strlen(rrdparturl) + 4096);
data/xymon-4.3.30/lib/xymonrrd.c:303:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(rrdurl, rrdparturl, (rrdurl_buflen - strlen(rrdurl)));
data/xymon-4.3.30/lib/xymonrrd.c:303:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(rrdurl, rrdparturl, (rrdurl_buflen - strlen(rrdurl)));
data/xymon-4.3.30/lib/xymonrrd.c:356:43: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
nam->dsnam = (char *)malloc(plen+1); strncpy(nam->dsnam, pname, plen); nam->dsnam[plen] = '\0';
data/xymon-4.3.30/lib/xymonrrd.c:361:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result->template = (char *)realloc(result->template, strlen(result->template) + plen + 1);
data/xymon-4.3.30/lib/xymonrrd.c:362:41: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
nam->dsnam = (char *)malloc(plen); strncpy(nam->dsnam, pname+1, plen-1); nam->dsnam[plen-1] = '\0';
data/xymon-4.3.30/lib/xymonrrd.c:364:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result->template, pname, plen);
data/xymon-4.3.30/web/ackinfo.c:126:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymonmsg, 1024 + strlen(hostname) + strlen(testname) + strlen(ackedby) + strlen(ackmsg));
data/xymon-4.3.30/web/ackinfo.c:126:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymonmsg, 1024 + strlen(hostname) + strlen(testname) + strlen(ackedby) + strlen(ackmsg));
data/xymon-4.3.30/web/ackinfo.c:126:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymonmsg, 1024 + strlen(hostname) + strlen(testname) + strlen(ackedby) + strlen(ackmsg));
data/xymon-4.3.30/web/ackinfo.c:126:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymonmsg, 1024 + strlen(hostname) + strlen(testname) + strlen(ackedby) + strlen(ackmsg));
data/xymon-4.3.30/web/ackinfo.c:132:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xymonmsg = (char *)malloc(1024 + (hostname ? strlen(hostname) : 9) + (testname ? strlen(testname) : 9) + (ackmsg ? strlen(ackmsg) : 9));
data/xymon-4.3.30/web/ackinfo.c:132:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xymonmsg = (char *)malloc(1024 + (hostname ? strlen(hostname) : 9) + (testname ? strlen(testname) : 9) + (ackmsg ? strlen(ackmsg) : 9));
data/xymon-4.3.30/web/ackinfo.c:132:118: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xymonmsg = (char *)malloc(1024 + (hostname ? strlen(hostname) : 9) + (testname ? strlen(testname) : 9) + (ackmsg ? strlen(ackmsg) : 9));
data/xymon-4.3.30/web/acknowledge.c:168:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(numstr, "all", sizeof(numstr));
data/xymon-4.3.30/web/acknowledge.c:255:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cmd, "xymondboard fields=hostname,testname,cookie color=", cmd_buflen);
data/xymon-4.3.30/web/acknowledge.c:258:23: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
if (!firstcolor) strncat(cmd, ",", cmd_buflen - strlen(cmd));
data/xymon-4.3.30/web/acknowledge.c:258:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!firstcolor) strncat(cmd, ",", cmd_buflen - strlen(cmd));
data/xymon-4.3.30/web/acknowledge.c:259:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cmd, colorname(col), cmd_buflen - strlen(cmd));
data/xymon-4.3.30/web/acknowledge.c:259:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(cmd, colorname(col), cmd_buflen - strlen(cmd));
data/xymon-4.3.30/web/acknowledge.c:270:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(re, 3+strlen(hostname));
data/xymon-4.3.30/web/acknowledge.c:276:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(cmd, 1024 + strlen(cmd) + strlen(re));
data/xymon-4.3.30/web/acknowledge.c:276:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(cmd, 1024 + strlen(cmd) + strlen(re));
data/xymon-4.3.30/web/acknowledge.c:277:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cmd + strlen(cmd), cmd_buflen - strlen(cmd), " host=%s", re);
data/xymon-4.3.30/web/acknowledge.c:277:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cmd + strlen(cmd), cmd_buflen - strlen(cmd), " host=%s", re);
data/xymon-4.3.30/web/acknowledge.c:292:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(re, 8 + strlen(pagename)*2);
data/xymon-4.3.30/web/acknowledge.c:298:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(cmd, 1024 + strlen(cmd) + strlen(re));
data/xymon-4.3.30/web/acknowledge.c:298:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(cmd, 1024 + strlen(cmd) + strlen(re));
data/xymon-4.3.30/web/acknowledge.c:299:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cmd + strlen(cmd), cmd_buflen - strlen(cmd), " page=%s", re);
data/xymon-4.3.30/web/acknowledge.c:299:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cmd + strlen(cmd), cmd_buflen - strlen(cmd), " page=%s", re);
data/xymon-4.3.30/web/acknowledge.c:379:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(acking_user, 1024 + strlen(getenv("REMOTE_USER")) + (remaddr ? strlen(remaddr) : 0));
data/xymon-4.3.30/web/acknowledge.c:379:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(acking_user, 1024 + strlen(getenv("REMOTE_USER")) + (remaddr ? strlen(remaddr) : 0));
data/xymon-4.3.30/web/acknowledge.c:381:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (remaddr) snprintf(acking_user + strlen(acking_user), acking_user_buflen - strlen(acking_user), " (%s)", remaddr);
data/xymon-4.3.30/web/acknowledge.c:381:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (remaddr) snprintf(acking_user + strlen(acking_user), acking_user_buflen - strlen(acking_user), " (%s)", remaddr);
data/xymon-4.3.30/web/acknowledge.c:394:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(msgline, 1024 + (awalk->hostname ? MAX_HTMLQUOTE_FACTOR*strlen(awalk->hostname) : 0) + (awalk->testname ? MAX_HTMLQUOTE_FACTOR*strlen(awalk->testname) : 0));
data/xymon-4.3.30/web/acknowledge.c:394:143: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(msgline, 1024 + (awalk->hostname ? MAX_HTMLQUOTE_FACTOR*strlen(awalk->hostname) : 0) + (awalk->testname ? MAX_HTMLQUOTE_FACTOR*strlen(awalk->testname) : 0));
data/xymon-4.3.30/web/acknowledge.c:424:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymonmsg, 1024 + strlen(awalk->ackmsg) + strlen(acking_user));
data/xymon-4.3.30/web/acknowledge.c:424:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymonmsg, 1024 + strlen(awalk->ackmsg) + strlen(acking_user));
data/xymon-4.3.30/web/appfeed.c:72:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pos) pos += strlen(ptn);
data/xymon-4.3.30/web/appfeed.c:120:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondreq, strlen(boardcmd) + strlen(fieldlist) + strlen(colorlist) + strlen(queryfilter) + 5);
data/xymon-4.3.30/web/appfeed.c:120:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondreq, strlen(boardcmd) + strlen(fieldlist) + strlen(colorlist) + strlen(queryfilter) + 5);
data/xymon-4.3.30/web/appfeed.c:120:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondreq, strlen(boardcmd) + strlen(fieldlist) + strlen(colorlist) + strlen(queryfilter) + 5);
data/xymon-4.3.30/web/appfeed.c:120:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondreq, strlen(boardcmd) + strlen(fieldlist) + strlen(colorlist) + strlen(queryfilter) + 5);
data/xymon-4.3.30/web/appfeed.c:129:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(errtxt, 1024 + MAX_HTMLQUOTE_FACTOR*strlen(xymondreq));
data/xymon-4.3.30/web/cgiwrap.c:70:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(cgipgm, strlen(pgm) + 5);
data/xymon-4.3.30/web/cgiwrap.c:71:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cgipgm, basename(pgm), cgipgm_buflen);
data/xymon-4.3.30/web/cgiwrap.c:72:64: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if (strstr(cgipgm, ".sh")) { char *p = strstr(cgipgm, ".sh"); strncpy(p, ".cgi", (cgipgm_buflen - (p - cgipgm))); }
data/xymon-4.3.30/web/cgiwrap.c:85:184: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strcmp(cgipgm, "columndoc.cgi") == 0) { cgipgm = "csvinfo.cgi"; addoptl("CGI_COLUMNDOC_OPTS"); if (getenv("QUERY_STRING")) { SBUF_DEFINE(t); SBUF_MALLOC(t, strlen(getenv("QUERY_STRING")) + 35); snprintf(t, t_buflen, "QUERY_STRING=db=columndoc.csv&key=%s", getenv("QUERY_STRING")); putenv(t); } }
data/xymon-4.3.30/web/cgiwrap.c:116:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(cgipgm) <= 4) || (strcmp(cgipgm+strlen(cgipgm)-4, ".cgi") != 0)) {
data/xymon-4.3.30/web/cgiwrap.c:116:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(cgipgm) <= 4) || (strcmp(cgipgm+strlen(cgipgm)-4, ".cgi") != 0)) {
data/xymon-4.3.30/web/chpasswd.c:128:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(passfile, strlen(xgetenv("XYMONHOME")) + 20);
data/xymon-4.3.30/web/chpasswd.c:152:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(loggedinuser) == 0) || (strlen(loggedinuser) != strlen(adduser_name)) || (strcmp(loggedinuser, adduser_name) != 0) ) {
data/xymon-4.3.30/web/chpasswd.c:152:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(loggedinuser) == 0) || (strlen(loggedinuser) != strlen(adduser_name)) || (strcmp(loggedinuser, adduser_name) != 0) ) {
data/xymon-4.3.30/web/chpasswd.c:152:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(loggedinuser) == 0) || (strlen(loggedinuser) != strlen(adduser_name)) || (strcmp(loggedinuser, adduser_name) != 0) ) {
data/xymon-4.3.30/web/chpasswd.c:157:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(adduser_name) == 0)) {
data/xymon-4.3.30/web/chpasswd.c:160:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( (strlen(adduser_password1) == 0) || (strlen(adduser_password2) == 0)) {
data/xymon-4.3.30/web/chpasswd.c:160:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( (strlen(adduser_password1) == 0) || (strlen(adduser_password2) == 0)) {
data/xymon-4.3.30/web/chpasswd.c:166:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(adduser_name) != strspn(adduser_name,"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-.,@/=^") ) {
data/xymon-4.3.30/web/chpasswd.c:169:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(adduser_password1) != strspn(adduser_password1,"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-.,@/=^") ) {
data/xymon-4.3.30/web/confreport.c:126:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fn, de->d_name + 4, sizeof(fn));
data/xymon-4.3.30/web/confreport.c:147:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hname) + strlen(tname) + 2);
data/xymon-4.3.30/web/confreport.c:147:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hname) + strlen(tname) + 2);
data/xymon-4.3.30/web/confreport.c:157:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(result, strlen(tspec) + 30);
data/xymon-4.3.30/web/confreport.c:188:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pagepathtitle || (strlen(pagepathtitle) == 0)) pagepathtitle = "Top page";
data/xymon-4.3.30/web/confreport.c:285:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(itm, pingplus, strlen(pingplus)) == 0) {
data/xymon-4.3.30/web/confreport.c:288:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
visdata = strdup(itm+strlen(pingplus));
data/xymon-4.3.30/web/confreport.c:313:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)realloc(newitem->visualdata, strlen(newitem->visualdata) + strlen(visdata) + 5) :
data/xymon-4.3.30/web/confreport.c:313:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)realloc(newitem->visualdata, strlen(newitem->visualdata) + strlen(visdata) + 5) :
data/xymon-4.3.30/web/confreport.c:314:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)malloc(strlen(visdata) + 5);
data/xymon-4.3.30/web/confreport.c:474:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(alert->ip, "127.0.0.1", sizeof(alert->ip));
data/xymon-4.3.30/web/confreport.c:579:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(marker, strlen(hostname) + 3);
data/xymon-4.3.30/web/confreport.c:581:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(statusbuf, marker+1, strlen(marker)-1) == 0) {
data/xymon-4.3.30/web/confreport.c:593:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bol += strlen(hostname) + 1; /* Skip hostname and delimiter */
data/xymon-4.3.30/web/confreport.c:601:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
marker += strlen("\\n&");
data/xymon-4.3.30/web/confreport.c:688:28: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
SBUF_MALLOC(pingplus, 6); strncpy(pingplus, "conn=", pingplus_buflen);
data/xymon-4.3.30/web/confreport.c:699:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(re, 8 + 2*strlen(pagepattern));
data/xymon-4.3.30/web/confreport.c:705:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymoncmd, 2*strlen(pagepattern) + 1024);
data/xymon-4.3.30/web/confreport.c:706:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(procscmd, 2*strlen(pagepattern) + 1024);
data/xymon-4.3.30/web/confreport.c:707:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(svcscmd, 2*strlen(pagepattern) + 1024);
data/xymon-4.3.30/web/confreport.c:722:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(re,3 + strlen(hostpattern));
data/xymon-4.3.30/web/confreport.c:728:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymoncmd, strlen(hostpattern) + 1024);
data/xymon-4.3.30/web/confreport.c:729:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(procscmd, strlen(hostpattern) + 1024);
data/xymon-4.3.30/web/confreport.c:730:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(svcscmd, strlen(hostpattern) + 1024);
data/xymon-4.3.30/web/confreport.c:848:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(pingplus, strlen(pingcolumn) + 3);
data/xymon-4.3.30/web/criticaleditor.c:89:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rq_critwkdays = (char *)realloc(rq_critwkdays, strlen(rq_critwkdays) + strlen(cwalk->value) + 1);
data/xymon-4.3.30/web/criticaleditor.c:89:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rq_critwkdays = (char *)realloc(rq_critwkdays, strlen(rq_critwkdays) + strlen(cwalk->value) + 1);
data/xymon-4.3.30/web/criticaleditor.c:129:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rq_clonestodrop = (char *)realloc(rq_clonestodrop, strlen(rq_clonestodrop) + strlen(cwalk->value) + 2);
data/xymon-4.3.30/web/criticaleditor.c:129:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rq_clonestodrop = (char *)realloc(rq_clonestodrop, strlen(rq_clonestodrop) + strlen(cwalk->value) + 2);
data/xymon-4.3.30/web/criticaleditor.c:130:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(rq_clonestodrop, " ");
data/xymon-4.3.30/web/criticaleditor.c:166:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(rq_crittime,strlen(rq_critwkdays) + strlen(rq_critslastart) + strlen(rq_critslaend) + 3);
data/xymon-4.3.30/web/criticaleditor.c:166:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(rq_crittime,strlen(rq_critwkdays) + strlen(rq_critslastart) + strlen(rq_critslaend) + 3);
data/xymon-4.3.30/web/criticaleditor.c:166:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(rq_crittime,strlen(rq_critwkdays) + strlen(rq_critslastart) + strlen(rq_critslaend) + 3);
data/xymon-4.3.30/web/criticaleditor.c:191:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(service) + 2);
data/xymon-4.3.30/web/criticaleditor.c:191:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(service) + 2);
data/xymon-4.3.30/web/criticaleditor.c:219:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*(clonekey + strlen(clonekey) -1) == '=') && (strcmp(hostname, (char *)clonerec) == 0)) {
data/xymon-4.3.30/web/criticaleditor.c:256:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(service) + 2);
data/xymon-4.3.30/web/criticaleditor.c:256:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(service) + 2);
data/xymon-4.3.30/web/criticaleditor.c:290:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(service) + 2);
data/xymon-4.3.30/web/criticaleditor.c:290:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(service) + 2);
data/xymon-4.3.30/web/criticaleditor.c:315:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upd_buflen = strlen(operator) + strlen(datestr) + 2;
data/xymon-4.3.30/web/criticaleditor.c:315:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upd_buflen = strlen(operator) + strlen(datestr) + 2;
data/xymon-4.3.30/web/criticaleditor.c:358:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(service) + 2);
data/xymon-4.3.30/web/criticaleditor.c:358:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(service) + 2);
data/xymon-4.3.30/web/criticalview.c:59:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=mincolor+1; (i < COL_COUNT); i++) snprintf(msg+strlen(msg), sizeof(msg)-strlen(msg), ",%s", colorname(i));
data/xymon-4.3.30/web/criticalview.c:59:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=mincolor+1; (i < COL_COUNT); i++) snprintf(msg+strlen(msg), sizeof(msg)-strlen(msg), ",%s", colorname(i));
data/xymon-4.3.30/web/criticalview.c:155:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_buflen = strlen(newitem->hostname) + strlen(newitem->testname) + 2;
data/xymon-4.3.30/web/criticalview.c:155:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_buflen = strlen(newitem->hostname) + strlen(newitem->testname) + 2;
data/xymon-4.3.30/web/criticalview.c:250:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(key, 2 + strlen(itm->hostname) + strlen(colname));
data/xymon-4.3.30/web/criticalview.c:250:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(key, 2 + strlen(itm->hostname) + strlen(colname));
data/xymon-4.3.30/web/criticalview.c:384:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(env, 20 + MAX_HTMLQUOTE_FACTOR*strlen(name) + MAX_HTMLQUOTE_FACTOR*strlen(val));
data/xymon-4.3.30/web/criticalview.c:384:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(env, 20 + MAX_HTMLQUOTE_FACTOR*strlen(name) + MAX_HTMLQUOTE_FACTOR*strlen(val));
data/xymon-4.3.30/web/criticalview.c:386:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(env+strlen(env), env_buflen-strlen(env), "_%s=SELECTED", htmlquoted(val));
data/xymon-4.3.30/web/criticalview.c:386:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(env+strlen(env), env_buflen-strlen(env), "_%s=SELECTED", htmlquoted(val));
data/xymon-4.3.30/web/criticalview.c:485:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t c_buflen = strlen(xgetenv("XYMONHOME")) + strlen(DEFAULT_CRITCONFIGFN) + 2;
data/xymon-4.3.30/web/criticalview.c:485:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t c_buflen = strlen(xgetenv("XYMONHOME")) + strlen(DEFAULT_CRITCONFIGFN) + 2;
data/xymon-4.3.30/web/criticalview.c:545:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(onename, strlen("DIVIDERTEXT=") + strlen(critconfig[i]) + 1);
data/xymon-4.3.30/web/criticalview.c:545:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(onename, strlen("DIVIDERTEXT=") + strlen(critconfig[i]) + 1);
data/xymon-4.3.30/web/csvinfo.c:121:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(wantedname) == 0) {
data/xymon-4.3.30/web/csvinfo.c:131:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(msg, 30+strlen(htmlquoted(dbfn)));
data/xymon-4.3.30/web/csvinfo.c:144:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0, p1=STRBUF(inbuf), p2=strchr(STRBUF(inbuf), delimiter); (p1 && p2 && strlen(p1)); i++,p1=p2+1,p2=strchr(p1, delimiter)) {
data/xymon-4.3.30/web/csvinfo.c:164:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0, p1=STRBUF(inbuf), p2=strchr(STRBUF(inbuf), delimiter); (p1 && p2 && strlen(p1)); i++,p1=p2+1,p2=strchr(p1, delimiter)) {
data/xymon-4.3.30/web/csvinfo.c:166:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(items[i], (strlen(p1) ? p1 : " "));
data/xymon-4.3.30/web/datepage.c:139:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endurl = (char *)malloc(strlen(urlprefix) + strlen(pagepath) + 1024);
data/xymon-4.3.30/web/datepage.c:139:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endurl = (char *)malloc(strlen(urlprefix) + strlen(pagepath) + 1024);
data/xymon-4.3.30/web/datepage.c:161:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (*pagepath) strcat(endurl, "/");
data/xymon-4.3.30/web/enadis.c:214:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(pwalk->name, "hostpattern") == 0) && pwalk->value && strlen(pwalk->value)) {
data/xymon-4.3.30/web/enadis.c:217:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(pwalk->name, "pagepattern") == 0) && pwalk->value && strlen(pwalk->value)) {
data/xymon-4.3.30/web/enadis.c:220:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(pwalk->name, "ippattern") == 0) && pwalk->value && strlen(pwalk->value)) {
data/xymon-4.3.30/web/enadis.c:223:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(pwalk->name, "classpattern") == 0) && pwalk->value && strlen(pwalk->value)) {
data/xymon-4.3.30/web/enadis.c:259:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(xymoncmd, 1024 + 2*strlen(hostname) + 2*strlen(enabletest[i]) + strlen(username));
data/xymon-4.3.30/web/enadis.c:259:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(xymoncmd, 1024 + 2*strlen(hostname) + 2*strlen(enabletest[i]) + strlen(username));
data/xymon-4.3.30/web/enadis.c:259:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(xymoncmd, 1024 + 2*strlen(hostname) + 2*strlen(enabletest[i]) + strlen(username));
data/xymon-4.3.30/web/enadis.c:280:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(xymoncmd, 1024 + 2*strlen(hostname) + 2*strlen(disabletest[i]) + strlen(fullmsg) + strlen(username));
data/xymon-4.3.30/web/enadis.c:280:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(xymoncmd, 1024 + 2*strlen(hostname) + 2*strlen(disabletest[i]) + strlen(fullmsg) + strlen(username));
data/xymon-4.3.30/web/enadis.c:280:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(xymoncmd, 1024 + 2*strlen(hostname) + 2*strlen(disabletest[i]) + strlen(fullmsg) + strlen(username));
data/xymon-4.3.30/web/enadis.c:280:101: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(xymoncmd, 1024 + 2*strlen(hostname) + 2*strlen(disabletest[i]) + strlen(fullmsg) + strlen(username));
data/xymon-4.3.30/web/enadis.c:300:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(xymoncmd, 1024 + 2*strlen(hostname) + strlen(disabletest[i]) + strlen(fullmsg));
data/xymon-4.3.30/web/enadis.c:300:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(xymoncmd, 1024 + 2*strlen(hostname) + strlen(disabletest[i]) + strlen(fullmsg));
data/xymon-4.3.30/web/enadis.c:300:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(xymoncmd, 1024 + 2*strlen(hostname) + strlen(disabletest[i]) + strlen(fullmsg));
data/xymon-4.3.30/web/enadis.c:341:30: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
SBUF_MALLOC(fullmsg, 1024); strncpy(fullmsg, "No cause specified", fullmsg_buflen);
data/xymon-4.3.30/web/enadis.c:343:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((username == NULL) || (strlen(username) == 0)) username = "unknown";
data/xymon-4.3.30/web/enadis.c:344:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((userhost == NULL) || (strlen(userhost) == 0)) userhost = userip;
data/xymon-4.3.30/web/enadis.c:396:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(fullmsg, 1024 + strlen(username) + strlen(userhost) + strlen(disablemsg));
data/xymon-4.3.30/web/enadis.c:396:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(fullmsg, 1024 + strlen(username) + strlen(userhost) + strlen(disablemsg));
data/xymon-4.3.30/web/enadis.c:396:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(fullmsg, 1024 + strlen(username) + strlen(userhost) + strlen(disablemsg));
data/xymon-4.3.30/web/enadis.c:409:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(returl, strlen( xgetenv("SECURECGIBINURL") ) + 11);
data/xymon-4.3.30/web/findhost.c:201:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(oneurl, 4 + strlen(xgetenv("XYMONWEB")) + strlen(xmh_item(hostwalk, XMH_PAGEPATH)) + strlen(hostname));
data/xymon-4.3.30/web/findhost.c:201:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(oneurl, 4 + strlen(xgetenv("XYMONWEB")) + strlen(xmh_item(hostwalk, XMH_PAGEPATH)) + strlen(hostname));
data/xymon-4.3.30/web/findhost.c:201:101: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(oneurl, 4 + strlen(xgetenv("XYMONWEB")) + strlen(xmh_item(hostwalk, XMH_PAGEPATH)) + strlen(hostname));
data/xymon-4.3.30/web/history.c:682:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = selfurl + strlen(selfurl);
data/xymon-4.3.30/web/history.c:685:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ip)) {
data/xymon-4.3.30/web/history.c:686:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(selfurl, selfurl_buflen + 6*strlen(ip));
data/xymon-4.3.30/web/history.c:687:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = selfurl + strlen(selfurl);
data/xymon-4.3.30/web/history.c:692:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = selfurl + strlen(selfurl);
data/xymon-4.3.30/web/history.c:695:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
else strncat(selfurl, "&ENTRIES=ALL", selfurl_buflen - strlen(selfurl));
data/xymon-4.3.30/web/history.c:695:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else strncat(selfurl, "&ENTRIES=ALL", selfurl_buflen - strlen(selfurl));
data/xymon-4.3.30/web/history.c:763:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(tailcmd, 1024 + strlen(histlogfn));
data/xymon-4.3.30/web/hostgraphs.c:52:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strcmp(cwalk->name, "hostpattern") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:55:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "pagepattern") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:58:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "ippattern") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:61:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "classpattern") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:67:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "hostname") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:75:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "testname") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:88:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "start-day") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:91:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "start-mon") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:94:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "start-yr") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:97:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "start-hour") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:100:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "start-min") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:103:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "start-sec") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:106:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "end-day") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:109:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "end-mon") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:112:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "end-yr") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:115:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "end-hour") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:118:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "end-min") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:121:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "end-sec") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/hostgraphs.c:195:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(formfile, "hostgraphs_form", formfile_buflen);
data/xymon-4.3.30/web/hostgraphs.c:212:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(formfile, strlen(hffile) + 6);
data/xymon-4.3.30/web/hostgraphs.c:227:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(pagepattern, 10 + 2*strlen(cookie));
data/xymon-4.3.30/web/hostlist.c:52:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fields = (char *)realloc(fields, strlen(fields) + strlen(cwalk->name) + 2);
data/xymon-4.3.30/web/hostlist.c:52:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fields = (char *)realloc(fields, strlen(fields) + strlen(cwalk->name) + 2);
data/xymon-4.3.30/web/hostlist.c:53:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fields, ",");
data/xymon-4.3.30/web/hostlist.c:110:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(req, 1024 + strlen(fields) + strlen(testfilter) + strlen(pagefilter));
data/xymon-4.3.30/web/hostlist.c:110:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(req, 1024 + strlen(fields) + strlen(testfilter) + strlen(pagefilter));
data/xymon-4.3.30/web/hostlist.c:110:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(req, 1024 + strlen(fields) + strlen(testfilter) + strlen(pagefilter));
data/xymon-4.3.30/web/perfdata.c:270:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = fsnam + strlen(fsnam) - 4; *p = '\0';
data/xymon-4.3.30/web/reportlog.c:77:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(reporttime, strlen(cwalk->value)+strlen("REPORTTIME=")+1);
data/xymon-4.3.30/web/reportlog.c:77:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(reporttime, strlen(cwalk->value)+strlen("REPORTTIME=")+1);
data/xymon-4.3.30/web/reportlog.c:98:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(colstr, strlen(cwalk->value)+2);
data/xymon-4.3.30/web/reportlog.c:159:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(textrepfn, 1024 + strlen(hostname) + strlen(service));
data/xymon-4.3.30/web/reportlog.c:159:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(textrepfn, 1024 + strlen(hostname) + strlen(service));
data/xymon-4.3.30/web/reportlog.c:161:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(textrepfullfn, 1024 + strlen(xgetenv("XYMONREPDIR")) + strlen(textrepfn));
data/xymon-4.3.30/web/reportlog.c:161:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(textrepfullfn, 1024 + strlen(xgetenv("XYMONREPDIR")) + strlen(textrepfn));
data/xymon-4.3.30/web/reportlog.c:163:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(textrepurl, 1024 + strlen(xgetenv("XYMONREPURL")) + strlen(textrepfn));
data/xymon-4.3.30/web/reportlog.c:163:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(textrepurl, 1024 + strlen(xgetenv("XYMONREPURL")) + strlen(textrepfn));
data/xymon-4.3.30/web/showgraph.c:145:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(req, strlen(hostname)+3);
data/xymon-4.3.30/web/showgraph.c:158:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(fnam, strlen(xgetenv("XYMONTMP"))+ strlen(d->d_name) + 2);
data/xymon-4.3.30/web/showgraph.c:158:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(fnam, strlen(xgetenv("XYMONTMP"))+ strlen(d->d_name) + 2);
data/xymon-4.3.30/web/showgraph.c:160:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fnam) > sizeof(myaddr.sun_path)) {
data/xymon-4.3.30/web/showgraph.c:164:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(myaddr.sun_path, fnam, sizeof(myaddr.sun_path));
data/xymon-4.3.30/web/showgraph.c:168:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufp = req; bytesleft = strlen(req);
data/xymon-4.3.30/web/showgraph.c:199:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(300000);
data/xymon-4.3.30/web/showgraph.c:352:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(p) == 0) || (*p == '#')) continue;
data/xymon-4.3.30/web/showgraph.c:434:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int servicelen = strlen(service);
data/xymon-4.3.30/web/showgraph.c:435:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int keylen = strlen(keybuf);
data/xymon-4.3.30/web/showgraph.c:443:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(metafn, "rrd.meta", metafn_buflen);
data/xymon-4.3.30/web/showgraph.c:446:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metafn = (char *)malloc(strlen(rrdfn) + 10);
data/xymon-4.3.30/web/showgraph.c:475:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val) > 0) return val;
data/xymon-4.3.30/web/showgraph.c:492:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *) malloc(strlen(buf) + count + 1); /* Add one backslash per colon */
data/xymon-4.3.30/web/showgraph.c:500:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inp += strlen(inp);
data/xymon-4.3.30/web/showgraph.c:501:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp += strlen(outp);
data/xymon-4.3.30/web/showgraph.c:508:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp = outp + strlen(outp);
data/xymon-4.3.30/web/showgraph.c:530:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inp += strlen(inp);
data/xymon-4.3.30/web/showgraph.c:535:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inp)) {
data/xymon-4.3.30/web/showgraph.c:559:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val) > 100) *(val+100) = '\0';
data/xymon-4.3.30/web/showgraph.c:566:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vallen = strlen(val);
data/xymon-4.3.30/web/showgraph.c:626:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(numstr, "", sizeof(numstr));
data/xymon-4.3.30/web/showgraph.c:875:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(multiname, strlen(gdef->name) + 7);
data/xymon-4.3.30/web/showgraph.c:921:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(gdef->name) + strlen(".rrd") + 1;
data/xymon-4.3.30/web/showgraph.c:921:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(gdef->name) + strlen(".rrd") + 1;
data/xymon-4.3.30/web/showgraph.c:933:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hostlist[i]) > maxlen) maxlen = strlen(hostlist[i]);
data/xymon-4.3.30/web/showgraph.c:933:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hostlist[i]) > maxlen) maxlen = strlen(hostlist[i]);
data/xymon-4.3.30/web/showgraph.c:941:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(hostlist[i]) + strlen(gdef->fnpat) + 2;
data/xymon-4.3.30/web/showgraph.c:941:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(hostlist[i]) + strlen(gdef->fnpat) + 2;
data/xymon-4.3.30/web/showgraph.c:994:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ext = d->d_name + strlen(d->d_name) - strlen(".rrd");
data/xymon-4.3.30/web/showgraph.c:994:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ext = d->d_name + strlen(d->d_name) - strlen(".rrd");
data/xymon-4.3.30/web/showgraph.c:999:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(expat, NULL, d->d_name, strlen(d->d_name), 0, 0,
data/xymon-4.3.30/web/showgraph.c:1005:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(pat, NULL, d->d_name, strlen(d->d_name), 0, 0,
data/xymon-4.3.30/web/showgraph.c:1034:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen("http://")+strlen(param)+1;
data/xymon-4.3.30/web/showgraph.c:1034:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen("http://")+strlen(param)+1;
data/xymon-4.3.30/web/showgraph.c:1042:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rrddbs[rrddbcount].rrdparam) > paramlen) {
data/xymon-4.3.30/web/showgraph.c:1046:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
paramlen = strlen(rrddbs[rrddbcount].rrdparam);
data/xymon-4.3.30/web/showgraph.c:1080:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcmdlen += (strlen(gdef->title+5) + strlen(displayname) + strlen(service) + strlen(glegend));
data/xymon-4.3.30/web/showgraph.c:1080:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcmdlen += (strlen(gdef->title+5) + strlen(displayname) + strlen(service) + strlen(glegend));
data/xymon-4.3.30/web/showgraph.c:1080:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcmdlen += (strlen(gdef->title+5) + strlen(displayname) + strlen(service) + strlen(glegend));
data/xymon-4.3.30/web/showgraph.c:1080:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcmdlen += (strlen(gdef->title+5) + strlen(displayname) + strlen(service) + strlen(glegend));
data/xymon-4.3.30/web/showgraph.c:1081:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; (i<rrddbcount); i++) pcmdlen += (strlen(rrddbs[i].rrdfn) + 3);
data/xymon-4.3.30/web/showgraph.c:1283:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zoomrightoffsetp += strlen(zoomrightoffsetmarker);
data/xymon-4.3.30/web/statusreport.c:61:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int needed, curlen = (filter ? strlen(filter) : 0);
data/xymon-4.3.30/web/statusreport.c:63:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needed = 10 + strlen(p); if (filter) needed += curlen;
data/xymon-4.3.30/web/statusreport.c:74:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(heading, 1024 + strlen(p) + strlen(timestamp));
data/xymon-4.3.30/web/statusreport.c:74:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(heading, 1024 + strlen(p) + strlen(timestamp));
data/xymon-4.3.30/web/statusreport.c:80:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int needed, curlen = (filter ? strlen(filter) : 0);
data/xymon-4.3.30/web/statusreport.c:82:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needed = 10 + strlen(p); if (filter) needed += curlen;
data/xymon-4.3.30/web/statusreport.c:134:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(re, 8 + 2*strlen(cookie));
data/xymon-4.3.30/web/statusreport.c:140:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(pagefilter, 10 + strlen(re));
data/xymon-4.3.30/web/statusreport.c:148:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(req, 1024 + strlen(pagefilter) + strlen(filter));
data/xymon-4.3.30/web/statusreport.c:148:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(req, 1024 + strlen(pagefilter) + strlen(filter));
data/xymon-4.3.30/web/svcstatus-info.c:77:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymoncmd, 1024 + strlen(hostname));
data/xymon-4.3.30/web/svcstatus-info.c:145:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tok && strlen(tok)) {
data/xymon-4.3.30/web/svcstatus-info.c:189:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unametxt_buflen = strlen(unametxt)+1;
data/xymon-4.3.30/web/svcstatus-info.c:199:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(unametxt, strlen(unametxt) + strlen(htmlq) + 6);
data/xymon-4.3.30/web/svcstatus-info.c:199:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(unametxt, strlen(unametxt) + strlen(htmlq) + 6);
data/xymon-4.3.30/web/svcstatus-info.c:200:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(unametxt, "<br>\n", (unametxt_buflen - strlen(unametxt)));
data/xymon-4.3.30/web/svcstatus-info.c:200:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(unametxt, "<br>\n", (unametxt_buflen - strlen(unametxt)));
data/xymon-4.3.30/web/svcstatus-info.c:201:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(unametxt, htmlq, (unametxt_buflen - strlen(unametxt)));
data/xymon-4.3.30/web/svcstatus-info.c:201:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(unametxt, htmlq, (unametxt_buflen - strlen(unametxt)));
data/xymon-4.3.30/web/svcstatus-info.c:205:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unametxt_buflen = strlen(unametxt)+1;
data/xymon-4.3.30/web/svcstatus-info.c:241:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(alert->ip, "127.0.0.1", sizeof(alert->ip));
data/xymon-4.3.30/web/svcstatus-info.c:976:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hostip, inet_ntoa(addr), sizeof(hostip)-1);
data/xymon-4.3.30/web/svcstatus-info.c:978:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(hostip, " (dynamic)", sizeof(hostip)-strlen(hostip)-1);
data/xymon-4.3.30/web/svcstatus-info.c:978:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(hostip, " (dynamic)", sizeof(hostip)-strlen(hostip)-1);
data/xymon-4.3.30/web/svcstatus-info.c:1057:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(tnames[i].name) + 2);
data/xymon-4.3.30/web/svcstatus-info.c:1057:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(key, strlen(hostname) + strlen(tnames[i].name) + 2);
data/xymon-4.3.30/web/svcstatus-trends.c:137:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelength = strlen(rrd->gdef->xymonrrdname);
data/xymon-4.3.30/web/svcstatus-trends.c:184:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = graphdef + strlen(rrd->gdef->xymonrrdname);
data/xymon-4.3.30/web/svcstatus-trends.c:202:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p == NULL) p = graphdef + strlen(graphdef); /* Ends at end of string */
data/xymon-4.3.30/web/svcstatus-trends.c:212:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(rrdlink) + strlen(partlink) + 1) >= rrdlink_buflen) {
data/xymon-4.3.30/web/svcstatus-trends.c:212:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(rrdlink) + strlen(partlink) + 1) >= rrdlink_buflen) {
data/xymon-4.3.30/web/svcstatus-trends.c:213:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(rrdlink, rrdlink_buflen + strlen(partlink) + 4096);
data/xymon-4.3.30/web/svcstatus-trends.c:215:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(rrdlink, partlink, (rrdlink_buflen - strlen(rrdlink)));
data/xymon-4.3.30/web/svcstatus-trends.c:215:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(rrdlink, partlink, (rrdlink_buflen - strlen(rrdlink)));
data/xymon-4.3.30/web/svcstatus-trends.c:262:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(fn) <= 4) || (strcmp(fn+strlen(fn)-4, ".rrd") != 0)) continue;
data/xymon-4.3.30/web/svcstatus-trends.c:262:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(fn) <= 4) || (strcmp(fn+strlen(fn)-4, ".rrd") != 0)) continue;
data/xymon-4.3.30/web/svcstatus-trends.c:304:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((buflen + strlen(onelink)) >= allrrdlinks_buflen) {
data/xymon-4.3.30/web/svcstatus.c:109:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "backsecs") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/svcstatus.c:112:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "backmins") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/svcstatus.c:115:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "backhours") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/svcstatus.c:118:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "backdays") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/svcstatus.c:121:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "FROMTIME") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/svcstatus.c:124:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strcmp(cwalk->name, "TOTIME") == 0) && cwalk->value && strlen(cwalk->value)) {
data/xymon-4.3.30/web/svcstatus.c:154:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(clienturi, strlen(req) + 10 + strlen(hostquoted));
data/xymon-4.3.30/web/svcstatus.c:154:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(clienturi, strlen(req) + 10 + strlen(hostquoted));
data/xymon-4.3.30/web/svcstatus.c:155:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(clienturi, req, clienturi_buflen);
data/xymon-4.3.30/web/svcstatus.c:156:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strchr(clienturi, '?'); if (p) *p = '\0'; else p = clienturi + strlen(clienturi);
data/xymon-4.3.30/web/svcstatus.c:209:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!service || !strlen(service)) p = csp_header("svcstatus");
data/xymon-4.3.30/web/svcstatus.c:236:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(hostdatadir, strlen(s) + strlen(hostname) + 12);
data/xymon-4.3.30/web/svcstatus.c:236:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(hostdatadir, strlen(s) + strlen(hostname) + 12);
data/xymon-4.3.30/web/svcstatus.c:241:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(hostdatadir, strlen(s) + strlen(hostname) + 12);
data/xymon-4.3.30/web/svcstatus.c:241:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(hostdatadir, strlen(s) + strlen(hostname) + 12);
data/xymon-4.3.30/web/svcstatus.c:252:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondreq, 1024 + strlen(hostname) + (service ? strlen(service) : 0));
data/xymon-4.3.30/web/svcstatus.c:252:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondreq, 1024 + strlen(hostname) + (service ? strlen(service) : 0));
data/xymon-4.3.30/web/svcstatus.c:254:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (service && *service) snprintf(xymondreq + strlen(xymondreq), (xymondreq_buflen - strlen(xymondreq)), " section=%s", service);
data/xymon-4.3.30/web/svcstatus.c:254:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (service && *service) snprintf(xymondreq + strlen(xymondreq), (xymondreq_buflen - strlen(xymondreq)), " section=%s", service);
data/xymon-4.3.30/web/svcstatus.c:260:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(errtxt, 1024 + MAX_HTMLQUOTE_FACTOR*strlen(xymondreq));
data/xymon-4.3.30/web/svcstatus.c:302:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(timesincechange, "0 minutes", sizeof(timesincechange));
data/xymon-4.3.30/web/svcstatus.c:372:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondreq, 1024 + strlen(hostname) + strlen(service));
data/xymon-4.3.30/web/svcstatus.c:372:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondreq, 1024 + strlen(hostname) + strlen(service));
data/xymon-4.3.30/web/svcstatus.c:379:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(re, 5 + strlen(complist));
data/xymon-4.3.30/web/svcstatus.c:388:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondreq, 1024 + strlen(hostname) + strlen(re));
data/xymon-4.3.30/web/svcstatus.c:388:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(xymondreq, 1024 + strlen(hostname) + strlen(re));
data/xymon-4.3.30/web/svcstatus.c:396:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((xymondresult != XYMONSEND_OK) || (log == NULL) || (strlen(log) == 0)) {
data/xymon-4.3.30/web/svcstatus.c:466:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (items[7] && strlen(items[7])) acktime = atoi(items[7]);
data/xymon-4.3.30/web/svcstatus.c:467:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (items[8] && strlen(items[8])) disabletime = atoi(items[8]);
data/xymon-4.3.30/web/svcstatus.c:470:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (items[11] && strlen(items[11])) ackmsg = items[11];
data/xymon-4.3.30/web/svcstatus.c:473:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (items[12] && strlen(items[12])) dismsg = items[12];
data/xymon-4.3.30/web/svcstatus.c:532:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(timesincechange, "0 minutes", sizeof(timesincechange));
data/xymon-4.3.30/web/svcstatus.c:539:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(nonhistenv, 10 + strlen(service));
data/xymon-4.3.30/web/svcstatus.c:602:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen("<!-- [flags:");
data/xymon-4.3.30/web/svcstatus.c:605:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(flags, p, n);
data/xymon-4.3.30/web/svcstatus.c:613:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(clientidtext);
data/xymon-4.3.30/web/svcstatus.c:616:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(clientid, p, n);
data/xymon-4.3.30/web/svcstatus.c:622:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(statusunchangedtext);
data/xymon-4.3.30/web/svcstatus.c:624:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(timesincechange, p, n);
data/xymon-4.3.30/web/svcstatus.c:630:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(receivedfromtext);
data/xymon-4.3.30/web/svcstatus.c:633:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sender, p, n);
data/xymon-4.3.30/web/svcstatus.c:656:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(clienturi, 1024 + strlen(cgiurl) + MAX_HTMLQUOTE_FACTOR*strlen(htmlquoted(hostname)) + strlen(clientid));
data/xymon-4.3.30/web/svcstatus.c:656:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(clienturi, 1024 + strlen(cgiurl) + MAX_HTMLQUOTE_FACTOR*strlen(htmlquoted(hostname)) + strlen(clientid));
data/xymon-4.3.30/web/svcstatus.c:656:106: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(clienturi, 1024 + strlen(cgiurl) + MAX_HTMLQUOTE_FACTOR*strlen(htmlquoted(hostname)) + strlen(clientid));
data/xymon-4.3.30/web/svcstatus.c:669:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curlen = strlen(clienturi);
data/xymon-4.3.30/web/svcstatus.c:671:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_REALLOC(clienturi, 1024 + curlen + strlen(clientid));
data/xymon-4.3.30/web/svcstatus.c:755:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(multigraphs, strlen(p+1) + 3);
data/xymon-4.3.30/web/useradm.c:117:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(passfile, strlen(xgetenv("XYMONHOME")) + 20);
data/xymon-4.3.30/xymond/client/bbwin.c:374:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (svcauto && strlen(svcauto) > 1 &&
data/xymon-4.3.30/xymond/client/bbwin.c:397:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (svcauto && strlen(svcauto) > 1) {
data/xymon-4.3.30/xymond/client/irix.c:87:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = pcre_exec(memptn, NULL, memline, strlen(memline), 0, 0, ovector, (sizeof(ovector)/sizeof(int)));
data/xymon-4.3.30/xymond/client/linux.c:156:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statcopy = (char *)malloc(strlen(mdstatstr) + 10);
data/xymon-4.3.30/xymond/client/mqcollect.c:72:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(bol, qmline, strlen(qmline)) == 0) {
data/xymon-4.3.30/xymond/client/mqcollect.c:76:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qmid = strdup(bol+strlen(qmline));
data/xymon-4.3.30/xymond/client/zos.c:316:25: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(cicsentry, "%8s %10s %8s %d %f %f", cicsappl, cicsdate, cicstime, &numtrans, &dsapct, &edsapct);
data/xymon-4.3.30/xymond/client/zos.c:439:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bol) > cmdofs) add_process_count(bol+cmdofs);
data/xymon-4.3.30/xymond/client/zvm.c:249:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bol) > cmdofs) add_process_count(bol+cmdofs);
data/xymon-4.3.30/xymond/client/zvse.c:206:25: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(cicsentry, "%8s %10s %8s %d %f %f", cicsappl, cicsdate, cicstime, &numtrans, &dsapct, &edsapct);
data/xymon-4.3.30/xymond/client/zvse.c:329:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bol) > cmdofs) add_process_count(bol+cmdofs);
data/xymon-4.3.30/xymond/client/zvse.c:534:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pid, jinfo, 2); /* Copy partition ID */
data/xymon-4.3.30/xymond/client_config.c:498:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(grouplist + strlen(grouplist) - 1) = '\0';
data/xymon-4.3.30/xymond/client_config.c:511:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key = (char *)malloc(strlen(group)+3);
data/xymon-4.3.30/xymond/client_config.c:524:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curlen = strlen(grouplist);
data/xymon-4.3.30/xymond/client_config.c:525:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
grouplist = (char *)realloc(grouplist, curlen + strlen(key) + 2);
data/xymon-4.3.30/xymond/client_config.c:2398:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mibkeyval_id = (char *)malloc(strlen(mibname) + (keyname ? strlen(keyname) : 0) + strlen(valname) + 3);
data/xymon-4.3.30/xymond/client_config.c:2398:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mibkeyval_id = (char *)malloc(strlen(mibname) + (keyname ? strlen(keyname) : 0) + strlen(valname) + 3);
data/xymon-4.3.30/xymond/client_config.c:2398:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mibkeyval_id = (char *)malloc(strlen(mibname) + (keyname ? strlen(keyname) : 0) + strlen(valname) + 3);
data/xymon-4.3.30/xymond/client_config.c:2429:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *mibval_id = (char *)malloc(strlen(mibname) + strlen(valname) + 2);
data/xymon-4.3.30/xymond/client_config.c:2429:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *mibval_id = (char *)malloc(strlen(mibname) + strlen(valname) + 2);
data/xymon-4.3.30/xymond/client_config.c:3513:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.port.localexp->pattern) + 10;
data/xymon-4.3.30/xymond/client_config.c:3515:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.port.exlocalexp->pattern) + 10;
data/xymon-4.3.30/xymond/client_config.c:3517:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.port.remoteexp->pattern) + 10;
data/xymon-4.3.30/xymond/client_config.c:3519:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.port.exremoteexp->pattern) + 10;
data/xymon-4.3.30/xymond/client_config.c:3521:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.port.stateexp->pattern) + 10;
data/xymon-4.3.30/xymond/client_config.c:3523:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.port.exstateexp->pattern) + 10;
data/xymon-4.3.30/xymond/client_config.c:3540:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat((*walk)->rule->statustext, ":");
data/xymon-4.3.30/xymond/client_config.c:3563:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.svc.svcname) + 10;
data/xymon-4.3.30/xymond/client_config.c:3565:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.svc.startup) + 10;
data/xymon-4.3.30/xymond/client_config.c:3567:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.svc.state) + 10;
data/xymon-4.3.30/xymond/client_config.c:3569:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.svc.startupexp->pattern) + 10;
data/xymon-4.3.30/xymond/client_config.c:3571:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz += strlen((*walk)->rule->rule.svc.stateexp->pattern) + 10;
data/xymon-4.3.30/xymond/combostatus.c:127:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn = (char *)malloc(1024 + strlen(xgetenv("XYMONHOME")));
data/xymon-4.3.30/xymond/combostatus.c:160:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inp)) memmove(outp, inp, strlen(inp)+1);
data/xymon-4.3.30/xymond/combostatus.c:160:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inp)) memmove(outp, inp, strlen(inp)+1);
data/xymon-4.3.30/xymond/combostatus.c:219:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pattern = (char *)malloc(1 + strlen(hostname) + 1 + strlen(testname) + 1 + 1);
data/xymon-4.3.30/xymond/combostatus.c:219:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pattern = (char *)malloc(1 + strlen(hostname) + 1 + strlen(testname) + 1 + 1);
data/xymon-4.3.30/xymond/combostatus.c:222:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(board, pattern+1, strlen(pattern+1)) == 0) {
data/xymon-4.3.30/xymond/combostatus.c:232:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colstr = found + strlen(pattern);
data/xymon-4.3.30/xymond/combostatus.c:261:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(errtext) > 0) {
data/xymon-4.3.30/xymond/combostatus.c:265:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*errbuf = (char *)realloc(*errbuf, strlen(*errbuf)+strlen(errtext)+1);
data/xymon-4.3.30/xymond/combostatus.c:265:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*errbuf = (char *)realloc(*errbuf, strlen(*errbuf)+strlen(errtext)+1);
data/xymon-4.3.30/xymond/combostatus.c:324:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp += strlen(outp);
data/xymon-4.3.30/xymond/combostatus.c:359:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*errbuf = (char *)realloc(*errbuf, strlen(*errbuf)+strlen(errtext)+1);
data/xymon-4.3.30/xymond/combostatus.c:359:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*errbuf = (char *)realloc(*errbuf, strlen(*errbuf)+strlen(errtext)+1);
data/xymon-4.3.30/xymond/do_alert.c:63:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key = (char *)malloc(strlen(hostname)+strlen(testname)+15);
data/xymon-4.3.30/xymond/do_alert.c:63:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key = (char *)malloc(strlen(hostname)+strlen(testname)+15);
data/xymon-4.3.30/xymond/do_alert.c:68:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
myMD5_Update(md5handle, key, strlen(key));
data/xymon-4.3.30/xymond/do_alert.c:90:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svccodes = (char *)malloc(strlen(p)+2);
data/xymon-4.3.30/xymond/do_alert.c:94:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tname = (char *)malloc(strlen(testname)+3);
data/xymon-4.3.30/xymond/do_alert.c:126:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = (char *) malloc(strlen(alert->hostname) + strlen(alert->testname) + strlen(method) + strlen(recip->recipient) + 4);
data/xymon-4.3.30/xymond/do_alert.c:126:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = (char *) malloc(strlen(alert->hostname) + strlen(alert->testname) + strlen(method) + strlen(recip->recipient) + 4);
data/xymon-4.3.30/xymond/do_alert.c:126:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = (char *) malloc(strlen(alert->hostname) + strlen(alert->testname) + strlen(method) + strlen(recip->recipient) + 4);
data/xymon-4.3.30/xymond/do_alert.c:126:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = (char *) malloc(strlen(alert->hostname) + strlen(alert->testname) + strlen(method) + strlen(recip->recipient) + 4);
data/xymon-4.3.30/xymond/do_alert.c:149:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *)malloc(strlen(reciptext) + strlen(hostname) + strlen(svcname) + strlen(colorname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:149:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *)malloc(strlen(reciptext) + strlen(hostname) + strlen(svcname) + strlen(colorname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:149:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *)malloc(strlen(reciptext) + strlen(hostname) + strlen(svcname) + strlen(colorname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:149:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *)malloc(strlen(reciptext) + strlen(hostname) + strlen(svcname) + strlen(colorname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:173:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(result, "&");
data/xymon-4.3.30/xymond/do_alert.c:388:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen("BBALPHAMSG=");
data/xymon-4.3.30/xymond/do_alert.c:527:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfidtxt = (char *)malloc(strlen("CFID=") + 10);
data/xymon-4.3.30/xymond/do_alert.c:533:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msglen = strlen(p);
data/xymon-4.3.30/xymond/do_alert.c:534:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (msglen > (max_alertmsg_scripts - strlen("BBALPHAMSG="))) {
data/xymon-4.3.30/xymond/do_alert.c:541:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ackcode = (char *)malloc(strlen("ACKCODE=") + 10);
data/xymon-4.3.30/xymond/do_alert.c:545:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcpt = (char *)malloc(strlen("RCPT=") + strlen(scriptrecip) + 1);
data/xymon-4.3.30/xymond/do_alert.c:545:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcpt = (char *)malloc(strlen("RCPT=") + strlen(scriptrecip) + 1);
data/xymon-4.3.30/xymond/do_alert.c:549:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbhostname = (char *)malloc(strlen("BBHOSTNAME=") + strlen(alert->hostname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:549:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbhostname = (char *)malloc(strlen("BBHOSTNAME=") + strlen(alert->hostname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:553:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbhostsvc = (char *)malloc(strlen("BBHOSTSVC=") + strlen(alert->hostname) + 1 + strlen(alert->testname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:553:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbhostsvc = (char *)malloc(strlen("BBHOSTSVC=") + strlen(alert->hostname) + 1 + strlen(alert->testname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:553:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbhostsvc = (char *)malloc(strlen("BBHOSTSVC=") + strlen(alert->hostname) + 1 + strlen(alert->testname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:557:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbhostsvccommas = (char *)malloc(strlen("BBHOSTSVCCOMMAS=") + strlen(alert->hostname) + 1 + strlen(alert->testname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:557:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbhostsvccommas = (char *)malloc(strlen("BBHOSTSVCCOMMAS=") + strlen(alert->hostname) + 1 + strlen(alert->testname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:557:98: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbhostsvccommas = (char *)malloc(strlen("BBHOSTSVCCOMMAS=") + strlen(alert->hostname) + 1 + strlen(alert->testname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:561:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbnumeric = (char *)malloc(strlen("BBNUMERIC=") + 22 + 1);
data/xymon-4.3.30/xymond/do_alert.c:570:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
machip = (char *)malloc(strlen("MACHIP=") + 13);
data/xymon-4.3.30/xymond/do_alert.c:574:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbsvcname = (char *)malloc(strlen("BBSVCNAME=") + strlen(alert->testname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:574:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbsvcname = (char *)malloc(strlen("BBSVCNAME=") + strlen(alert->testname) + 1);
data/xymon-4.3.30/xymond/do_alert.c:578:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbsvcnum = (char *)malloc(strlen("BBSVCNUM=") + 10);
data/xymon-4.3.30/xymond/do_alert.c:582:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbcolorlevel = (char *)malloc(strlen("BBCOLORLEVEL=") + strlen(colorname(alert->color)) + 1);
data/xymon-4.3.30/xymond/do_alert.c:582:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbcolorlevel = (char *)malloc(strlen("BBCOLORLEVEL=") + strlen(colorname(alert->color)) + 1);
data/xymon-4.3.30/xymond/do_alert.c:586:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
recovered = (char *)malloc(strlen("RECOVERED=") + 2);
data/xymon-4.3.30/xymond/do_alert.c:600:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
downsecs = (char *)malloc(strlen("DOWNSECS=") + 20);
data/xymon-4.3.30/xymond/do_alert.c:604:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eventtstamp = (char *)malloc(strlen("EVENTSTART=") + 20);
data/xymon-4.3.30/xymond/do_alert.c:609:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
downsecsmsg = (char *)malloc(strlen("DOWNSECSMSG=Event duration :") + 20);
data/xymon-4.3.30/xymond/do_alert.c:618:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alertidenv = (char *)malloc(strlen("ALERTID=") + strlen(alertid) + 10);
data/xymon-4.3.30/xymond/do_alert.c:618:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alertidenv = (char *)malloc(strlen("ALERTID=") + strlen(alertid) + 10);
data/xymon-4.3.30/xymond/do_alert.c:631:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbhenv = (char *)malloc(strlen(id) + strlen(itm) + 2);
data/xymon-4.3.30/xymond/do_alert.c:631:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bbhenv = (char *)malloc(strlen(id) + strlen(itm) + 2);
data/xymon-4.3.30/xymond/do_alert.c:767:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = (char *)malloc(strlen(alert->hostname)+strlen(alert->testname)+3);
data/xymon-4.3.30/xymond/do_alert.c:767:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = (char *)malloc(strlen(alert->hostname)+strlen(alert->testname)+3);
data/xymon-4.3.30/xymond/do_alert.c:771:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(rptwalk->recipid, id, strlen(id)) == 0) {
data/xymon-4.3.30/xymond/do_alert.c:855:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!found && (strncmp(statusbuf, p+1, strlen(p+1)) == 0))
data/xymon-4.3.30/xymond/do_rrd.c:199:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rrdfn) >= (NAME_MAX - 50)) {
data/xymon-4.3.30/xymond/do_rrd.c:280:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rrdfn == NULL) || (strlen(rrdfn) == 0)) {
data/xymon-4.3.30/xymond/do_rrd.c:308:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
updcache_keyofs = strlen(rrddir);
data/xymon-4.3.30/xymond/do_rrd.c:346:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rrakey = (char *)malloc(strlen(testname) + 10);
data/xymon-4.3.30/xymond/do_rrd.c:542:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(hostname);
data/xymon-4.3.30/xymond/rrd/do_apache.c:32:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((p = strstr(msg, "BusyServers:")) != NULL) memcpy(p, "BusyWorkers:", strlen("BusyWorkers:"));
data/xymon-4.3.30/xymond/rrd/do_apache.c:33:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((p = strstr(msg, "IdleServers:")) != NULL) memcpy(p, "IdleWorkers:", strlen("IdleWorkers:"));
data/xymon-4.3.30/xymond/rrd/do_apache.c:39:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(rrdvalues, ":");
data/xymon-4.3.30/xymond/rrd/do_apache.c:50:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(rrdvalues, "U");
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:162:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
execname=xmalloc(strlen(start));
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:238:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptn && strlen(ptn)) {
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:244:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptn && strlen(ptn)) {
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:291:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diskname=xmalloc(strlen(columns[0])+2);
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:313:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(exclpattern, NULL, diskname, strlen(diskname),
data/xymon-4.3.30/xymond/rrd/do_dbcheck.c:322:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(inclpattern, NULL, diskname, strlen(diskname),
data/xymon-4.3.30/xymond/rrd/do_devmon.c:102:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(rrdvalues,":");
data/xymon-4.3.30/xymond/rrd/do_disk.c:37:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptn && strlen(ptn)) {
data/xymon-4.3.30/xymond/rrd/do_disk.c:43:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptn && strlen(ptn)) {
data/xymon-4.3.30/xymond/rrd/do_disk.c:136:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diskname = xmalloc(strlen(columns[0])+2);
data/xymon-4.3.30/xymond/rrd/do_disk.c:184:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(exclpattern, NULL, diskname, strlen(diskname),
data/xymon-4.3.30/xymond/rrd/do_disk.c:193:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(inclpattern, NULL, diskname, strlen(diskname),
data/xymon-4.3.30/xymond/rrd/do_external.c:42:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(msg, strlen(msg), 1, fd) != 1) {
data/xymon-4.3.30/xymond/rrd/do_ifstat.c:217:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ifname[strlen(ifname)-1] == ':') ifname[strlen(ifname)-1] = '\0';
data/xymon-4.3.30/xymond/rrd/do_ifstat.c:217:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ifname[strlen(ifname)-1] == ':') ifname[strlen(ifname)-1] = '\0';
data/xymon-4.3.30/xymond/rrd/do_la.c:51:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen("CPU Usage=");
data/xymon-4.3.30/xymond/rrd/do_la.c:80:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = pcre_exec(zVM_exp, NULL, msg, strlen(msg), 0, 0, ovector, (sizeof(ovector)/sizeof(int)));
data/xymon-4.3.30/xymond/rrd/do_la.c:84:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w)) {
data/xymon-4.3.30/xymond/rrd/do_la.c:128:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strchr(p, '.'); if (strlen(p) > 3) *(p+3) = '\0';
data/xymon-4.3.30/xymond/rrd/do_la.c:154:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = pcre_exec(as400_exp, NULL, msg, strlen(msg), 0, 0, ovector, (sizeof(ovector)/sizeof(int)));
data/xymon-4.3.30/xymond/rrd/do_la.c:158:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w)) {
data/xymon-4.3.30/xymond/rrd/do_la.c:163:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w)) {
data/xymon-4.3.30/xymond/rrd/do_ncv.c:34:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
envnam = (char *)malloc(9 + strlen(testname) + 1);
data/xymon-4.3.30/xymond/rrd/do_ncv.c:50:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dstypes = (char *)malloc(strlen(l)+3);
data/xymon-4.3.30/xymond/rrd/do_ncv.c:193:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dstype += strlen(dskey);
data/xymon-4.3.30/xymond/rrd/do_ncv.c:217:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(rrdvalues+strlen(rrdvalues), sizeof(rrdvalues)-strlen(rrdvalues), ":%s", val);
data/xymon-4.3.30/xymond/rrd/do_ncv.c:217:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(rrdvalues+strlen(rrdvalues), sizeof(rrdvalues)-strlen(rrdvalues), ":%s", val);
data/xymon-4.3.30/xymond/rrd/do_netapp.c:510:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptn && strlen(ptn)) {
data/xymon-4.3.30/xymond/rrd/do_netapp.c:516:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptn && strlen(ptn)) {
data/xymon-4.3.30/xymond/rrd/do_netapp.c:573:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diskname=xmalloc(strlen(columns[5+snapreserve])+2);
data/xymon-4.3.30/xymond/rrd/do_netapp.c:598:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(exclpattern, NULL, diskname, strlen(diskname),
data/xymon-4.3.30/xymond/rrd/do_netapp.c:607:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(inclpattern, NULL, diskname, strlen(diskname),
data/xymon-4.3.30/xymond/rrd/do_netstat.c:382:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(layout[i])) {
data/xymon-4.3.30/xymond/rrd/do_netstat.c:385:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ln += strlen(layout[i]);
data/xymon-4.3.30/xymond/rrd/do_netstat.c:413:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(layout[i])) {
data/xymon-4.3.30/xymond/rrd/do_snmpmib.c:113:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newitem->dsdefs[newitem->valcount] = (char *)malloc(strlen(swalk->oids[i].dsname) + 20);
data/xymon-4.3.30/xymond/rrd/do_trends.c:87:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(rrdvalues+strlen(rrdvalues), sizeof(rrdvalues)-strlen(rrdvalues), ":%s", valptr);
data/xymon-4.3.30/xymond/rrd/do_trends.c:87:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(rrdvalues+strlen(rrdvalues), sizeof(rrdvalues)-strlen(rrdvalues), ":%s", valptr);
data/xymon-4.3.30/xymond/rrd/do_vmstat.c:473:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
creparams[defidx] = (char *)malloc(strlen(layout[defidx].name) + strlen("DS::GAUGE:600:0:U") + 1);
data/xymon-4.3.30/xymond/rrd/do_vmstat.c:473:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
creparams[defidx] = (char *)malloc(strlen(layout[defidx].name) + strlen("DS::GAUGE:600:0:U") + 1);
data/xymon-4.3.30/xymond/rrd/do_xymond.c:90:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(rrdvalues, valstr, sizeof(rrdvalues)-strlen(rrdvalues)-1);
data/xymon-4.3.30/xymond/rrd/do_xymond.c:90:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(rrdvalues, valstr, sizeof(rrdvalues)-strlen(rrdvalues)-1);
data/xymon-4.3.30/xymond/rrdcachectl.c:76:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytesleft = strlen(buf)+1;
data/xymon-4.3.30/xymond/trimhistory.c:73:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(board, strlen(board), 1, fd);
data/xymon-4.3.30/xymond/trimhistory.c:247:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(fn);
data/xymon-4.3.30/xymond/xymon-mailack.c:104:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(subjexp, NULL, subjectline, strlen(subjectline), 0, 0, ovector, (sizeof(ovector)/sizeof(int)));
data/xymon-4.3.30/xymond/xymon-mailack.c:121:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(subjexp, NULL, subjectline, strlen(subjectline), 0, 0, ovector, (sizeof(ovector)/sizeof(int)));
data/xymon-4.3.30/xymond/xymon-mailack.c:136:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = pcre_exec(subjexp, NULL, subjectline, strlen(subjectline), 0, 0, ovector, (sizeof(ovector)/sizeof(int)));
data/xymon-4.3.30/xymond/xymon-mailack.c:156:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ackbuf = (char *)malloc(4096 + strlen(firsttxtline) + (fromline ? strlen(fromline) : 0));
data/xymon-4.3.30/xymond/xymon-mailack.c:156:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ackbuf = (char *)malloc(4096 + strlen(firsttxtline) + (fromline ? strlen(fromline) : 0));
data/xymon-4.3.30/xymond/xymond.c:403:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (xymond_stats[i].cmd && strncmp(xymond_stats[i].cmd, cmd, strlen(xymond_stats[i].cmd))) { i++; }
data/xymon-4.3.30/xymond/xymond.c:943:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(channel->channelbuf, "\n@@\n", (bufsz-1));
data/xymon-4.3.30/xymond/xymond.c:1007:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!gwalk && (strlen(hostname) != strspn(hostname, "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ:,._-")) ) {
data/xymon-4.3.30/xymond/xymond.c:1132:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int testlength = strlen(testname);
data/xymon-4.3.30/xymond/xymond.c:1258:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!twalk && !is_summary && (strlen(testname) != strspn(testname, "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ:\\/_-")) ) {
data/xymon-4.3.30/xymond/xymond.c:1374:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(testname) + 1;
data/xymon-4.3.30/xymond/xymond.c:1404:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(testname);
data/xymon-4.3.30/xymond/xymond.c:1433:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msglen = strlen(msg);
data/xymon-4.3.30/xymond/xymond.c:1646:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(log->sender, sender, sizeof(log->sender)-1);
data/xymon-4.3.30/xymond/xymond.c:1749:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(colorname(newcolor));
data/xymon-4.3.30/xymond/xymond.c:1759:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(log->testflags) >= strlen(flagstart))
data/xymon-4.3.30/xymond/xymond.c:1759:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(log->testflags) >= strlen(flagstart))
data/xymon-4.3.30/xymond/xymond.c:1762:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log->testflags = realloc(log->testflags, strlen(flagstart));
data/xymon-4.3.30/xymond/xymond.c:1952:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mwalk->cause = (char *)malloc(strlen(cause) + 10); /* 10 for maxlength of colorname + markers */
data/xymon-4.3.30/xymond/xymond.c:1997:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (origin) buflen += strlen(origin); else dbgprintf(" origin is NULL\n");
data/xymon-4.3.30/xymond/xymond.c:1998:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hostname) buflen += strlen(hostname); else dbgprintf(" hostname is NULL\n");
data/xymon-4.3.30/xymond/xymond.c:1999:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (testname) buflen += strlen(testname); else dbgprintf(" testname is NULL\n");
data/xymon-4.3.30/xymond/xymond.c:2000:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (classname) buflen += strlen(classname);
data/xymon-4.3.30/xymond/xymond.c:2001:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pagepath) buflen += strlen(pagepath);
data/xymon-4.3.30/xymond/xymond.c:2002:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (msg) buflen += strlen(msg); else dbgprintf(" msg is NULL\n");
data/xymon-4.3.30/xymond/xymond.c:2077:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txtstart = msg->buf + (durstr + strlen(durstr) - firstline);
data/xymon-4.3.30/xymond/xymond.c:2087:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = hosttest + strlen(hosttest) - 1;
data/xymon-4.3.30/xymond/xymond.c:2307:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
channelmsg = (char *)malloc(1024 + strlen(msgtext));
data/xymon-4.3.30/xymond/xymond.c:2333:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen += strlen(hostname) + strlen(clientos) + strlen(theclass) + strlen(collectorid);
data/xymon-4.3.30/xymond/xymond.c:2333:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen += strlen(hostname) + strlen(clientos) + strlen(theclass) + strlen(collectorid);
data/xymon-4.3.30/xymond/xymond.c:2333:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen += strlen(hostname) + strlen(clientos) + strlen(theclass) + strlen(collectorid);
data/xymon-4.3.30/xymond/xymond.c:2333:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen += strlen(hostname) + strlen(clientos) + strlen(theclass) + strlen(collectorid);
data/xymon-4.3.30/xymond/xymond.c:2334:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (msg) { msglen = strlen(msg); buflen += msglen; } else { dbgprintf(" msg is NULL\n"); return; }
data/xymon-4.3.30/xymond/xymond.c:2345:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cwalk->msg) >= msglen)
data/xymon-4.3.30/xymond/xymond.c:2511:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *msgbuf = (char *)malloc(20 + strlen(hostname) + (n1 ? strlen(n1) : 0) + (n2 ? strlen(n2) : 0));
data/xymon-4.3.30/xymond/xymond.c:2511:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *msgbuf = (char *)malloc(20 + strlen(hostname) + (n1 ? strlen(n1) : 0) + (n2 ? strlen(n2) : 0));
data/xymon-4.3.30/xymond/xymond.c:2511:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *msgbuf = (char *)malloc(20 + strlen(hostname) + (n1 ? strlen(n1) : 0) + (n2 ? strlen(n2) : 0));
data/xymon-4.3.30/xymond/xymond.c:2537:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(msgbuf)) {
data/xymon-4.3.30/xymond/xymond.c:2720:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnlen = strlen(fn);
data/xymon-4.3.30/xymond/xymond.c:2786:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, result, st.st_size);
data/xymon-4.3.30/xymond/xymond.c:3022:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ptn = (char *)malloc(strlen(xgetenv("PINGCOLUMN")) + 3);
data/xymon-4.3.30/xymond/xymond.c:3035:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ptn = (char *)malloc(strlen(xgetenv("PINGCOLUMN")) + 3);
data/xymon-4.3.30/xymond/xymond.c:3494:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sender, inet_ntoa(msg->addr.sin_addr), sizeof(sender));
data/xymon-4.3.30/xymond/xymond.c:3616:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(msgfrom, "\nStatus message received from %15s\n", sender);
data/xymon-4.3.30/xymond/xymond.c:3693:4: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(msgfrom, "\nStatus message received from %15s\n", sender);
data/xymon-4.3.30/xymond/xymond.c:3734:4: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(msgfrom, "\nStatus message received from %15s\n", sender);
data/xymon-4.3.30/xymond/xymond.c:3738:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bhost = msg->buf + strlen("data"); bhost += strspn(bhost, " \t");
data/xymon-4.3.30/xymond/xymond.c:3903:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bol += strlen(colorname(msgcol));
data/xymon-4.3.30/xymond/xymond.c:3912:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->buflen = strlen(msg->buf);
data/xymon-4.3.30/xymond/xymond.c:3946:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log->msgsz = strlen(log->message) + 1;
data/xymon-4.3.30/xymond/xymond.c:3979:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log->msgsz = strlen(log->message) + 1;
data/xymon-4.3.30/xymond/xymond.c:4125:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lwalk->msgsz = strlen(lwalk->message) + 1;
data/xymon-4.3.30/xymond/xymond.c:4198:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lwalk->msgsz = strlen(lwalk->message) + 1;
data/xymon-4.3.30/xymond/xymond.c:4260:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clonehost += strlen(" clone=");
data/xymon-4.3.30/xymond/xymond.c:4429:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->buflen = strlen(msg->buf);
data/xymon-4.3.30/xymond/xymond.c:4447:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd) == 0) {
data/xymon-4.3.30/xymond/xymond.c:4511:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(ipline, "\nClientIP:%15s\n", sender);
data/xymon-4.3.30/xymond/xymond.c:4596:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->buflen = strlen(msg->buf);
data/xymon-4.3.30/xymond/xymond.c:4607:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = msg->buf + strlen("clientlog"); p += strspn(p, "\t ");
data/xymon-4.3.30/xymond/xymond.c:4628:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->buflen = strlen(msg->buf);
data/xymon-4.3.30/xymond/xymond.c:4637:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *sectmarker = (char *)malloc(strlen(onesect) + 4);
data/xymon-4.3.30/xymond/xymond.c:4769:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempfn = malloc(strlen(checkpointfn) + 20);
data/xymon-4.3.30/xymond/xymond.c:4964:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case 2: if (strlen(item)) hostname = item; else err=1; break;
data/xymon-4.3.30/xymond/xymond.c:4965:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case 3: if (strlen(item)) testname = item; else err=1; break;
data/xymon-4.3.30/xymond/xymond.c:4977:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case 15: if (strlen(item)) statusmsg = item; else err=1; break;
data/xymon-4.3.30/xymond/xymond.c:5057:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ltail->testflags = ( (testflags && strlen(testflags)) ? strdup(testflags) : NULL);
data/xymon-4.3.30/xymond/xymond.c:5070:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ltail->msgsz = strlen(statusmsg)+1;
data/xymon-4.3.30/xymond/xymond.c:5072:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (disablemsg && strlen(disablemsg)) {
data/xymon-4.3.30/xymond/xymond.c:5079:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ackmsg && strlen(ackmsg)) {
data/xymon-4.3.30/xymond/xymond.c:5271:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
defaultreddelay = xgetenv("DELAYRED"); if (defaultreddelay && (strlen(defaultreddelay) == 0)) defaultreddelay = NULL;
data/xymon-4.3.30/xymond/xymond.c:5272:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
defaultyellowdelay = xgetenv("DELAYYELLOW"); if (defaultyellowdelay && (strlen(defaultyellowdelay) == 0)) defaultyellowdelay = NULL;
data/xymon-4.3.30/xymond/xymond.c:5489:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostsfn = (char *)realloc(hostsfn, strlen(hostsfn) + 2);
data/xymon-4.3.30/xymond/xymond.c:5490:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(hostsfn+1, hostsfn, strlen(hostsfn)+1);
data/xymon-4.3.30/xymond/xymond.c:5832:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(cwalk->sock, cwalk->bufp, (cwalk->bufsz - cwalk->buflen - 1));
data/xymon-4.3.30/xymond/xymond.c:5917:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
task.buflen = strlen(runtask->command); task.bufsz = task.buflen+1;
data/xymon-4.3.30/xymond/xymond_alert.c:263:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subfn = (char *)malloc(strlen(filename)+5);
data/xymon-4.3.30/xymond/xymond_alert.c:338:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key = (char *)malloc(strlen(newalert->hostname) + strlen(newalert->testname) + 100);
data/xymon-4.3.30/xymond/xymond_alert.c:338:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key = (char *)malloc(strlen(newalert->hostname) + strlen(newalert->testname) + 100);
data/xymon-4.3.30/xymond/xymond_alert.c:341:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!valid && (strncmp(statusbuf, key+1, strlen(key+1)) == 0)) valid = statusbuf;
data/xymon-4.3.30/xymond/xymond_alert.c:355:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(item[8])) {
data/xymon-4.3.30/xymond/xymond_alert.c:359:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(item[9])) {
data/xymon-4.3.30/xymond/xymond_alert.c:369:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subfn = (char *)malloc(strlen(filename)+5);
data/xymon-4.3.30/xymond/xymond_alert.c:746:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
awalk->pagemessage = (char *)malloc(strlen(awalk->hostname) + strlen(awalk->testname) + strlen(colorname(awalk->color)) + strlen(metadata[15]) + strlen(restofmsg) + 10);
data/xymon-4.3.30/xymond/xymond_alert.c:746:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
awalk->pagemessage = (char *)malloc(strlen(awalk->hostname) + strlen(awalk->testname) + strlen(colorname(awalk->color)) + strlen(metadata[15]) + strlen(restofmsg) + 10);
data/xymon-4.3.30/xymond/xymond_alert.c:746:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
awalk->pagemessage = (char *)malloc(strlen(awalk->hostname) + strlen(awalk->testname) + strlen(colorname(awalk->color)) + strlen(metadata[15]) + strlen(restofmsg) + 10);
data/xymon-4.3.30/xymond/xymond_alert.c:746:127: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
awalk->pagemessage = (char *)malloc(strlen(awalk->hostname) + strlen(awalk->testname) + strlen(colorname(awalk->color)) + strlen(metadata[15]) + strlen(restofmsg) + 10);
data/xymon-4.3.30/xymond/xymond_alert.c:746:150: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
awalk->pagemessage = (char *)malloc(strlen(awalk->hostname) + strlen(awalk->testname) + strlen(colorname(awalk->color)) + strlen(metadata[15]) + strlen(restofmsg) + 10);
data/xymon-4.3.30/xymond/xymond_alert.c:863:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && strlen(fn)) {
data/xymon-4.3.30/xymond/xymond_capture.c:196:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && strlen(fn)) {
data/xymon-4.3.30/xymond/xymond_capture.c:301:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = (pcre_exec(hostexp, NULL, hostname, strlen(hostname), 0, 0, ovector, (sizeof(ovector)/sizeof(int))) >= 0);
data/xymon-4.3.30/xymond/xymond_capture.c:305:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = (pcre_exec(exhostexp, NULL, hostname, strlen(hostname), 0, 0, ovector, (sizeof(ovector)/sizeof(int))) >= 0);
data/xymon-4.3.30/xymond/xymond_capture.c:309:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = (pcre_exec(testexp, NULL, testname, strlen(testname), 0, 0, ovector, (sizeof(ovector)/sizeof(int))) >= 0);
data/xymon-4.3.30/xymond/xymond_capture.c:313:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = (pcre_exec(extestexp, NULL, testname, strlen(testname), 0, 0, ovector, (sizeof(ovector)/sizeof(int))) >= 0);
data/xymon-4.3.30/xymond/xymond_capture.c:317:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = (pcre_exec(colorexp, NULL, color, strlen(color), 0, 0, ovector, (sizeof(ovector)/sizeof(int))) >= 0);
data/xymon-4.3.30/xymond/xymond_channel.c:225:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *logfnenv = (char *)malloc(strlen(logfn) + 30);
data/xymon-4.3.30/xymond/xymond_channel.c:308:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int inlen = strlen(inbuf);
data/xymon-4.3.30/xymond/xymond_channel.c:613:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgsz = strlen(channel->channelbuf);
data/xymon-4.3.30/xymond/xymond_channel.c:678:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(inbuf+hlen+1, hashstr, strlen(hashstr));
data/xymon-4.3.30/xymond/xymond_client.c:420:23: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (savech == '%') strcat(loadresult, "%");
data/xymon-4.3.30/xymond/xymond_client.c:841:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dfstr) == 0) {
data/xymon-4.3.30/xymond/xymond_client.c:1090:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bol) > cmdofs) add_process_count(bol+cmdofs);
data/xymon-4.3.30/xymond/xymond_client.c:1652:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) == 1) {
data/xymon-4.3.30/xymond/xymond_client.c:1851:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hostname) == 0) {
data/xymon-4.3.30/xymond/xymond_client.c:1959:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sectname = (char *)malloc(strlen(s) + 20);
data/xymon-4.3.30/xymond/xymond_client.c:2326:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && strlen(fn)) {
data/xymon-4.3.30/xymond/xymond_distribute.c:105:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && strlen(fn)) {
data/xymon-4.3.30/xymond/xymond_distribute.c:137:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (metadata[6] && strlen(metadata[6])) {
data/xymon-4.3.30/xymond/xymond_distribute.c:139:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(newmsg + strlen(newmsg), " %s", metadata[6]);
data/xymon-4.3.30/xymond/xymond_distribute.c:145:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newmsg) > 0) {
data/xymon-4.3.30/xymond/xymond_filestore.c:60:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(msg, strlen(msg), 1, logfd);
data/xymon-4.3.30/xymond/xymond_filestore.c:99:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpfn = (char *) malloc(strlen(fn)+5);
data/xymon-4.3.30/xymond/xymond_filestore.c:171:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ckey = (char *)malloc(strlen(key) + 3);
data/xymon-4.3.30/xymond/xymond_filestore.c:237:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
onlytests = (char *)malloc(3 + strlen(p));
data/xymon-4.3.30/xymond/xymond_filestore.c:242:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
multigraphs = (char *)malloc(strlen(p+1) + 3);
data/xymon-4.3.30/xymond/xymond_filestore.c:322:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (metadata[12] && strlen(metadata[12])) ackmsg = metadata[12];
data/xymon-4.3.30/xymond/xymond_filestore.c:326:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (metadata[14] && strlen(metadata[14]) && (disabletime > 0)) dismsg = metadata[14];
data/xymon-4.3.30/xymond/xymond_filestore.c:378:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostlead = malloc(strlen(hostname) + 2);
data/xymon-4.3.30/xymond/xymond_filestore.c:379:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcpy(hostlead, hostname); strcat(hostlead, ".");
data/xymon-4.3.30/xymond/xymond_filestore.c:384:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(de->d_name, hostlead, strlen(hostlead)) == 0) {
data/xymon-4.3.30/xymond/xymond_filestore.c:412:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostlead = malloc(strlen(hostname) + 2);
data/xymon-4.3.30/xymond/xymond_filestore.c:413:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcpy(hostlead, hostname); strcat(hostlead, ".");
data/xymon-4.3.30/xymond/xymond_filestore.c:419:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(de->d_name, hostlead, strlen(hostlead)) == 0) {
data/xymon-4.3.30/xymond/xymond_filestore.c:453:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && strlen(fn)) {
data/xymon-4.3.30/xymond/xymond_history.c:326:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(l) > 24) &&
data/xymon-4.3.30/xymond/xymond_history.c:443:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statusdata += strlen(colorname(txtcolor));
data/xymon-4.3.30/xymond/xymond_history.c:479:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written = fwrite(restofdata, 1, strlen(restofdata), histlogfd);
data/xymon-4.3.30/xymond/xymond_history.c:480:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (written != strlen(restofdata)) {
data/xymon-4.3.30/xymond/xymond_history.c:506:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(oldcol2, ((oldcolor >= 0) ? colorname(oldcolor) : "-"), 2);
data/xymon-4.3.30/xymond/xymond_history.c:507:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newcol2, colorname(newcolor), 2);
data/xymon-4.3.30/xymond/xymond_history.c:590:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostlead = malloc(strlen(hostname) + 2);
data/xymon-4.3.30/xymond/xymond_history.c:591:39: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcpy(hostlead, hostnamecommas); strcat(hostlead, ".");
data/xymon-4.3.30/xymond/xymond_history.c:596:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(de->d_name, hostlead, strlen(hostlead)) == 0) {
data/xymon-4.3.30/xymond/xymond_history.c:697:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostlead = malloc(strlen(hostname) + 2);
data/xymon-4.3.30/xymond/xymond_history.c:698:39: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcpy(hostlead, hostnamecommas); strcat(hostlead, ".");
data/xymon-4.3.30/xymond/xymond_history.c:706:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(de->d_name, hostlead, strlen(hostlead)) == 0) {
data/xymon-4.3.30/xymond/xymond_history.c:771:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && strlen(fn)) {
data/xymon-4.3.30/xymond/xymond_hostdata.c:123:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clientlogdir = (char *)malloc(strlen(xgetenv("XYMONVAR")) + 10);
data/xymon-4.3.30/xymond/xymond_hostdata.c:219:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written = fwrite(restofmsg, 1, strlen(restofmsg), fd);
data/xymon-4.3.30/xymond/xymond_hostdata.c:220:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (written != strlen(restofmsg)) {
data/xymon-4.3.30/xymond/xymond_hostdata.c:258:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && strlen(fn)) {
data/xymon-4.3.30/xymond/xymond_locator.c:351:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn = (char *)malloc(strlen(tmpdir) + 100);
data/xymon-4.3.30/xymond/xymond_locator.c:413:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn = (char *)malloc(strlen(tmpdir) + 100);
data/xymon-4.3.30/xymond/xymond_locator.c:597:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "?");
data/xymon-4.3.30/xymond/xymond_locator.c:612:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "?");
data/xymon-4.3.30/xymond/xymond_locator.c:617:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int blen = strlen(buf);
data/xymon-4.3.30/xymond/xymond_locator.c:787:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = sendto(lsocket, buf, strlen(buf)+1, 0, (struct sockaddr *)&remaddr, remaddrsz);
data/xymon-4.3.30/xymond/xymond_rrd.c:403:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && strlen(fn)) {
data/xymon-4.3.30/xymond/xymond_sample.c:173:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fn && strlen(fn)) {
data/xymon-4.3.30/xymond/xymond_worker.c:114:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(listenip) == 0) || (strcmp(listenip, "0.0.0.0") == 0)) {
data/xymon-4.3.30/xymond/xymond_worker.c:523:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(inputfd, fillpos, bufleft);
data/xymon-4.3.30/xymond/xymond_worker.c:645:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
myMD5_Update(ctx->mdctx, hashstr + 33, strlen(hashstr + 33));
data/xymon-4.3.30/xymond/xymonfetch.c:351:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(conn->sockfd, buf, sizeof(buf)-1);
data/xymon-4.3.30/xymongen/debug.c:97:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(newindent, "\t");
data/xymon-4.3.30/xymongen/loaddata.c:232:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testnameidx = (char *)malloc(strlen(testname) + 3);
data/xymon-4.3.30/xymongen/loaddata.c:249:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(newstate->entry->age, "");
data/xymon-4.3.30/xymongen/loaddata.c:307:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(newstate->entry->age, "");
data/xymon-4.3.30/xymongen/loaddata.c:367:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(l)) {
data/xymon-4.3.30/xymongen/loaddata.c:369:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *color = (char *) malloc(strlen(l));
data/xymon-4.3.30/xymongen/loaddata.c:372:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newsum->url = (char *) malloc(strlen(l));
data/xymon-4.3.30/xymongen/loaddata.c:378:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rowcol = (char *) malloc(strlen(fn) + 1);
data/xymon-4.3.30/xymongen/loaddata.c:383:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newsum->column = (char *) malloc(strlen(rowcol)+1);
data/xymon-4.3.30/xymongen/loaddata.c:384:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newsum->row = (char *) malloc(strlen(rowcol)+1);
data/xymon-4.3.30/xymongen/loaddata.c:429:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itm->members = (char *)malloc(3 + (members ? strlen(members) : 0) );
data/xymon-4.3.30/xymongen/loaddata.c:520:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bcmd = (char *)malloc(1024 + (filter ? strlen(filter) : 0));
data/xymon-4.3.30/xymongen/loaddata.c:565:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bol) == 0) {
data/xymon-4.3.30/xymongen/loadlayout.c:95:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, (p+strlen(item)), strlen(p));
data/xymon-4.3.30/xymongen/loadlayout.c:95:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, (p+strlen(item)), strlen(p));
data/xymon-4.3.30/xymongen/loadlayout.c:99:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(result) == 0) {
data/xymon-4.3.30/xymongen/loadlayout.c:104:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(result, ",");
data/xymon-4.3.30/xymongen/loadlayout.c:157:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newgroup->onlycols = (char *) malloc(strlen(onlycols)+3); /* Add a '|' at start and end */
data/xymon-4.3.30/xymongen/loadlayout.c:162:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newgroup->exceptcols = (char *) malloc(strlen(exceptcols)+3); /* Add a '|' at start and end */
data/xymon-4.3.30/xymongen/loadlayout.c:370:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(l, grouponlytag, strlen(grouponlytag)) == 0) {
data/xymon-4.3.30/xymongen/loadlayout.c:381:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(l, groupexcepttag, strlen(groupexcepttag)) == 0) {
data/xymon-4.3.30/xymongen/loadlayout.c:392:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(l, grouptag, strlen(grouptag)) == 0) {
data/xymon-4.3.30/xymongen/loadlayout.c:493:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strncmp(inbol, pagetag, strlen(pagetag)) == 0) || (strncmp(inbol, vpagetag, strlen(vpagetag)) == 0)) {
data/xymon-4.3.30/xymongen/loadlayout.c:493:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strncmp(inbol, pagetag, strlen(pagetag)) == 0) || (strncmp(inbol, vpagetag, strlen(vpagetag)) == 0)) {
data/xymon-4.3.30/xymongen/loadlayout.c:497:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curpage = toppage->subpages = init_page(name, link, (strncmp(inbol, vpagetag, strlen(vpagetag)) == 0));
data/xymon-4.3.30/xymongen/loadlayout.c:500:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curpage = curpage->next = init_page(name, link, (strncmp(inbol, vpagetag, strlen(vpagetag)) == 0));
data/xymon-4.3.30/xymongen/loadlayout.c:514:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( (strncmp(inbol, subpagetag, strlen(subpagetag)) == 0) || (strncmp(inbol, vsubpagetag, strlen(vsubpagetag)) == 0) ) {
data/xymon-4.3.30/xymongen/loadlayout.c:514:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( (strncmp(inbol, subpagetag, strlen(subpagetag)) == 0) || (strncmp(inbol, vsubpagetag, strlen(vsubpagetag)) == 0) ) {
data/xymon-4.3.30/xymongen/loadlayout.c:522:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursubpage = curpage->subpages = init_page(name, link, (strncmp(inbol, vsubpagetag, strlen(vsubpagetag)) == 0));
data/xymon-4.3.30/xymongen/loadlayout.c:525:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursubpage = cursubpage->next = init_page(name, link, (strncmp(inbol, vsubpagetag, strlen(vsubpagetag)) == 0));
data/xymon-4.3.30/xymongen/loadlayout.c:537:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( (strncmp(inbol, subparenttag, strlen(subparenttag)) == 0) || (strncmp(inbol, vsubparenttag, strlen(vsubparenttag)) == 0) ) {
data/xymon-4.3.30/xymongen/loadlayout.c:537:105: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( (strncmp(inbol, subparenttag, strlen(subparenttag)) == 0) || (strncmp(inbol, vsubparenttag, strlen(vsubparenttag)) == 0) ) {
data/xymon-4.3.30/xymongen/loadlayout.c:546:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursubparent = init_page(name, link, (strncmp(inbol, vsubparenttag, strlen(vsubparenttag)) == 0));
data/xymon-4.3.30/xymongen/loadlayout.c:563:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(inbol, grouptag, strlen(grouptag)) == 0) {
data/xymon-4.3.30/xymongen/loadlayout.c:622:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(pgset) == 0) && (xmh_item(xymonhost, XMH_FLAG_NODISP) != NULL)) goto nextline;
data/xymon-4.3.30/xymongen/loadlayout.c:650:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (xymonhost && (strlen(pgset) > 0)) {
data/xymon-4.3.30/xymongen/loadlayout.c:656:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(hval, hosttag, strlen(hosttag)) == 0)
data/xymon-4.3.30/xymongen/loadlayout.c:657:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
targetpagelist[targetpagecount++] = strdup(hval+strlen(hosttag));
data/xymon-4.3.30/xymongen/loadlayout.c:685:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pgset) == 0) {
data/xymon-4.3.30/xymongen/loadlayout.c:746:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = targetpagename + strlen(targetpagename);
data/xymon-4.3.30/xymongen/loadlayout.c:808:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(inbol, summarytag, strlen(summarytag)) == 0) {
data/xymon-4.3.30/xymongen/loadlayout.c:821:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(inbol, titletag, strlen(titletag)) == 0) {
data/xymon-4.3.30/xymongen/pagegen.c:70:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hf_prefix[PAGE_NORMAL] = (char *) malloc(strlen(prefix)+10); sprintf(hf_prefix[PAGE_NORMAL], "%snormal", prefix);
data/xymon-4.3.30/xymongen/pagegen.c:71:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hf_prefix[PAGE_NONGREEN] = (char *) malloc(strlen(prefix)+10); sprintf(hf_prefix[PAGE_NONGREEN], "%snongreen", prefix);
data/xymon-4.3.30/xymongen/pagegen.c:72:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hf_prefix[PAGE_CRITICAL] = (char *) malloc(strlen(prefix)+10); sprintf(hf_prefix[PAGE_CRITICAL], "%scritical", prefix);
data/xymon-4.3.30/xymongen/pagegen.c:92:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
search = (char *) malloc(strlen(column->name)+3);
data/xymon-4.3.30/xymongen/pagegen.c:103:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
search = (char *) malloc(strlen(column->name)+3);
data/xymon-4.3.30/xymongen/pagegen.c:263:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pagepath) == 0) {
data/xymon-4.3.30/xymongen/pagegen.c:271:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = path + strlen(path) - 1; ((p > path) && (*p == '/')); p--) *p = '\0';
data/xymon-4.3.30/xymongen/pagegen.c:291:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(htaccesscontent)) {
data/xymon-4.3.30/xymongen/pagegen.c:790:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(newentry->age, "");
data/xymon-4.3.30/xymongen/pagegen.c:938:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pgwalk->name)) {
data/xymon-4.3.30/xymongen/pagegen.c:1013:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pagetextheadings && page->title && strlen(page->title)) {
data/xymon-4.3.30/xymongen/pagegen.c:1354:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(msgptr, "\n");
data/xymon-4.3.30/xymongen/process.c:221:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(suburl, xgetenv("XYMONWEB"), strlen(xgetenv("XYMONWEB"))) == 0)
data/xymon-4.3.30/xymongen/process.c:222:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suburl += strlen(xgetenv("XYMONWEB"));
data/xymon-4.3.30/xymongen/process.c:274:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
summsg = (char *)malloc(1024 + strlen(s->name) + strlen(s->url) + strlen(timestamp));
data/xymon-4.3.30/xymongen/process.c:274:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
summsg = (char *)malloc(1024 + strlen(s->name) + strlen(s->url) + strlen(timestamp));
data/xymon-4.3.30/xymongen/process.c:274:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
summsg = (char *)malloc(1024 + strlen(s->name) + strlen(s->url) + strlen(timestamp));
data/xymon-4.3.30/xymongen/util.c:42:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host->parent && (strlen(((xymongen_page_t *)host->parent)->name) > 0)) {
data/xymon-4.3.30/xymongen/util.c:45:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pgwalk->name)) {
data/xymon-4.3.30/xymongen/util.c:67:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (host->parent && (strlen(((xymongen_page_t *)host->parent)->name) > 0)) {
data/xymon-4.3.30/xymongen/util.c:70:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pgwalk->name)) {
data/xymon-4.3.30/xymongen/util.c:72:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pagename)) {
data/xymon-4.3.30/xymongen/util.c:73:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmpname, "/");
data/xymon-4.3.30/xymongen/util.c:107:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testname = (char *) malloc(strlen(test)+3);
data/xymon-4.3.30/xymongen/util.c:227:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newcol->listname = (char *)malloc(strlen(testname)+1+2);
data/xymon-4.3.30/xymongen/util.c:242:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag = (char *) malloc(strlen(current)+3);
data/xymon-4.3.30/xymongen/wmlgen.c:104:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((xymondresult != XYMONSEND_OK) || (logbuf == NULL) || (strlen(logbuf) == 0)) {
data/xymon-4.3.30/xymongen/wmlgen.c:151:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(l, nextline, (MAX_LINE_LEN - 1));
data/xymon-4.3.30/xymongen/wmlgen.c:157:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) == 0) {
data/xymon-4.3.30/xymongen/wmlgen.c:242:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lineout)) fprintf(fd, "%s\n<br/>\n", lineout);
data/xymon-4.3.30/xymongen/wmlgen.c:380:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(oldnongreenfn, nongreenfn+strlen(wmldir)+1);
data/xymon-4.3.30/xymongen/xymongen.c:135:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ignorecolumns = (char *) malloc(strlen(lp)+2);
data/xymon-4.3.30/xymongen/xymongen.c:149:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nongreenignorecolumns = (char *) malloc(strlen(lp)+2);
data/xymon-4.3.30/xymongen/xymongen.c:164:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
includecolumns = (char *) malloc(strlen(lp)+2);
data/xymon-4.3.30/xymongen/xymongen.c:169:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eventignorecolumns = (char *) malloc(strlen(lp)+2);
data/xymon-4.3.30/xymongen/xymongen.c:174:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *url = (char *)malloc(strlen(xgetenv("CGIBINURL"))+strlen(lp+1)+2);
data/xymon-4.3.30/xymongen/xymongen.c:174:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *url = (char *)malloc(strlen(xgetenv("CGIBINURL"))+strlen(lp+1)+2);
data/xymon-4.3.30/xymongen/xymongen.c:202:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wapcolumns = (char *) malloc(strlen(lp)+2);
data/xymon-4.3.30/xymongen/xymongen.c:210:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lp+1) > 0) {
data/xymon-4.3.30/xymongen/xymongen.c:375:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nopropyellowdefault = (char *) malloc(strlen(lp)+2);
data/xymon-4.3.30/xymongen/xymongen.c:381:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nopropyellowdefault = (char *) malloc(strlen(lp)+2);
data/xymon-4.3.30/xymongen/xymongen.c:386:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nopropreddefault = (char *) malloc(strlen(lp)+2);
data/xymon-4.3.30/xymongen/xymongen.c:391:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
noproppurpledefault = (char *) malloc(strlen(lp)+2);
data/xymon-4.3.30/xymongen/xymongen.c:396:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nopropackdefault = (char *) malloc(strlen(lp)+2);
data/xymon-4.3.30/xymongen/xymongen.c:429:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
purplelogfn = (char *) malloc(strlen(xgetenv("XYMONHOME"))+1+strlen(lp+1)+1);
data/xymon-4.3.30/xymongen/xymongen.c:429:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
purplelogfn = (char *) malloc(strlen(xgetenv("XYMONHOME"))+1+strlen(lp+1)+1);
data/xymon-4.3.30/xymongen/xymongen.c:557:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0022);
data/xymon-4.3.30/xymongen/xymongen.c:564:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pagedir = (char *) malloc(strlen(xgetenv("XYMONHOME"))+5);
data/xymon-4.3.30/xymonnet/beastat.c:86:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((strlen(netstring) == 0) || /* No XYMONNETWORK = do all */
data/xymon-4.3.30/xymonnet/beastat.c:103:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(databuf, keystr+1, strlen(keystr)-1) == 0) p = databuf;
data/xymon-4.3.30/xymonnet/beastat.c:112:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(result, p, sizeof(result));
data/xymon-4.3.30/xymonnet/beastat.c:218:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (xgetenv("XYMONNETWORK") && (strlen(xgetenv("XYMONNETWORK")) > 0))
data/xymon-4.3.30/xymonnet/beastat.c:220:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (xgetenv("BBLOCATION") && (strlen(xgetenv("BBLOCATION")) > 0))
data/xymon-4.3.30/xymonnet/beastat.c:246:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tspec = strdup(tspec+strlen("bea="));
data/xymon-4.3.30/xymonnet/contest.c:179:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ip == NULL) || (strlen(ip) == 0) || (inet_aton(ip, (struct in_addr *) &newtest->addr.sin_addr.s_addr) == 0)) {
data/xymon-4.3.30/xymonnet/contest.c:199:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newtest->sendlen = (reqmsg ? strlen(reqmsg) : newtest->svcinfo->sendlen);
data/xymon-4.3.30/xymonnet/contest.c:291:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->bannerbytes = strlen(inp);
data/xymon-4.3.30/xymonnet/contest.c:343:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read(item->fd, inbuf, inbufsize);
data/xymon-4.3.30/xymonnet/contest.c:380:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strrchr(passfn, '.'); if (p == NULL) p = passfn+strlen(passfn);
data/xymon-4.3.30/xymonnet/contest.c:391:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, passphrase, size);
data/xymon-4.3.30/xymonnet/contest.c:397:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/xymon-4.3.30/xymonnet/contest.c:819:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(item->fd, inbuf, inbufsize);
data/xymon-4.3.30/xymonnet/contest.c:1241:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outlen = (item->sendlen ? item->sendlen : strlen(outbuf));
data/xymon-4.3.30/xymonnet/contest.c:1394:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (item->banner && (item->bannerbytes == strlen(item->banner))) {
data/xymon-4.3.30/xymonnet/contest.c:1442:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
compbytes = (test->svcinfo->explen ? test->svcinfo->explen : strlen(test->svcinfo->exptext));
data/xymon-4.3.30/xymonnet/dns.c:321:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tspec_buflen = strlen(tspec) + 1;
data/xymon-4.3.30/xymonnet/dns.c:348:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tspec, hostname, tspec_buflen);
data/xymon-4.3.30/xymonnet/httpcookies.c:32:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int keylen = strlen(urlhost) + strlen(cknam) + strlen(ckpath) + 3;
data/xymon-4.3.30/xymonnet/httpcookies.c:32:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int keylen = strlen(urlhost) + strlen(cknam) + strlen(ckpath) + 3;
data/xymon-4.3.30/xymonnet/httpcookies.c:32:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int keylen = strlen(urlhost) + strlen(cknam) + strlen(ckpath) + 3;
data/xymon-4.3.30/xymonnet/httpcookies.c:81:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(urlhost) + strlen(cknam) + strlen(ckpath) + 3;
data/xymon-4.3.30/xymonnet/httpcookies.c:81:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(urlhost) + strlen(cknam) + strlen(ckpath) + 3;
data/xymon-4.3.30/xymonnet/httpcookies.c:81:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(urlhost) + strlen(cknam) + strlen(ckpath) + 3;
data/xymon-4.3.30/xymonnet/httpcookies.c:156:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l[0] != '#') && strlen(l)) {
data/xymon-4.3.30/xymonnet/httpresult.c:129:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(nopagename, strlen(svcname)+3);
data/xymon-4.3.30/xymonnet/httpresult.c:225:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m1, p, sizeof(m1)-1);
data/xymon-4.3.30/xymonnet/httpresult.c:283:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(urlmsg, 1024 + strlen(req->url));
data/xymon-4.3.30/xymonnet/httpresult.c:351:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(urlmsg, 1024 + strlen(req->url));
data/xymon-4.3.30/xymonnet/httpresult.c:431:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(nopagename, strlen(contenttestname)+3);
data/xymon-4.3.30/xymonnet/httpresult.c:453:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cause, "Content OK", sizeof(cause));
data/xymon-4.3.30/xymonnet/httpresult.c:503:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req->output = (char *) malloc(strlen(req->digest)+strlen((char *)req->exp)+strlen("Expected:\nGot :\n")+1);
data/xymon-4.3.30/xymonnet/httpresult.c:503:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req->output = (char *) malloc(strlen(req->digest)+strlen((char *)req->exp)+strlen("Expected:\nGot :\n")+1);
data/xymon-4.3.30/xymonnet/httpresult.c:503:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req->output = (char *) malloc(strlen(req->digest)+strlen((char *)req->exp)+strlen("Expected:\nGot :\n")+1);
data/xymon-4.3.30/xymonnet/httpresult.c:518:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req->output = (char *) malloc(strlen(req->contenttype)+strlen((char *)req->exp)+strlen("Expected content-type: %s\nGot content-type : %s\n")+1);
data/xymon-4.3.30/xymonnet/httpresult.c:518:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req->output = (char *) malloc(strlen(req->contenttype)+strlen((char *)req->exp)+strlen("Expected content-type: %s\nGot content-type : %s\n")+1);
data/xymon-4.3.30/xymonnet/httpresult.c:518:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req->output = (char *) malloc(strlen(req->contenttype)+strlen((char *)req->exp)+strlen("Expected content-type: %s\nGot content-type : %s\n")+1);
data/xymon-4.3.30/xymonnet/httpresult.c:526:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if (color != COL_GREEN) strncpy(cause, "Content match failed", sizeof(cause));
data/xymon-4.3.30/xymonnet/httpresult.c:535:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cause, "Failed to get webpage", sizeof(cause));
data/xymon-4.3.30/xymonnet/httpresult.c:543:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cause, "Internal Xymon error", sizeof(cause));
data/xymon-4.3.30/xymonnet/httpresult.c:550:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(conttest, req->weburl.columnname, conttest_buflen);
data/xymon-4.3.30/xymonnet/httpresult.c:554:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else strncpy(conttest, contenttestname, conttest_buflen);
data/xymon-4.3.30/xymonnet/httpresult.c:559:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(msgline, 4096 + (2 * strlen(req->url)));
data/xymon-4.3.30/xymonnet/httptest.c:264:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->hdrlen = strlen(item->headers);
data/xymon-4.3.30/xymonnet/httptest.c:539:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int contlen = strlen(httptest->weburl.postdata);
data/xymon-4.3.30/xymonnet/httptest.c:631:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int startpos = strlen(httptest->weburl.desturl->host) - strlen(ck->host);
data/xymon-4.3.30/xymonnet/httptest.c:631:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int startpos = strlen(httptest->weburl.desturl->host) - strlen(ck->host);
data/xymon-4.3.30/xymonnet/httptest.c:636:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (useit) useit = (strncmp(ck->path, httptest->weburl.desturl->relurl, strlen(ck->path)) == 0);
data/xymon-4.3.30/xymonnet/ldaptest.c:409:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(nopagename, strlen(svcname)+3);
data/xymon-4.3.30/xymonnet/ldaptest.c:532:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(argv[argi], "--ldapdebug=", strlen("--ldapdebug=")) == 0) {
data/xymon-4.3.30/xymonnet/ldaptest.c:549:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldapservice.namelen = strlen(ldapservice.testname);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:160:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keyoidlen = strlen(req->currentkey->indexmethod->keyoid);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:415:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s.community_len = strlen((char *)req->community);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:421:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s.securityNameLen = strlen(s.securityName);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:446:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(u_char *)req->passphrase, strlen(req->passphrase),
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:565:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(iwalk->keyoid) + 1; len = 0;
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:781:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(oidbuf, strlen(swalk->oids[i].oid) + strlen(mibidx) + 2);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:781:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(oidbuf, strlen(swalk->oids[i].oid) + strlen(mibidx) + 2);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:885:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(oid, strlen(swalk->oids[i].oid) + strlen(kwalk->indexoid) + 2);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:885:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(oid, strlen(swalk->oids[i].oid) + strlen(kwalk->indexoid) + 2);
data/xymon-4.3.30/xymonnet/xymon-snmpcollect.c:1079:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
configfn_buflen = strlen(configfn)+1;
data/xymon-4.3.30/xymonnet/xymonnet.c:217:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dephostname = p+strlen(depitem);
data/xymon-4.3.30/xymonnet/xymonnet.c:239:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(result) == 0) {
data/xymon-4.3.30/xymonnet/xymonnet.c:240:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(result, "\nThis test depends on the following test(s) that failed:\n\n", sizeof(result));
data/xymon-4.3.30/xymonnet/xymonnet.c:243:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(result) + strlen(dephostname) + strlen(deptestname) + 2) < sizeof(result)) {
data/xymon-4.3.30/xymonnet/xymonnet.c:243:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(result) + strlen(dephostname) + strlen(deptestname) + 2) < sizeof(result)) {
data/xymon-4.3.30/xymonnet/xymonnet.c:243:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(result) + strlen(dephostname) + strlen(deptestname) + 2) < sizeof(result)) {
data/xymon-4.3.30/xymonnet/xymonnet.c:244:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result, dephostname, (sizeof(result) - strlen(result)));
data/xymon-4.3.30/xymonnet/xymonnet.c:244:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(result, dephostname, (sizeof(result) - strlen(result)));
data/xymon-4.3.30/xymonnet/xymonnet.c:245:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result, "/", (sizeof(result) - strlen(result)));
data/xymon-4.3.30/xymonnet/xymonnet.c:245:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(result, "/", (sizeof(result) - strlen(result)));
data/xymon-4.3.30/xymonnet/xymonnet.c:246:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result, deptestname, (sizeof(result) - strlen(result)));
data/xymon-4.3.30/xymonnet/xymonnet.c:246:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(result, deptestname, (sizeof(result) - strlen(result)));
data/xymon-4.3.30/xymonnet/xymonnet.c:247:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result, "\n", (sizeof(result) - strlen(result)));
data/xymon-4.3.30/xymonnet/xymonnet.c:247:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(result, "\n", (sizeof(result) - strlen(result)));
data/xymon-4.3.30/xymonnet/xymonnet.c:255:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (*result) strncat(result, "\n\n", (sizeof(result) - strlen(result)));
data/xymon-4.3.30/xymonnet/xymonnet.c:255:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*result) strncat(result, "\n\n", (sizeof(result) - strlen(result)));
data/xymon-4.3.30/xymonnet/xymonnet.c:313:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(nonetpage, strlen(xgetenv("NONETPAGE"))+3);
data/xymon-4.3.30/xymonnet/xymonnet.c:379:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((strlen(netstring) == 0) || /* No XYMONNETWORK = do all */
data/xymon-4.3.30/xymonnet/xymonnet.c:422:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(location) > 0) {
data/xymon-4.3.30/xymonnet/xymonnet.c:423:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(routestring, strlen(location)+strlen("route_:")+1);
data/xymon-4.3.30/xymonnet/xymonnet.c:423:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(routestring, strlen(location)+strlen("route_:")+1);
data/xymon-4.3.30/xymonnet/xymonnet.c:438:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sscanf(p+strlen("badconn:"), "%d:%d:%d", &h->badconn[0], &h->badconn[1], &h->badconn[2]);
data/xymon-4.3.30/xymonnet/xymonnet.c:443:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p) h->routerdeps = p + strlen("route:");
data/xymon-4.3.30/xymonnet/xymonnet.c:446:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p) h->routerdeps = p + strlen(routestring);
data/xymon-4.3.30/xymonnet/xymonnet.c:612:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(statusurl, strlen(userurl) + strlen(userfmt) + 1);
data/xymon-4.3.30/xymonnet/xymonnet.c:612:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(statusurl, strlen(userurl) + strlen(userfmt) + 1);
data/xymon-4.3.30/xymonnet/xymonnet.c:619:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(statusurl, strlen(deffmt) + strlen(ip) + 1);
data/xymon-4.3.30/xymonnet/xymonnet.c:619:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(statusurl, strlen(deffmt) + strlen(ip) + 1);
data/xymon-4.3.30/xymonnet/xymonnet.c:700:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(specialname, strlen(s->testname)+10);
data/xymon-4.3.30/xymonnet/xymonnet.c:702:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = add_service(specialname, specialport, strlen(s->testname), TOOL_CONTEST);
data/xymon-4.3.30/xymonnet/xymonnet.c:789:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testname = testspec+strlen("bad");
data/xymon-4.3.30/xymonnet/xymonnet.c:800:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(testname) && badcounts && inscope) {
data/xymon-4.3.30/xymonnet/xymonnet.c:845:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(h->ip, xmh_item(hwalk, XMH_IP), sizeof(h->ip));
data/xymon-4.3.30/xymonnet/xymonnet.c:876:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(h->ip, dnsresult, sizeof(h->ip));
data/xymon-4.3.30/xymonnet/xymonnet.c:893:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen(warnbuf) + strlen(msg)) > warnbuf_buflen) {
data/xymon-4.3.30/xymonnet/xymonnet.c:893:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen(warnbuf) + strlen(msg)) > warnbuf_buflen) {
data/xymon-4.3.30/xymonnet/xymonnet.c:896:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(warnbuf, msg, (warnbuf_buflen - strlen(warnbuf)));
data/xymon-4.3.30/xymonnet/xymonnet.c:896:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(warnbuf, msg, (warnbuf_buflen - strlen(warnbuf)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1081:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cmdpath, (use_sntp ? xgetenv("SNTP") : xgetenv("NTPDATE")), sizeof(cmdpath));
data/xymon-4.3.30/xymonnet/xymonnet.c:1107:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cmdpath, (p ? p : "rpcinfo"), sizeof(cmdpath));
data/xymon-4.3.30/xymonnet/xymonnet.c:1136:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ip, ip_to_test(t->host), sizeof(ip));
data/xymon-4.3.30/xymonnet/xymonnet.c:1171:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(pingcmd, strlen(xgetenv("FPING")) + strlen(xgetenv("FPINGOPTS")) + 2);
data/xymon-4.3.30/xymonnet/xymonnet.c:1171:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(pingcmd, strlen(xgetenv("FPING")) + strlen(xgetenv("FPINGOPTS")) + 2);
data/xymon-4.3.30/xymonnet/xymonnet.c:1207:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pinglog+strlen(pinglog), (sizeof(pinglog) - strlen(pinglog)), ".%02d", i);
data/xymon-4.3.30/xymonnet/xymonnet.c:1207:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pinglog+strlen(pinglog), (sizeof(pinglog) - strlen(pinglog)), ".%02d", i);
data/xymon-4.3.30/xymonnet/xymonnet.c:1208:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pingerrlog+strlen(pingerrlog), (sizeof(pingerrlog) - strlen(pingerrlog)), ".%02d", i);
data/xymon-4.3.30/xymonnet/xymonnet.c:1208:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pingerrlog+strlen(pingerrlog), (sizeof(pingerrlog) - strlen(pingerrlog)), ".%02d", i);
data/xymon-4.3.30/xymonnet/xymonnet.c:1243:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(pfd[1], ip, strlen(ip)) != strlen(ip)) {
data/xymon-4.3.30/xymonnet/xymonnet.c:1243:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(pfd[1], ip, strlen(ip)) != strlen(ip)) {
data/xymon-4.3.30/xymonnet/xymonnet.c:1397:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(l, t->host->routerdeps, sizeof(l));
data/xymon-4.3.30/xymonnet/xymonnet.c:1561:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cause, ")");
data/xymon-4.3.30/xymonnet/xymonnet.c:1596:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cause, ")");
data/xymon-4.3.30/xymonnet/xymonnet.c:1650:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SBUF_MALLOC(nopagename, strlen(svcname)+3);
data/xymon-4.3.30/xymonnet/xymonnet.c:1720:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgline, ": DNS lookup failed", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1720:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, ": DNS lookup failed", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1727:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgtext, "OK ", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1727:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, "OK ", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1728:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msgtext, (t->reverse ? "(down)" : "(up)"), (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1728:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, (t->reverse ? "(down)" : "(up)"), (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1729:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(msgtext, "\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1729:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, "\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1741:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgline, ": Intermediate ", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1741:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, ": Intermediate ", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1742:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msgline, routertext, (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1742:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, routertext, (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1743:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgline, " down", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1743:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, " down", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1745:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(msgtext+strlen(msgtext), (sizeof(msgtext) - strlen(msgtext)),
data/xymon-4.3.30/xymonnet/xymonnet.c:1745:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(msgtext+strlen(msgtext), (sizeof(msgtext) - strlen(msgtext)),
data/xymon-4.3.30/xymonnet/xymonnet.c:1752:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(msgtext+strlen(msgtext), (sizeof(msgtext) - strlen(msgtext)), "%s : %s\n", failtext, causetext);
data/xymon-4.3.30/xymonnet/xymonnet.c:1752:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(msgtext+strlen(msgtext), (sizeof(msgtext) - strlen(msgtext)), "%s : %s\n", failtext, causetext);
data/xymon-4.3.30/xymonnet/xymonnet.c:1757:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgtext, "OK\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1757:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, "OK\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1766:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgline, ": Intermediate ", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1766:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, ": Intermediate ", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1767:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msgline, routertext, (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1767:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, routertext, (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1768:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgline, " down", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1768:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, " down", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1770:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgtext, "\nThe ", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1770:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, "\nThe ", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1771:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msgtext, routertext, (sizeof(msgtext) - strlen(msgtext))); strncat(msgtext, " ", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1771:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, routertext, (sizeof(msgtext) - strlen(msgtext))); strncat(msgtext, " ", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1771:74: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(msgtext, routertext, (sizeof(msgtext) - strlen(msgtext))); strncat(msgtext, " ", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1771:115: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, routertext, (sizeof(msgtext) - strlen(msgtext))); strncat(msgtext, " ", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1772:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msgtext, ((testedhost_t *)t->host->deprouterdown)->hostname, (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1772:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, ((testedhost_t *)t->host->deprouterdown)->hostname, (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1773:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgtext, " (IP:", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1773:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, " (IP:", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1774:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msgtext, ((testedhost_t *)t->host->deprouterdown)->ip, (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1774:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, ((testedhost_t *)t->host->deprouterdown)->ip, (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1775:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgtext, ") is not reachable, causing this host to be unreachable.\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1775:105: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, ") is not reachable, causing this host to be unreachable.\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1778:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgline, ": Disabled", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1778:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, ": Disabled", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1779:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgtext, "Ping check disabled (noping)\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1779:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, "Ping check disabled (noping)\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1782:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgline, ": Disabled (dialup host)", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1782:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, ": Disabled (dialup host)", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1783:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgtext, "Dialup host\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1783:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, "Dialup host\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1786:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgline, ": System failure of the ping test", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1786:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, ": System failure of the ping test", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1787:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgtext, "Xymon system error\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1787:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, "Xymon system error\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1793:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgline, ": Ping failed, or dialup host/service", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1793:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, ": Ping failed, or dialup host/service", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1794:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(msgtext, "Dialup host/service, or test depends on another failed test\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1794:109: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, "Dialup host/service, or test depends on another failed test\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1795:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msgtext, causetext, (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1795:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, causetext, (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1799:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(msgtext, "\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1799:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgtext, "\n", (sizeof(msgtext) - strlen(msgtext)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1801:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(msgline, "\n", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1801:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgline, "\n", (sizeof(msgline) - strlen(msgline)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1912:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msgbuf, msgline, (MSGBUFSIZE - strlen(msgbuf)));
data/xymon-4.3.30/xymonnet/xymonnet.c:1912:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(msgbuf, msgline, (MSGBUFSIZE - strlen(msgbuf)));
data/xymon-4.3.30/xymonnet/xymonnet.c:2329:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (xgetenv("XYMONNETWORK") && (strlen(xgetenv("XYMONNETWORK")) > 0))
data/xymon-4.3.30/xymonnet/xymonnet.c:2331:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (xgetenv("BBLOCATION") && (strlen(xgetenv("BBLOCATION")) > 0))
data/xymon-4.3.30/xymonnet/xymonnet.c:2334:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pingcolumn && (strlen(pingcolumn) == 0)) pingcolumn = xgetenv("PINGCOLUMN");
data/xymon-4.3.30/xymonnet/xymonnet.c:2363:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ldaptest = add_service("ldapurl", getportnumber("ldap"), strlen("ldap"), TOOL_LDAP);
data/xymon-4.3.30/xymonnet/xymonnet.c:2394:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tname, s->testname, sizeof(tname));
data/xymon-4.3.30/xymonnet/xymonping.c:128:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(l) == 0) continue;
data/xymon-4.3.30/xymonnet/xymonping.c:191:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if (senddelay) usleep(senddelay);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:150:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sockfd, conn->bufp, (conn->bufsize - conn->buflen - 1));
data/xymon-4.3.30/xymonproxy/xymonproxy.c:332:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
proxyname = (char *)realloc(proxyname, strlen(proxyname) + strlen(p1) + 1);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:332:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
proxyname = (char *)realloc(proxyname, strlen(proxyname) + strlen(p1) + 1);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:333:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(proxyname, ".");
data/xymon-4.3.30/xymonproxy/xymonproxy.c:519:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stentry->buflen = strlen(stentry->buf);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:616:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cwalk->buflen = strlen(cwalk->buf);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:639:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cwalk->buflen = strlen(cwalk->buf);
data/xymon-4.3.30/xymonproxy/xymonproxy.c:657:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctmp->bufsize = BUFSZ_INC*(((6 + strlen(currmsg) + 50) / BUFSZ_INC) + 1);
ANALYSIS SUMMARY:
Hits = 4094
Lines analyzed = 92526 in approximately 3.06 seconds (30236 lines/second)
Physical Source Lines of Code (SLOC) = 68995
Hits@level = [0] 2863 [1] 1508 [2] 1750 [3] 109 [4] 713 [5] 14
Hits@level+ = [0+] 6957 [1+] 4094 [2+] 2586 [3+] 836 [4+] 727 [5+] 14
Hits/KSLOC@level+ = [0+] 100.833 [1+] 59.3376 [2+] 37.481 [3+] 12.1168 [4+] 10.537 [5+] 0.202913
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.