Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ax25mail-utils-0.13/axgetlist/calls.c
Examining data/ax25mail-utils-0.13/axgetlist/common.c
Examining data/ax25mail-utils-0.13/axgetlist/calls.h
Examining data/ax25mail-utils-0.13/axgetlist/auth.c
Examining data/ax25mail-utils-0.13/axgetlist/conbbs.h
Examining data/ax25mail-utils-0.13/axgetlist/axgetlist.c
Examining data/ax25mail-utils-0.13/axgetlist/conbbs.c
Examining data/ax25mail-utils-0.13/axgetlist/common.h
Examining data/ax25mail-utils-0.13/axgetlist/auth.h
Examining data/ax25mail-utils-0.13/ulistd/ulistd.c
Examining data/ax25mail-utils-0.13/axgetmail/axgetmsg.c
Examining data/ax25mail-utils-0.13/axgetmail/calls.c
Examining data/ax25mail-utils-0.13/axgetmail/common.c
Examining data/ax25mail-utils-0.13/axgetmail/lzhuf.h
Examining data/ax25mail-utils-0.13/axgetmail/readmsg.h
Examining data/ax25mail-utils-0.13/axgetmail/axgetmail.c
Examining data/ax25mail-utils-0.13/axgetmail/calls.h
Examining data/ax25mail-utils-0.13/axgetmail/getmsg.h
Examining data/ax25mail-utils-0.13/axgetmail/auth.c
Examining data/ax25mail-utils-0.13/axgetmail/lzhuf.c
Examining data/ax25mail-utils-0.13/axgetmail/conbbs.h
Examining data/ax25mail-utils-0.13/axgetmail/conbbs.c
Examining data/ax25mail-utils-0.13/axgetmail/common.h
Examining data/ax25mail-utils-0.13/axgetmail/readmsg.c
Examining data/ax25mail-utils-0.13/axgetmail/auth.h
Examining data/ax25mail-utils-0.13/axgetmail/getmsg.c
Examining data/ax25mail-utils-0.13/routes/update_routes.cc
Examining data/ax25mail-utils-0.13/routes/home_bbs.cc
FINAL RESULTS:
data/ax25mail-utils-0.13/axgetlist/auth.c:50:5: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(AUTH_AGENT, AUTH_AGENT, bbscall, mycall, NULL);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:92:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(section, "[%s]", bbsname);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:287:47: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (strcasecmp(tag, "TO") == 0) strcpy(dest, value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:288:48: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (strcasecmp(tag, "BBS") == 0) strcpy(bbs, value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:289:49: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (strcasecmp(tag, "FROM") == 0) strcpy(src, value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:290:49: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (strcasecmp(tag, "DATE") == 0) strcpy(date, value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:292:49: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else if (strcasecmp(tag, "SUBJ") == 0) strcpy(subj, value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:385:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(result, "%i %c %6i %-6s@%-6s %-6s %02i%02i%02i %s", msgnum,
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:437:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s/%s", LISTPATH, bcall);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:472:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s/%s", LISTPATH, bbs);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:557:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bcall, call_call(bbscall));
data/ax25mail-utils-0.13/axgetlist/common.c:29:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, argptr);
data/ax25mail-utils-0.13/axgetlist/common.c:69:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c, call_call(call));
data/ax25mail-utils-0.13/axgetlist/common.c:71:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ssid == 0) strcpy(call, c); else sprintf(call, "%s-%i", c, ssid);
data/ax25mail-utils-0.13/axgetlist/common.c:71:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ssid == 0) strcpy(call, c); else sprintf(call, "%s-%i", c, ssid);
data/ax25mail-utils-0.13/axgetlist/common.c:81:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c1, call_call(call1));
data/ax25mail-utils-0.13/axgetlist/common.c:82:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c2, call_call(call2));
data/ax25mail-utils-0.13/axgetlist/conbbs.c:70:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf(buf, "%s %s %i %i %i %s", pname, pcall, &speed,
data/ax25mail-utils-0.13/axgetlist/conbbs.c:74:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(call, pcall);
data/ax25mail-utils-0.13/axgetlist/conbbs.c:121:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s %s", mycall, bcall);
data/ax25mail-utils-0.13/axgetlist/conbbs.c:157:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mycall, _mycall); normalize_call(mycall);
data/ax25mail-utils-0.13/axgetlist/conbbs.c:158:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bbspath, _dest);
data/ax25mail-utils-0.13/axgetmail/auth.c:50:5: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(AUTH_AGENT, AUTH_AGENT, bbscall, mycall, NULL);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:61:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(home, pwdentry->pw_dir);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:72:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/%s/%s", user_home, homedir, bbs);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:84:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (p == NULL) {strcpy(bcall, bname); strcpy(bfwd, "*");}
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:88:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bcall, bname);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:89:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bfwd, p+1);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:125:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pattern, "[%s", call);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:135:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %s", field, value); /* configuration entry */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:136:48: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcmp(field, "HOMEDIR") == 0) strcpy(homedir, value);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:137:48: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strcmp(field, "BLTCALL") == 0) strcpy(bltcall, value);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:198:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bbspath, p);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:199:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(port_name, pname);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:226:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/%s/%s/%i", user_home, homedir, bbs, num);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:228:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/%s/%i", MAIL_PATH, bbs, num);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:270:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dest_dir, "%s/%s/%s", user_home, homedir, bbscall);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:272:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dest_dir, "%s/%s", MAIL_PATH, bbscall);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:307:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/%s", LIST_PATH, bbs);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:320:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%s %s %s %s %s", snum, flags, ssize, dest, fwd) == 5)
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:398:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%s %s", login, call) == 2)
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:401:39: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (call_ssid(call) == 0) strcat(call, ssid);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:155:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = fscanf(list, "%s", snum);
data/ax25mail-utils-0.13/axgetmail/common.c:27:29: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (level == MSG_ERROR) vfprintf(stderr, fmt, argptr);
data/ax25mail-utils-0.13/axgetmail/common.c:28:29: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else vfprintf(stdout, fmt, argptr);
data/ax25mail-utils-0.13/axgetmail/common.c:69:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c, call_call(call));
data/ax25mail-utils-0.13/axgetmail/common.c:71:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ssid == 0) strcpy(call, c); else sprintf(call, "%s-%i", c, ssid);
data/ax25mail-utils-0.13/axgetmail/common.c:71:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ssid == 0) strcpy(call, c); else sprintf(call, "%s-%i", c, ssid);
data/ax25mail-utils-0.13/axgetmail/common.c:81:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c1, call_call(call1));
data/ax25mail-utils-0.13/axgetmail/common.c:82:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c2, call_call(call2));
data/ax25mail-utils-0.13/axgetmail/conbbs.c:70:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
n = sscanf(buf, "%s %s %i %i %i %s", pname, pcall, &speed,
data/ax25mail-utils-0.13/axgetmail/conbbs.c:74:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(call, pcall);
data/ax25mail-utils-0.13/axgetmail/conbbs.c:121:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s %s", mycall, bcall);
data/ax25mail-utils-0.13/axgetmail/conbbs.c:157:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mycall, _mycall); normalize_call(mycall);
data/ax25mail-utils-0.13/axgetmail/conbbs.c:158:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bbspath, _dest);
data/ax25mail-utils-0.13/axgetmail/getmsg.c:41:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%i", dest_dir, num);
data/ax25mail-utils-0.13/axgetmail/getmsg.c:101:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prg_name, _prg_name);
data/ax25mail-utils-0.13/axgetmail/getmsg.c:114:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest_dir, destdir);
data/ax25mail-utils-0.13/axgetmail/getmsg.c:129:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curr_call, mycall);
data/ax25mail-utils-0.13/axgetmail/getmsg.c:133:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bbs_call, dest); normalize_call(bbs_call);
data/ax25mail-utils-0.13/axgetmail/readmsg.c:157:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_subj, subj);
data/ax25mail-utils-0.13/routes/home_bbs.cc:34:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(call, src.call);
data/ax25mail-utils-0.13/routes/home_bbs.cc:35:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(route, src.route);
data/ax25mail-utils-0.13/routes/home_bbs.cc:76:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int n = sscanf(line, "%s %s %i %i %li", call, route, &count, &pcount, &ttime);
data/ax25mail-utils-0.13/routes/home_bbs.cc:100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newaddr.call, call);
data/ax25mail-utils-0.13/routes/home_bbs.cc:101:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newaddr.route, route);
data/ax25mail-utils-0.13/routes/home_bbs.cc:128:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newaddr.call, call);
data/ax25mail-utils-0.13/routes/home_bbs.cc:129:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newaddr.route, route);
data/ax25mail-utils-0.13/routes/update_routes.cc:37:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(call, src.call);
data/ax25mail-utils-0.13/routes/update_routes.cc:38:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(route, src.route);
data/ax25mail-utils-0.13/routes/update_routes.cc:67:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newaddr.call, call);
data/ax25mail-utils-0.13/routes/update_routes.cc:68:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newaddr.route, route);
data/ax25mail-utils-0.13/routes/update_routes.cc:96:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newaddr.call, call);
data/ax25mail-utils-0.13/routes/update_routes.cc:97:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newaddr.route, route);
data/ax25mail-utils-0.13/routes/update_routes.cc:126:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int n = sscanf(line, "%s %s %i %i %li", call, route, &count, &pcount, &ttime);
data/ax25mail-utils-0.13/routes/update_routes.cc:146:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s/%i", MAIL_PATH, bbs, num);
data/ax25mail-utils-0.13/routes/update_routes.cc:155:42: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strncmp(line, "R:", 2) == 0) strcpy(rline, line);
data/ax25mail-utils-0.13/routes/update_routes.cc:189:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", LIST_PATH, bbs);
data/ax25mail-utils-0.13/routes/update_routes.cc:213:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%i %s %s %s %s %s", &num, flags, size, dest, from, zfrom);
data/ax25mail-utils-0.13/routes/update_routes.cc:214:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (from[0] == '@') strcpy(from, zfrom);
data/ax25mail-utils-0.13/ulistd/ulistd.c:350:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
r = system(cmd);
data/ax25mail-utils-0.13/ulistd/ulistd.c:373:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
r = system(cmd);
data/ax25mail-utils-0.13/ulistd/ulistd.c:420:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s %s", mycall,bbs->port);
data/ax25mail-utils-0.13/ulistd/ulistd.c:649:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(to_call, ax25_ntoa((ax25_address *)buffer));
data/ax25mail-utils-0.13/ulistd/ulistd.c:650:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(from_call, ax25_ntoa((ax25_address *)(buffer+CALL_OFS)));
data/ax25mail-utils-0.13/ulistd/ulistd.c:653:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(to_call, ax25_ntoa((ax25_address *)data));
data/ax25mail-utils-0.13/ulistd/ulistd.c:654:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(from_call, ax25_ntoa((ax25_address *)(data+CALL_OFS)));
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:539:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "b:s:hv")) != -1)
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:65:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "p:c:b:f:d:vD")) != -1)
data/ax25mail-utils-0.13/ulistd/ulistd.c:569:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "c:nlgm:vh")) != -1){
data/ax25mail-utils-0.13/axgetlist/auth.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycall[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbscall[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbsport[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_list[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_from[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_disc[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datefmt[16];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *month[12];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[30];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:81:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(CONFIG_FILE, "r");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbs[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[8];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subj[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dd[8], dm[8], dy[8];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:255:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:283:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strcasecmp(tag, "NUM") == 0) msgnum = atoi(value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:286:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (strcasecmp(tag, "SIZE") == 0) size = atoi(value);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:313:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pos[1024];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:324:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
position = atoi(pos);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:337:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dd, "00"); sprintf(dm, "00");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:337:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dd, "00"); sprintf(dm, "00");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:371:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dm, "%i", i+1);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:391:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(dy),
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:392:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(dm),
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:393:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(dd),
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:438:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(s, "r");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:453:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(s, "w");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:473:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(s, "a");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:496:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snum[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:497:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(snum, "%i", from);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:528:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bcall[32];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:529:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:530:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ax25mail-utils-0.13/axgetlist/common.c:39:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (*p) return atoi(p);
data/ax25mail-utils-0.13/axgetlist/common.c:45:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[15];
data/ax25mail-utils-0.13/axgetlist/common.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/ax25mail-utils-0.13/axgetlist/common.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1[15];
data/ax25mail-utils-0.13/axgetlist/common.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c2[15];
data/ax25mail-utils-0.13/axgetlist/conbbs.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycall[20]; /* my callsign */
data/ax25mail-utils-0.13/axgetlist/conbbs.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbscall[20]; /* BBS callsign */
data/ax25mail-utils-0.13/axgetlist/conbbs.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bcall[20]; /* Base callsign of port */
data/ax25mail-utils-0.13/axgetlist/conbbs.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbspath[256]; /* path to BBS */
data/ax25mail-utils-0.13/axgetlist/conbbs.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ax25mail-utils-0.13/axgetlist/conbbs.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descript[256];
data/ax25mail-utils-0.13/axgetlist/conbbs.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[256];
data/ax25mail-utils-0.13/axgetlist/conbbs.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcall[256];
data/ax25mail-utils-0.13/axgetlist/conbbs.c:60:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(AXPORTS, "r");
data/ax25mail-utils-0.13/axgetlist/conbbs.c:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/ax25mail-utils-0.13/axgetmail/auth.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbscall[256]; /* BBS callsign (from cmdline) */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_home[256]; /* user's home dir ($HOME) */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bltcall[20]; /* callsign for bulletins */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homedir[256]; /* home directory of LinPac ($HOME/homedir) */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_name[256]; /* port name */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbspath[256]; /* connect path to BBS */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bulletin[MAX_BLTNS][20]; /* bulletin names */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bcall[35];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bfwd[20];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[30];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[64];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:117:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(CONFIG_FILE, "r");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_dir[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:292:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snum[20];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[5];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssize[20];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[35];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fwd[20];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:308:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(name, "r");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:336:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!check_download(atoi(snum), dest, fwd, priv, call)) break; /* download problems - break */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:382:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(AX25_CALLS, "r"); /* read callsigns and logins */
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[30];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:387:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[5];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:388:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char login[256];
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:390:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ssid, "-%i", perssid);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycall[20]; /* my callsign */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbscall[20]; /* BBS callsign */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbspath[256]; /* path to BBS */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_name[32]; /* port name */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_dir[256]; /* destination directory */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listfile[256]; /* name of the list file */
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:141:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
list = fopen(listfile, "r");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:149:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snum[256];
data/ax25mail-utils-0.13/axgetmail/common.c:39:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (*p) return atoi(p);
data/ax25mail-utils-0.13/axgetmail/common.c:45:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[15];
data/ax25mail-utils-0.13/axgetmail/common.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[8];
data/ax25mail-utils-0.13/axgetmail/common.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1[15];
data/ax25mail-utils-0.13/axgetmail/common.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c2[15];
data/ax25mail-utils-0.13/axgetmail/conbbs.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycall[20]; /* my callsign */
data/ax25mail-utils-0.13/axgetmail/conbbs.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbscall[20]; /* BBS callsign */
data/ax25mail-utils-0.13/axgetmail/conbbs.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bcall[20]; /* Base callsign of port */
data/ax25mail-utils-0.13/axgetmail/conbbs.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbspath[256]; /* path to BBS */
data/ax25mail-utils-0.13/axgetmail/conbbs.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ax25mail-utils-0.13/axgetmail/conbbs.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descript[256];
data/ax25mail-utils-0.13/axgetmail/conbbs.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[256];
data/ax25mail-utils-0.13/axgetmail/conbbs.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcall[256];
data/ax25mail-utils-0.13/axgetmail/conbbs.c:60:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(AXPORTS, "r");
data/ax25mail-utils-0.13/axgetmail/conbbs.c:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/ax25mail-utils-0.13/axgetmail/getmsg.c:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_dir[256]; /* destination directory */
data/ax25mail-utils-0.13/axgetmail/getmsg.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prg_name[256]; /* program name (for tag) */
data/ax25mail-utils-0.13/axgetmail/getmsg.c:33:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curr_call[20]; /* currently used callsign */
data/ax25mail-utils-0.13/axgetmail/getmsg.c:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256];
data/ax25mail-utils-0.13/axgetmail/getmsg.c:45:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "w");
data/ax25mail-utils-0.13/axgetmail/getmsg.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subj[256];
data/ax25mail-utils-0.13/axgetmail/getmsg.c:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbs_call[255];
data/ax25mail-utils-0.13/axgetmail/lzhuf.c:96:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char p_len[64] = {
data/ax25mail-utils-0.13/axgetmail/lzhuf.c:107:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char p_code[64] = {
data/ax25mail-utils-0.13/axgetmail/lzhuf.c:119:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d_code[256] = {
data/ax25mail-utils-0.13/axgetmail/lzhuf.c:154:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d_len[256] = {
data/ax25mail-utils-0.13/axgetmail/readmsg.c:45:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ofset[7];
data/ax25mail-utils-0.13/axgetmail/readmsg.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subj[256];
data/ax25mail-utils-0.13/axgetmail/readmsg.c:166:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(_subj, "Message is inaccessible");
data/ax25mail-utils-0.13/routes/home_bbs.cc:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[10];
data/ax25mail-utils-0.13/routes/home_bbs.cc:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char route[36];
data/ax25mail-utils-0.13/routes/home_bbs.cc:62:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(OUT_FILE, "r");
data/ax25mail-utils-0.13/routes/home_bbs.cc:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ax25mail-utils-0.13/routes/home_bbs.cc:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[256];
data/ax25mail-utils-0.13/routes/home_bbs.cc:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char route[256];
data/ax25mail-utils-0.13/routes/home_bbs.cc:206:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(OUT_FILE, "w");
data/ax25mail-utils-0.13/routes/update_routes.cc:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[10];
data/ax25mail-utils-0.13/routes/update_routes.cc:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char route[36];
data/ax25mail-utils-0.13/routes/update_routes.cc:112:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(OUT_FILE, "r");
data/ax25mail-utils-0.13/routes/update_routes.cc:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char route[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], rline[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:147:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fname, "r");
data/ax25mail-utils-0.13/routes/update_routes.cc:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbs[35];
data/ax25mail-utils-0.13/routes/update_routes.cc:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1024];
data/ax25mail-utils-0.13/routes/update_routes.cc:190:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "r");
data/ax25mail-utils-0.13/routes/update_routes.cc:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char route[256];
data/ax25mail-utils-0.13/routes/update_routes.cc:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[10];
data/ax25mail-utils-0.13/routes/update_routes.cc:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[20];
data/ax25mail-utils-0.13/routes/update_routes.cc:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[36];
data/ax25mail-utils-0.13/routes/update_routes.cc:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[10];
data/ax25mail-utils-0.13/routes/update_routes.cc:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zfrom[10];
data/ax25mail-utils-0.13/routes/update_routes.cc:244:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(OUT_FILE, "w");
data/ax25mail-utils-0.13/ulistd/ulistd.c:139:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycall[20]; /* my callsign */
data/ax25mail-utils-0.13/ulistd/ulistd.c:156:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(!atoi(p+1)) *p='\0';
data/ax25mail-utils-0.13/ulistd/ulistd.c:164:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[7];
data/ax25mail-utils-0.13/ulistd/ulistd.c:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256],*port=NULL;
data/ax25mail-utils-0.13/ulistd/ulistd.c:194:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(config=fopen(CONFIG,"r"))) return(0);;
data/ax25mail-utils-0.13/ulistd/ulistd.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/ax25mail-utils-0.13/ulistd/ulistd.c:249:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f=fopen(s,"r"))){
data/ax25mail-utils-0.13/ulistd/ulistd.c:254:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(f=fopen(s,"w"))){
data/ax25mail-utils-0.13/ulistd/ulistd.c:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/ax25mail-utils-0.13/ulistd/ulistd.c:269:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(s, "a");
data/ax25mail-utils-0.13/ulistd/ulistd.c:343:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/ax25mail-utils-0.13/ulistd/ulistd.c:363:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/ax25mail-utils-0.13/ulistd/ulistd.c:392:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[30];
data/ax25mail-utils-0.13/ulistd/ulistd.c:393:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[30];
data/ax25mail-utils-0.13/ulistd/ulistd.c:414:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg,"? %08X%02X",bbs->last,sum&0xFF);
data/ax25mail-utils-0.13/ulistd/ulistd.c:454:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[256], s2[256];
data/ax25mail-utils-0.13/ulistd/ulistd.c:475:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20];
data/ax25mail-utils-0.13/ulistd/ulistd.c:476:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%i !", msgnum);
data/ax25mail-utils-0.13/ulistd/ulistd.c:556:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1024],*p,*l;
data/ax25mail-utils-0.13/ulistd/ulistd.c:565:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from_call[20];
data/ax25mail-utils-0.13/ulistd/ulistd.c:566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char to_call[20];
data/ax25mail-utils-0.13/ulistd/ulistd.c:575:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'm': minmsg = atoi(optarg); break;
data/ax25mail-utils-0.13/axgetlist/auth.c:67:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r1 = read(pipe_in[0], buf, BUFSIZE);
data/ax25mail-utils-0.13/axgetlist/auth.c:81:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r2 = read(descin, buf, BUFSIZE);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:37:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLN(x) if (x[strlen(x)-1] == '\n') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:37:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLN(x) if (x[strlen(x)-1] == '\n') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:38:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLNCR(x) if (x[strlen(x)-1] == '\r') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:38:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLNCR(x) if (x[strlen(x)-1] == '\r') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:69:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mycall, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:70:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bbscall, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:71:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bbsport, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:72:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cmd_list, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:73:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cmd_from, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:74:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cmd_disc, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:76:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(format, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:77:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(datefmt, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:91:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
section = (char *) malloc((strlen(bbsname)+3)*sizeof(char));
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:96:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:114:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:125:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(field, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:127:42: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
while (*p && !isspace(*p)) { strncat(field, p, 1); p++; }
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:130:47: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strcmp(field, "MYCALL") == 0) strncpy(mycall, p, 31);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:131:48: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strcmp(field, "BBSCALL") == 0) strncpy(bbscall, p, 31);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:132:48: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strcmp(field, "BBSPORT") == 0) strncpy(bbsport, p, 31);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:133:49: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strcmp(field, "CMD_LIST") == 0) strncpy(cmd_list, p, 255);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:134:54: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strcmp(field, "CMD_LIST_FROM") == 0) strncpy(cmd_from, p, 255);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:135:49: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strcmp(field, "CMD_DISC") == 0) strncpy(cmd_disc, p, 255);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:142:47: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strcmp(field, "FORMAT") == 0) strncpy(format, p, 255);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:143:48: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (strcmp(field, "DATEFMT") == 0) strncpy(datefmt, p, 15);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:170:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mycall) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:176:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bbscall) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:182:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bbscall) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:188:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd_list) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:194:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd_from) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:200:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd_disc) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:212:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:218:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(datefmt) == 0)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:269:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(value, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:273:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(value, q, 1); /* copy the rest */
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:279:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(value, q, 1);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:285:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) >= bpfpos) flag = value[bpfpos-1]; else flag = '#';
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:300:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
else strncat(tag, p, 1);
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:309:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tag, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:317:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pos, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:319:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*p && isdigit(*p) && strlen(pos) < 1022)
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:345:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dd, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:348:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
{ strncat(dd, q, 1); q++; p++; }
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:354:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dm, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:357:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
{ strncat(dm, q, 1); q++; p++; }
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:364:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dm, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:367:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
{ strncat(dm, q, 1); q++; p++; }
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:379:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dy, "");
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:382:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
{ strncat(dy, q, 1); q++; p++; }
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:418:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do ch = fgetc(stream); while (ch == EOF && (errno == EINTR || errno == EAGAIN));
data/ax25mail-utils-0.13/axgetlist/axgetlist.c:517:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do ch = fgetc(stream); while (ch != -1 || errno != ENOTCONN);
data/ax25mail-utils-0.13/axgetlist/common.c:47:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s, "");
data/ax25mail-utils-0.13/axgetlist/common.c:48:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*p && isalnum(*p) && strlen(s) < 6) {strncat(s, p, 1); p++;}
data/ax25mail-utils-0.13/axgetlist/common.c:48:47: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
while (*p && isalnum(*p) && strlen(s) < 6) {strncat(s, p, 1); p++;}
data/ax25mail-utils-0.13/axgetlist/common.c:92:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(f);
data/ax25mail-utils-0.13/axgetlist/conbbs.c:64:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/ax25mail-utils-0.13/axgetlist/conbbs.c:67:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) != 0 && buf[0] != '#')
data/ax25mail-utils-0.13/axgetmail/auth.c:67:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r1 = read(pipe_in[0], buf, BUFSIZE);
data/ax25mail-utils-0.13/axgetmail/auth.c:81:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r2 = read(descin, buf, BUFSIZE);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:40:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLN(x) if (x[strlen(x)-1] == '\n') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:40:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define EX_EOLN(x) if (x[strlen(x)-1] == '\n') x[strlen(x)-1] = '\0'
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:84:41: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (p == NULL) {strcpy(bcall, bname); strcpy(bfwd, "*");}
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:112:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bltcall, "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:113:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(homedir, "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:128:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line, "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:155:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncasecmp(line, pattern, strlen(pattern)) == 0 &&
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:156:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(line[strlen(pattern)] == '-' || line[strlen(pattern)] == ']'))
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:156:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(line[strlen(pattern)] == '-' || line[strlen(pattern)] == ']'))
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:165:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(homedir) == 0)
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:171:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bltcall) == 0)
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:205:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bulletin[num_bulletins], "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:209:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bulletin[num_bulletins]) > 0 &&
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:317:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line, "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:329:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fwd, p+1, 9);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:333:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwd[0] == '@') memmove(fwd, fwd+1, strlen(fwd));
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:334:18: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(fwd, "");
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:358:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bbscall, argv[1], 19);
data/ax25mail-utils-0.13/axgetmail/axgetmail.c:394:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:39:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) == 0)
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:59:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(port_name, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:60:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mycall, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:61:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bbspath, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:62:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(listfile, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:63:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dest_dir, "");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:68:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 'p': strncpy(port_name, optarg, 31);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:70:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 'c': strncpy(mycall, optarg, 19);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:73:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 'b': strncpy(bbspath, optarg, 255);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:75:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 'f': strncpy(listfile, optarg, 255);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:77:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 'd': strncpy(dest_dir, optarg, 255);
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:91:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dest_dir) == 0) strcpy(dest_dir, ".");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:91:30: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (strlen(dest_dir) == 0) strcpy(dest_dir, ".");
data/ax25mail-utils-0.13/axgetmail/axgetmsg.c:100:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(listfile) == 0)
data/ax25mail-utils-0.13/axgetmail/common.c:47:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s, "");
data/ax25mail-utils-0.13/axgetmail/common.c:48:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*p && isalnum(*p) && strlen(s) < 6) {strncat(s, p, 1); p++;}
data/ax25mail-utils-0.13/axgetmail/common.c:48:47: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
while (*p && isalnum(*p) && strlen(s) < 6) {strncat(s, p, 1); p++;}
data/ax25mail-utils-0.13/axgetmail/common.c:92:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(f);
data/ax25mail-utils-0.13/axgetmail/conbbs.c:64:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/ax25mail-utils-0.13/axgetmail/conbbs.c:67:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) != 0 && buf[0] != '#')
data/ax25mail-utils-0.13/axgetmail/readmsg.c:71:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(title, "");
data/ax25mail-utils-0.13/axgetmail/readmsg.c:76:20: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
if (ch != NUL) strncat(title, (char *)&c, 1);
data/ax25mail-utils-0.13/axgetmail/readmsg.c:82:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy((char *)ofset, "");
data/ax25mail-utils-0.13/axgetmail/readmsg.c:87:20: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
if (ch != NUL) strncat((char *)ofset, (char *)&c, 1);
data/ax25mail-utils-0.13/axgetmail/readmsg.c:165:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*_len = strlen(error_msg);
data/ax25mail-utils-0.13/routes/home_bbs.cc:44:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(call, "");
data/ax25mail-utils-0.13/routes/home_bbs.cc:45:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(route, "");
data/ax25mail-utils-0.13/routes/home_bbs.cc:73:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line, "");
data/ax25mail-utils-0.13/routes/home_bbs.cc:79:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newaddr.call, call, 10);
data/ax25mail-utils-0.13/routes/home_bbs.cc:80:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newaddr.route, route, 35);
data/ax25mail-utils-0.13/routes/update_routes.cc:47:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(call, "");
data/ax25mail-utils-0.13/routes/update_routes.cc:48:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(route, "");
data/ax25mail-utils-0.13/routes/update_routes.cc:123:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line, "");
data/ax25mail-utils-0.13/routes/update_routes.cc:129:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newaddr.call, call, 10);
data/ax25mail-utils-0.13/routes/update_routes.cc:130:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newaddr.route, route, 35);
data/ax25mail-utils-0.13/routes/update_routes.cc:150:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rline, "");
data/ax25mail-utils-0.13/routes/update_routes.cc:186:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bbs, bbsname, 34);
data/ax25mail-utils-0.13/routes/update_routes.cc:208:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(line, "");
data/ax25mail-utils-0.13/routes/update_routes.cc:211:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > 0)
data/ax25mail-utils-0.13/ulistd/ulistd.c:197:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((*s!='#')&&(strlen(s))){
data/ax25mail-utils-0.13/ulistd/ulistd.c:432:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sendto(s, msg, strlen(msg), 0, (struct sockaddr *)&addr, len) == -1)
data/ax25mail-utils-0.13/ulistd/ulistd.c:460:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
n=sscanf(line,"%i %255s %255s",&msgnum,s1,s2);
data/ax25mail-utils-0.13/ulistd/ulistd.c:571:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
case 'c': strncpy(mycall, optarg, 15); break;
data/ax25mail-utils-0.13/ulistd/ulistd.c:592:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mycall) == 0){
ANALYSIS SUMMARY:
Hits = 390
Lines analyzed = 4754 in approximately 0.20 seconds (24065 lines/second)
Physical Source Lines of Code (SLOC) = 3641
Hits@level = [0] 61 [1] 124 [2] 176 [3] 3 [4] 87 [5] 0
Hits@level+ = [0+] 451 [1+] 390 [2+] 266 [3+] 90 [4+] 87 [5+] 0
Hits/KSLOC@level+ = [0+] 123.867 [1+] 107.113 [2+] 73.0569 [3+] 24.7185 [4+] 23.8945 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.