Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bopm-3.1.3/src/firedns.h
Examining data/bopm-3.1.3/src/config.h
Examining data/bopm-3.1.3/src/negcache.h
Examining data/bopm-3.1.3/src/main.h
Examining data/bopm-3.1.3/src/dnsbl.c
Examining data/bopm-3.1.3/src/log.h
Examining data/bopm-3.1.3/src/list.c
Examining data/bopm-3.1.3/src/libopm/src/libopm.c
Examining data/bopm-3.1.3/src/libopm/src/compat.c
Examining data/bopm-3.1.3/src/libopm/src/opm.h
Examining data/bopm-3.1.3/src/libopm/src/test.c
Examining data/bopm-3.1.3/src/libopm/src/setup.h
Examining data/bopm-3.1.3/src/libopm/src/proxy.c
Examining data/bopm-3.1.3/src/libopm/src/malloc.h
Examining data/bopm-3.1.3/src/libopm/src/config.c
Examining data/bopm-3.1.3/src/libopm/src/libopm.h
Examining data/bopm-3.1.3/src/libopm/src/opm_types.h
Examining data/bopm-3.1.3/src/libopm/src/list.c
Examining data/bopm-3.1.3/src/libopm/src/proxy.h
Examining data/bopm-3.1.3/src/libopm/src/snprintf.c
Examining data/bopm-3.1.3/src/libopm/src/config.h
Examining data/bopm-3.1.3/src/libopm/src/opm_common.h
Examining data/bopm-3.1.3/src/libopm/src/opm_error.h
Examining data/bopm-3.1.3/src/libopm/src/compat.h
Examining data/bopm-3.1.3/src/libopm/src/malloc.c
Examining data/bopm-3.1.3/src/libopm/src/inet.h
Examining data/bopm-3.1.3/src/libopm/src/inet.c
Examining data/bopm-3.1.3/src/libopm/src/list.h
Examining data/bopm-3.1.3/src/opercmd.h
Examining data/bopm-3.1.3/src/compat.c
Examining data/bopm-3.1.3/src/irc.c
Examining data/bopm-3.1.3/src/config.c
Examining data/bopm-3.1.3/src/log.c
Examining data/bopm-3.1.3/src/irc.h
Examining data/bopm-3.1.3/src/setup.h
Examining data/bopm-3.1.3/src/main.c
Examining data/bopm-3.1.3/src/snprintf.c
Examining data/bopm-3.1.3/src/inet.h
Examining data/bopm-3.1.3/src/malloc.c
Examining data/bopm-3.1.3/src/config-parser.h
Examining data/bopm-3.1.3/src/config-parser.c
Examining data/bopm-3.1.3/src/match.h
Examining data/bopm-3.1.3/src/negcache.c
Examining data/bopm-3.1.3/src/match.c
Examining data/bopm-3.1.3/src/compat.h
Examining data/bopm-3.1.3/src/dnsbl.h
Examining data/bopm-3.1.3/src/scan.c
Examining data/bopm-3.1.3/src/stats.h
Examining data/bopm-3.1.3/src/opercmd.c
Examining data/bopm-3.1.3/src/scan.h
Examining data/bopm-3.1.3/src/defs.h
Examining data/bopm-3.1.3/src/config-lexer.c
Examining data/bopm-3.1.3/src/extern.h
Examining data/bopm-3.1.3/src/list.h
Examining data/bopm-3.1.3/src/misc.c
Examining data/bopm-3.1.3/src/stats.c
Examining data/bopm-3.1.3/src/inet.c
Examining data/bopm-3.1.3/src/misc.h
Examining data/bopm-3.1.3/src/options.h
Examining data/bopm-3.1.3/src/firedns.c
Examining data/bopm-3.1.3/src/malloc.h
FINAL RESULTS:
data/bopm-3.1.3/src/irc.c:312:7: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(IRC_CHANNELS, chan->name, MSGLENMAX);
data/bopm-3.1.3/src/irc.c:315:10: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(IRC_CHANNELS, ",", MSGLENMAX);
data/bopm-3.1.3/src/compat.h:15:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef snprintf
data/bopm-3.1.3/src/compat.h:16:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf bopm_snprintf
data/bopm-3.1.3/src/compat.h:20:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef vsnprintf
data/bopm-3.1.3/src/compat.h:21:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf bopm_vsnprintf
data/bopm-3.1.3/src/config-lexer.c:1281:28: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(linebuf, yytext+1);
data/bopm-3.1.3/src/config-parser.c:967:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/bopm-3.1.3/src/dnsbl.c:261:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((fp = popen(cmdbuf, "w")) == NULL)
data/bopm-3.1.3/src/inet.c:195:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(dst, inetntoa((char *) src));
data/bopm-3.1.3/src/inet.c:301:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(dst, tmp);
data/bopm-3.1.3/src/inet.c:549:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "::ffff:%s", src);
data/bopm-3.1.3/src/irc.c:342:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(data2, MSGLENMAX, data, arglist);
data/bopm-3.1.3/src/irc.c:376:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(data2, MSGLENMAX, data, arglist);
data/bopm-3.1.3/src/irc.c:570:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg, IRC_RAW);
data/bopm-3.1.3/src/libopm/src/compat.h:15:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef snprintf
data/bopm-3.1.3/src/libopm/src/compat.h:16:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf libopm_snprintf
data/bopm-3.1.3/src/libopm/src/compat.h:20:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef vsnprintf
data/bopm-3.1.3/src/libopm/src/compat.h:21:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf libopm_vsnprintf
data/bopm-3.1.3/src/libopm/src/inet.c:203:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(dst, inetntoa((char *) src));
data/bopm-3.1.3/src/libopm/src/inet.c:297:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(dst, tmp);
data/bopm-3.1.3/src/libopm/src/inet.c:523:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "::ffff:%s", src);
data/bopm-3.1.3/src/libopm/src/snprintf.c:865:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (fmt_spec == 'p') str_arg_l += sprintf(tmp+str_arg_l, f, ptr_arg);
data/bopm-3.1.3/src/libopm/src/snprintf.c:869:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, int_arg); break;
data/bopm-3.1.3/src/libopm/src/snprintf.c:870:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, long_arg); break;
data/bopm-3.1.3/src/libopm/src/snprintf.c:872:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,long_long_arg); break;
data/bopm-3.1.3/src/libopm/src/snprintf.c:878:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, uint_arg); break;
data/bopm-3.1.3/src/libopm/src/snprintf.c:879:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, ulong_arg); break;
data/bopm-3.1.3/src/libopm/src/snprintf.c:881:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,ulong_long_arg);break;
data/bopm-3.1.3/src/log.c:96:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(data2, 512, data, arglist);
data/bopm-3.1.3/src/log.h:9:63: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
extern void log_printf(char *data, ...) __attribute__((format(printf,1,2)));
data/bopm-3.1.3/src/malloc.c:79:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x, y);
data/bopm-3.1.3/src/scan.c:966:28: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, (char *) table[i].data);
data/bopm-3.1.3/src/snprintf.c:865:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (fmt_spec == 'p') str_arg_l += sprintf(tmp+str_arg_l, f, ptr_arg);
data/bopm-3.1.3/src/snprintf.c:869:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, int_arg); break;
data/bopm-3.1.3/src/snprintf.c:870:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, long_arg); break;
data/bopm-3.1.3/src/snprintf.c:872:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,long_long_arg); break;
data/bopm-3.1.3/src/snprintf.c:878:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 'h': str_arg_l+=sprintf(tmp+str_arg_l, f, uint_arg); break;
data/bopm-3.1.3/src/snprintf.c:879:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case 'l': str_arg_l+=sprintf(tmp+str_arg_l, f, ulong_arg); break;
data/bopm-3.1.3/src/snprintf.c:881:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
case '2': str_arg_l+=sprintf(tmp+str_arg_l,f,ulong_long_arg);break;
data/bopm-3.1.3/src/firedns.c:183:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int) time(NULL));
data/bopm-3.1.3/src/main.c:90:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt(argc, argv, "dc:");
data/bopm-3.1.3/src/config-lexer.c:659:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[512];
data/bopm-3.1.3/src/config-lexer.c:1224:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yylval.number=atoi(yytext);
data/bopm-3.1.3/src/config-parser.c:1264:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/bopm-3.1.3/src/config-parser.c:1281:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/bopm-3.1.3/src/config-parser.c:1449:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/bopm-3.1.3/src/config.c:72:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((yyin = fopen(filename, "r")) == NULL)
data/bopm-3.1.3/src/config.h:10:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char linebuf[512];
data/bopm-3.1.3/src/dnsbl.c:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lookup[128];
data/bopm-3.1.3/src/dnsbl.c:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_type[128];
data/bopm-3.1.3/src/dnsbl.c:237:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096], cmdbuf[512];
data/bopm-3.1.3/src/firedns.c:103:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[2];
data/bopm-3.1.3/src/firedns.c:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lookup[256];
data/bopm-3.1.3/src/firedns.c:128:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[2];
data/bopm-3.1.3/src/firedns.c:147:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char payload[512];
data/bopm-3.1.3/src/firedns.c:169:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/bopm-3.1.3/src/firedns.c:190:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(FDNS_CONFIG_PREF,"r");
data/bopm-3.1.3/src/firedns.c:193:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(FDNS_CONFIG_FBCK,"r");
data/bopm-3.1.3/src/firedns.c:213:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&servers6[i6++],&addr6,sizeof(struct in6_addr));
data/bopm-3.1.3/src/firedns.c:222:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&servers4[i4++],&addr4,sizeof(struct in_addr));
data/bopm-3.1.3/src/firedns.c:239:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&servers6[i6++], &addr6, sizeof(struct in6_addr));
data/bopm-3.1.3/src/firedns.c:247:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&servers4[i4++],&addr4,sizeof(struct in_addr));
data/bopm-3.1.3/src/firedns.c:409:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&payload[payloadpos],tempchr2,l);
data/bopm-3.1.3/src/firedns.c:419:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&payload[payloadpos],tempchr2,l);
data/bopm-3.1.3/src/firedns.c:426:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&payload[payloadpos],&l,2);
data/bopm-3.1.3/src/firedns.c:428:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&payload[payloadpos + 2],&l,2);
data/bopm-3.1.3/src/firedns.c:450:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->id, s->id, 2);
data/bopm-3.1.3/src/firedns.c:539:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr6.sin6_addr.s6_addr,"\0\0\0\0\0\0\0\0\0\0\xff\xff",12);
data/bopm-3.1.3/src/firedns.c:540:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr6.sin6_addr.s6_addr[12],&servers4[i].s_addr,4);
data/bopm-3.1.3/src/firedns.c:712:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result.text,&h.payload[i],rr->rdlength);
data/bopm-3.1.3/src/firedns.h:32:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s6_addr[16];
data/bopm-3.1.3/src/firedns.h:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/bopm-3.1.3/src/firedns.h:83:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lookup[256];
data/bopm-3.1.3/src/inet.c:118:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/bopm-3.1.3/src/inet.c:215:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
data/bopm-3.1.3/src/inet.c:285:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tp += sprintf(tp, "%x", words[i]);
data/bopm-3.1.3/src/inet.c:378:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[INADDRSZ], *tp;
data/bopm-3.1.3/src/inet.c:412:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, INADDRSZ);
data/bopm-3.1.3/src/inet.c:436:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
data/bopm-3.1.3/src/inet.c:528:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, IN6ADDRSZ);
data/bopm-3.1.3/src/inet.c:548:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[HOSTIPLEN];
data/bopm-3.1.3/src/irc.c:105:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IRC_RAW[MSGLENMAX]; /* Buffer to read data into */
data/bopm-3.1.3/src/irc.c:106:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IRC_SENDBUFF[MSGLENMAX]; /* Send buffer */
data/bopm-3.1.3/src/irc.c:107:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IRC_CHANNELS[MSGLENMAX]; /* Stores comma delim list of channels */
data/bopm-3.1.3/src/irc.c:338:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data2[MSGLENMAX];
data/bopm-3.1.3/src/irc.c:339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tosend[MSGLENMAX];
data/bopm-3.1.3/src/irc.c:372:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data2[MSGLENMAX];
data/bopm-3.1.3/src/irc.c:373:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tosend[MSGLENMAX];
data/bopm-3.1.3/src/irc.c:555:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *parv[17];
data/bopm-3.1.3/src/irc.c:557:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[MSGLENMAX]; /* Temporarily stores IRC msg to pass to handlers */
data/bopm-3.1.3/src/irc.c:1000:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmsg[256];
data/bopm-3.1.3/src/irc.c:1003:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *user[4];
data/bopm-3.1.3/src/libopm/src/inet.c:125:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/bopm-3.1.3/src/libopm/src/inet.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
data/bopm-3.1.3/src/libopm/src/inet.c:282:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tp += sprintf(tp, "%x", words[i]);
data/bopm-3.1.3/src/libopm/src/inet.c:373:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[INADDRSZ], *tp;
data/bopm-3.1.3/src/libopm/src/inet.c:401:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, INADDRSZ);
data/bopm-3.1.3/src/libopm/src/inet.c:425:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
data/bopm-3.1.3/src/libopm/src/inet.c:505:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp, IN6ADDRSZ);
data/bopm-3.1.3/src/libopm/src/inet.c:522:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[HOSTIPLEN];
data/bopm-3.1.3/src/libopm/src/libopm.h:37:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[READBUFLEN + 1]; /* 128 byte read buffer, anything over 128 is probably not of use */
data/bopm-3.1.3/src/libopm/src/proxy.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char SENDBUF[SENDBUFLEN + 1];
data/bopm-3.1.3/src/libopm/src/snprintf.c:371:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (nn >= breakeven_point) memcpy((d), (s), nn); \
data/bopm-3.1.3/src/libopm/src/snprintf.c:581:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];/* temporary buffer for simple numeric->string conversion */
data/bopm-3.1.3/src/libopm/src/snprintf.c:859:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[5]; int f_l = 0;
data/bopm-3.1.3/src/log.c:49:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(filename, "a");
data/bopm-3.1.3/src/log.c:66:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scanlogfile = fopen(filename, "a");
data/bopm-3.1.3/src/log.c:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data2[513];
data/bopm-3.1.3/src/log.c:83:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_present[25];
data/bopm-3.1.3/src/main.c:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spid[16];
data/bopm-3.1.3/src/main.c:166:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidout = fopen(OptionsItem->pidfile, "w");
data/bopm-3.1.3/src/misc.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/bopm-3.1.3/src/scan.c:355:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mask[MSGLENMAX];
data/bopm-3.1.3/src/scan.c:356:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ipmask[MSGLENMAX];
data/bopm-3.1.3/src/scan.c:476:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ss->irc_nick = (char *) DupString(user[0]);
data/bopm-3.1.3/src/scan.c:477:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ss->irc_username = (char *) DupString(user[1]);
data/bopm-3.1.3/src/scan.c:478:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ss->irc_hostname = (char *) DupString(user[2]);
data/bopm-3.1.3/src/scan.c:479:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ss->ip = (char *) DupString(user[3]);
data/bopm-3.1.3/src/scan.c:905:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MSGLENMAX]; /* OUTPUT */
data/bopm-3.1.3/src/scan.c:959:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
size = strlen( (char *) table[i].data);
data/bopm-3.1.3/src/scan.c:966:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcat(message, (char *) table[i].data);
data/bopm-3.1.3/src/scan.c:1164:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_present[25];
data/bopm-3.1.3/src/snprintf.c:371:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (nn >= breakeven_point) memcpy((d), (s), nn); \
data/bopm-3.1.3/src/snprintf.c:581:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];/* temporary buffer for simple numeric->string conversion */
data/bopm-3.1.3/src/snprintf.c:859:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[5]; int f_l = 0;
data/bopm-3.1.3/src/config-lexer.c:732:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/bopm-3.1.3/src/config-lexer.c:2005:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,strlen(yystr) );
data/bopm-3.1.3/src/config-parser.c:1145:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/bopm-3.1.3/src/dnsbl.c:123:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(text_type, item->type, sizeof(text_type) - strlen(text_type) - 2);
data/bopm-3.1.3/src/dnsbl.c:123:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(text_type, item->type, sizeof(text_type) - strlen(text_type) - 2);
data/bopm-3.1.3/src/dnsbl.c:125:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(text_type, ", ", sizeof(text_type) - strlen(text_type) - 1);
data/bopm-3.1.3/src/dnsbl.c:125:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(text_type, ", ", sizeof(text_type) - strlen(text_type) - 1);
data/bopm-3.1.3/src/dnsbl.c:139:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text_type, item->type, sizeof(text_type));
data/bopm-3.1.3/src/dnsbl.c:196:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(ds->ss->ip) < strlen(res->lookup))
data/bopm-3.1.3/src/dnsbl.c:196:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(ds->ss->ip) < strlen(res->lookup))
data/bopm-3.1.3/src/dnsbl.c:197:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? (res->lookup + strlen(ds->ss->ip) + 1)
data/bopm-3.1.3/src/dnsbl.c:243:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(OpmItem->dnsbl_to) == 0 || strlen(OpmItem->dnsbl_from) == 0 || strlen(OpmItem->sendmail) == 0)
data/bopm-3.1.3/src/dnsbl.c:243:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(OpmItem->dnsbl_to) == 0 || strlen(OpmItem->dnsbl_from) == 0 || strlen(OpmItem->sendmail) == 0)
data/bopm-3.1.3/src/dnsbl.c:243:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(OpmItem->dnsbl_to) == 0 || strlen(OpmItem->dnsbl_from) == 0 || strlen(OpmItem->sendmail) == 0)
data/bopm-3.1.3/src/firedns.c:326:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s->lookup, name, 256);
data/bopm-3.1.3/src/firedns.c:413:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(tempchr2);
data/bopm-3.1.3/src/firedns.c:604:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(result.lookup, c->lookup, 256);
data/bopm-3.1.3/src/firedns.c:763:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_result.lookup, p->lookup, 256);
data/bopm-3.1.3/src/inet.c:282:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp);
data/bopm-3.1.3/src/irc.c:275:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(IRCItem->vhost) > 0)
data/bopm-3.1.3/src/irc.c:350:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (send(IRC_FD, tosend, strlen(tosend), 0) == -1)
data/bopm-3.1.3/src/irc.c:436:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(IRCItem->password) > 0)
data/bopm-3.1.3/src/irc.c:499:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(IRC_FD, &c, 1)) > 0)
data/bopm-3.1.3/src/irc.c:723:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tmp);
data/bopm-3.1.3/src/irc.c:810:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(IRCItem->nickserv))
data/bopm-3.1.3/src/irc.c:831:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(channel->name) == 0)
data/bopm-3.1.3/src/irc.c:834:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(channel->key) > 0)
data/bopm-3.1.3/src/irc.c:937:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nick_len < 3 && strlen(IRCItem->nick) >= 3)
data/bopm-3.1.3/src/irc.c:1123:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(channel->invite) == 0)
data/bopm-3.1.3/src/libopm/src/inet.c:279:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp);
data/bopm-3.1.3/src/libopm/src/libopm.c:1214:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (read(conn->fd, &c, 1))
data/bopm-3.1.3/src/libopm/src/proxy.c:55:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(send(conn->fd, SENDBUF, strlen(SENDBUF), 0) == -1)
data/bopm-3.1.3/src/libopm/src/snprintf.c:567:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = !q ? strlen(p) : (q-p);
data/bopm-3.1.3/src/libopm/src/snprintf.c:709:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!precision_specified) str_arg_l = strlen(str_arg);
data/bopm-3.1.3/src/main.c:110:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenc = strlen(CONFDIR) + strlen(CONFNAME) + strlen(CONFEXT) + 3;
data/bopm-3.1.3/src/main.c:110:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenc = strlen(CONFDIR) + strlen(CONFNAME) + strlen(CONFEXT) + 3;
data/bopm-3.1.3/src/main.c:110:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenc = strlen(CONFDIR) + strlen(CONFNAME) + strlen(CONFEXT) + 3;
data/bopm-3.1.3/src/main.c:111:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenl = strlen(LOGDIR) + strlen(CONFNAME) + strlen(LOGEXT) + 3;
data/bopm-3.1.3/src/main.c:111:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenl = strlen(LOGDIR) + strlen(CONFNAME) + strlen(LOGEXT) + 3;
data/bopm-3.1.3/src/main.c:111:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenl = strlen(LOGDIR) + strlen(CONFNAME) + strlen(LOGEXT) + 3;
data/bopm-3.1.3/src/main.c:112:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenp = strlen(LOGDIR) + strlen(CONFNAME) + strlen(PIDEXT) + 3;
data/bopm-3.1.3/src/main.c:112:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenp = strlen(LOGDIR) + strlen(CONFNAME) + strlen(PIDEXT) + 3;
data/bopm-3.1.3/src/main.c:112:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenp = strlen(LOGDIR) + strlen(CONFNAME) + strlen(PIDEXT) + 3;
data/bopm-3.1.3/src/main.c:143:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(002);
data/bopm-3.1.3/src/main.c:171:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(spid, sizeof(char), strlen(spid), pidout);
data/bopm-3.1.3/src/malloc.c:77:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = malloc(strlen(y) + 1);
data/bopm-3.1.3/src/misc.c:153:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) <= 1)
data/bopm-3.1.3/src/misc.c:156:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(str); i++)
data/bopm-3.1.3/src/scan.c:959:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen( (char *) table[i].data);
data/bopm-3.1.3/src/snprintf.c:567:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = !q ? strlen(p) : (q-p);
data/bopm-3.1.3/src/snprintf.c:709:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!precision_specified) str_arg_l = strlen(str_arg);
ANALYSIS SUMMARY:
Hits = 177
Lines analyzed = 17402 in approximately 0.47 seconds (37267 lines/second)
Physical Source Lines of Code (SLOC) = 10428
Hits@level = [0] 47 [1] 51 [2] 84 [3] 2 [4] 38 [5] 2
Hits@level+ = [0+] 224 [1+] 177 [2+] 126 [3+] 42 [4+] 40 [5+] 2
Hits/KSLOC@level+ = [0+] 21.4806 [1+] 16.9735 [2+] 12.0829 [3+] 4.02762 [4+] 3.83583 [5+] 0.191791
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.