Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cfingerd-1.4.3/src/configure.c
Examining data/cfingerd-1.4.3/src/defines.h
Examining data/cfingerd-1.4.3/src/errors.c
Examining data/cfingerd-1.4.3/src/getutent.c
Examining data/cfingerd-1.4.3/src/getutent.h
Examining data/cfingerd-1.4.3/src/privs.h
Examining data/cfingerd-1.4.3/src/strmcpy.c
Examining data/cfingerd-1.4.3/src/version.h
Examining data/cfingerd-1.4.3/src/wildmat.c
Examining data/cfingerd-1.4.3/src/fakeuser.c
Examining data/cfingerd-1.4.3/src/internal.c
Examining data/cfingerd-1.4.3/src/log.c
Examining data/cfingerd-1.4.3/src/main.c
Examining data/cfingerd-1.4.3/src/parse.c
Examining data/cfingerd-1.4.3/src/proto.h
Examining data/cfingerd-1.4.3/src/rfc1413.c
Examining data/cfingerd-1.4.3/src/search.c
Examining data/cfingerd-1.4.3/src/signal.c
Examining data/cfingerd-1.4.3/src/standard.c
Examining data/cfingerd-1.4.3/src/userlist.c
Examining data/cfingerd-1.4.3/src/util.c
Examining data/cfingerd-1.4.3/src/version.c
Examining data/cfingerd-1.4.3/src/cfingerd.h
Examining data/cfingerd-1.4.3/src/options.c
Examining data/cfingerd-1.4.3/userlist/initialize.c
Examining data/cfingerd-1.4.3/userlist/options.c
Examining data/cfingerd-1.4.3/userlist/proto.h
Examining data/cfingerd-1.4.3/userlist/display.c
Examining data/cfingerd-1.4.3/userlist/idle.c
Examining data/cfingerd-1.4.3/userlist/main.c
Examining data/cfingerd-1.4.3/userlist/userlist.h
FINAL RESULTS:
data/cfingerd-1.4.3/src/util.c:167:18: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
displine = strncat(displine, (char *) allocation, DISPLEN);
data/cfingerd-1.4.3/src/util.c:195:15: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
displine = strncat(displine, "$", DISPLEN);
data/cfingerd-1.4.3/src/util.c:212:19: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
displine = strncat(displine, (char *) bleah, DISPLEN);
data/cfingerd-1.4.3/src/util.c:228:19: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
displine = strncat(displine, (char *) bleah, DISPLEN);
data/cfingerd-1.4.3/src/util.c:238:19: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
displine = strncat(displine, ident_user, DISPLEN);
data/cfingerd-1.4.3/src/util.c:254:19: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
displine = strncat(displine, (char *) COMPILE_DT, DISPLEN);
data/cfingerd-1.4.3/src/util.c:264:19: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
displine = strncat(displine, (char *) VERSION, DISPLEN);
data/cfingerd-1.4.3/src/cfingerd.h:48:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf __snprintf
data/cfingerd-1.4.3/src/configure.c:767:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prog_config.mailbox_file, "%s/$USER", MAIL_SPOOL_DIR);
data/cfingerd-1.4.3/src/defines.h:22:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(errors[x].error); \
data/cfingerd-1.4.3/src/internal.c:37:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(prog_config.services.display_string,
data/cfingerd-1.4.3/src/main.c:142:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (line, cp);
data/cfingerd-1.4.3/src/main.c:143:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (username, line);
data/cfingerd-1.4.3/src/main.c:262:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(remote_addr, ACTUAL_LOOPBACK);
data/cfingerd-1.4.3/src/parse.c:93:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (parsed, username);
data/cfingerd-1.4.3/src/search.c:48:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (searchname, xp);
data/cfingerd-1.4.3/src/search.c:141:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s", homedir, prog_config.no_finger_file);
data/cfingerd-1.4.3/src/search.c:144:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/.nofinger", homedir);
data/cfingerd-1.4.3/src/standard.c:103:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(formatter, prog_config.p_strings[t2], user?user:"");
data/cfingerd-1.4.3/src/standard.c:387:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dev_file, "/dev/%s", tty);
data/cfingerd-1.4.3/src/standard.c:547:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(devfile, "/dev/%s", (char *) ut->ut_line);
data/cfingerd-1.4.3/src/standard.c:786:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nomailmsg);
data/cfingerd-1.4.3/src/standard.c:792:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nomailmsg);
data/cfingerd-1.4.3/src/standard.c:798:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(nomailmsg);
data/cfingerd-1.4.3/src/standard.c:899:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (other, cp);
data/cfingerd-1.4.3/src/standard.c:904:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (home_phone, cp);
data/cfingerd-1.4.3/src/standard.c:912:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (username, cp);
data/cfingerd-1.4.3/src/standard.c:918:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s", pwent->pw_dir, prog_config.no_finger_file);
data/cfingerd-1.4.3/src/standard.c:921:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/.nofinger", pwent->pw_dir);
data/cfingerd-1.4.3/src/standard.c:1009:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uname, username + nums);
data/cfingerd-1.4.3/src/standard.c:1010:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(username, uname);
data/cfingerd-1.4.3/src/strmcpy.c:39:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(*t, s);
data/cfingerd-1.4.3/src/util.c:214:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((char *) bleah);
data/cfingerd-1.4.3/src/util.c:230:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((char *) bleah);
data/cfingerd-1.4.3/src/util.c:468:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ret, "%s.%s", (char *) hostname, (char *) domname);
data/cfingerd-1.4.3/src/util.c:594:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (result, line);
data/cfingerd-1.4.3/src/util.c:604:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
file = popen(cmd, "r");
data/cfingerd-1.4.3/userlist/display.c:39:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ret, "%s", (char *) hostname);
data/cfingerd-1.4.3/userlist/display.c:99:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (username, cp);
data/cfingerd-1.4.3/userlist/userlist.h:51:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf __snprintf
data/cfingerd-1.4.3/src/cfingerd.h:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *header[20]; /* Five headers for the top display */
data/cfingerd-1.4.3/src/cfingerd.h:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rejected[80]; /* Rejected hosts */
data/cfingerd-1.4.3/src/cfingerd.h:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *trusted[80]; /* Trusted hosts */
data/cfingerd-1.4.3/src/cfingerd.h:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *forward[80]; /* Forwarded hosts */
data/cfingerd-1.4.3/src/cfingerd.h:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p_strings[80]; /* Program-related context print strings */
data/cfingerd-1.4.3/src/cfingerd.h:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *finger_sites[80]; /* Finger sites that are queried */
data/cfingerd-1.4.3/src/cfingerd.h:258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *siglist[24]; /* Signal names and their errors */
data/cfingerd-1.4.3/src/cfingerd.h:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stime_format[25]; /* Short time format string */
data/cfingerd-1.4.3/src/cfingerd.h:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ltime_format[25]; /* Long time format string */
data/cfingerd-1.4.3/src/configure.c:221:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(filename, "a+");
data/cfingerd-1.4.3/src/configure.c:629:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prog_config.services.name_pos = atoi(num);
data/cfingerd-1.4.3/src/configure.c:631:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prog_config.services.service_pos = atoi(num);
data/cfingerd-1.4.3/src/configure.c:633:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prog_config.services.search_pos = atoi(num);
data/cfingerd-1.4.3/src/configure.c:686:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(CFINGERD_CONF, "r");
data/cfingerd-1.4.3/src/configure.c:728:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prog_config.trusted[0], "localhost");
data/cfingerd-1.4.3/src/configure.c:734:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prog_config.rejected[0], "0.0.0.0");
data/cfingerd-1.4.3/src/configure.c:740:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prog_config.forward[0], "localhost");
data/cfingerd-1.4.3/src/configure.c:752:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prog_config.fusers[fakeuser_num].user, "None");
data/cfingerd-1.4.3/src/configure.c:753:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prog_config.fusers[fakeuser_num].script, "/dev/null");
data/cfingerd-1.4.3/src/configure.c:754:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prog_config.fusers[fakeuser_num].description, "None");
data/cfingerd-1.4.3/src/configure.c:761:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prog_config.finger_sites[num_finger_sites], "localhost");
data/cfingerd-1.4.3/src/fakeuser.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *data[5];
data/cfingerd-1.4.3/src/fakeuser.c:115:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char send_string[80];
data/cfingerd-1.4.3/src/getutent.c:67:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((utmp_fd = open(_PATH_UTMP, O_RDONLY)) < 0) {
data/cfingerd-1.4.3/src/log.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[80];
data/cfingerd-1.4.3/src/log.c:63:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "w");
data/cfingerd-1.4.3/src/log.c:65:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "a+");
data/cfingerd-1.4.3/src/main.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip_address[INET6_ADDRSTRLEN] = "";
data/cfingerd-1.4.3/src/main.c:25:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_addr[INET6_ADDRSTRLEN] = "";
data/cfingerd-1.4.3/src/main.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100], username[80], syslog_str[200];
data/cfingerd-1.4.3/src/main.c:258:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ident_user, "emulated");
data/cfingerd-1.4.3/src/main.c:260:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(remote_addr,"127.0.0.1");
data/cfingerd-1.4.3/src/options.c:71:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/null", O_RDWR);
data/cfingerd-1.4.3/src/options.c:177:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
syslog(LOG_NOTICE, "Emulated: \"%s\"", (char *) argv[2]);
data/cfingerd-1.4.3/src/options.c:178:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf("[127.0.0.1 : Username: %s]\n", (char *) argv[2]);
data/cfingerd-1.4.3/src/rfc1413.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024], buf[INPUTLEN], uname[UNAMELEN], *bleah;
data/cfingerd-1.4.3/src/search.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[80];
data/cfingerd-1.4.3/src/search.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realname[80];
data/cfingerd-1.4.3/src/search.c:85:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen("/etc/passwd", "r");
data/cfingerd-1.4.3/src/search.c:89:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crap[80], un[80], rn[300], crappp[300], homedir[80], uid[10], gid[10];
data/cfingerd-1.4.3/src/search.c:90:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Un[80], Rn[80];
data/cfingerd-1.4.3/src/search.c:91:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[100];
data/cfingerd-1.4.3/src/search.c:108:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Uid = atoi(uid);
data/cfingerd-1.4.3/src/search.c:109:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Gid = atoi(gid);
data/cfingerd-1.4.3/src/standard.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tty[UT_LINESIZE];
data/cfingerd-1.4.3/src/standard.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char locale[UT_HOSTSIZE];
data/cfingerd-1.4.3/src/standard.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatter[80];
data/cfingerd-1.4.3/src/standard.c:120:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/cfingerd-1.4.3/src/standard.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[128];
data/cfingerd-1.4.3/src/standard.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[128];
data/cfingerd-1.4.3/src/standard.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted[80];
data/cfingerd-1.4.3/src/standard.c:260:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(WTMPFILE, O_RDONLY);
data/cfingerd-1.4.3/src/standard.c:385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_file[80];
data/cfingerd-1.4.3/src/standard.c:493:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted[80];
data/cfingerd-1.4.3/src/standard.c:498:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
formatted, (char *) tty_list[i].tty);
data/cfingerd-1.4.3/src/standard.c:500:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
show_idle((char *) tty_list[i].tty);
data/cfingerd-1.4.3/src/standard.c:504:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(strlen((char *) tty_list[i].locale) > 1) ? " from" : "",
data/cfingerd-1.4.3/src/standard.c:505:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(strlen((char *) tty_list[i].locale) > 1) ?
data/cfingerd-1.4.3/src/standard.c:506:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) tty_list[i].locale : "");
data/cfingerd-1.4.3/src/standard.c:540:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devfile[80];
data/cfingerd-1.4.3/src/standard.c:599:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailfile[200];
data/cfingerd-1.4.3/src/standard.c:619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted[80];
data/cfingerd-1.4.3/src/standard.c:667:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted2[80];
data/cfingerd-1.4.3/src/standard.c:691:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailfile[80];
data/cfingerd-1.4.3/src/standard.c:712:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted[80];
data/cfingerd-1.4.3/src/standard.c:713:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[80];
data/cfingerd-1.4.3/src/standard.c:724:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qmf = fopen(mailfile, "r");
data/cfingerd-1.4.3/src/standard.c:777:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted2[80];
data/cfingerd-1.4.3/src/standard.c:817:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted2[80];
data/cfingerd-1.4.3/src/standard.c:839:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[80];
data/cfingerd-1.4.3/src/standard.c:841:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acctname[100];
data/cfingerd-1.4.3/src/standard.c:933:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(fn, "r")) != NULL) {
data/cfingerd-1.4.3/src/standard.c:994:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[600];
data/cfingerd-1.4.3/src/userlist.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[128];
data/cfingerd-1.4.3/src/util.c:104:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(proc, "cfingerd[%d]", pid);
data/cfingerd-1.4.3/src/util.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[80], *displine;
data/cfingerd-1.4.3/src/util.c:163:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allocation[2];
data/cfingerd-1.4.3/src/util.c:206:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bleah[80];
data/cfingerd-1.4.3/src/util.c:222:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bleah[80];
data/cfingerd-1.4.3/src/util.c:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/cfingerd-1.4.3/src/util.c:372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acctname[100];
data/cfingerd-1.4.3/src/util.c:381:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qmfile[1024];
data/cfingerd-1.4.3/src/util.c:448:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%d.%d.%d.%d", pair1, pair2, pair3, pair4);
data/cfingerd-1.4.3/src/util.c:460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[80], domname[80];
data/cfingerd-1.4.3/src/util.c:566:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[600];
data/cfingerd-1.4.3/src/util.c:636:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (fopen (filename, "r"));
data/cfingerd-1.4.3/userlist/display.c:20:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%d.%d.%d.%d", p1, p2, p3, p4);
data/cfingerd-1.4.3/userlist/display.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[STRLEN];
data/cfingerd-1.4.3/userlist/display.c:50:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/cfingerd-1.4.3/userlist/display.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char console[30];
data/cfingerd-1.4.3/userlist/display.c:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (strlen((char *) tty_list[i].locale) == 0)
data/cfingerd-1.4.3/userlist/display.c:80:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (strlen((char *) tty_list[i].username) > 1) {
data/cfingerd-1.4.3/userlist/display.c:82:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ru[9], fn[STRLEN];
data/cfingerd-1.4.3/userlist/display.c:104:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
idle = calc_idle((char *) tty_list[i].line);
data/cfingerd-1.4.3/userlist/display.c:112:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) tty_list[i].tty, console);
data/cfingerd-1.4.3/userlist/display.c:121:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) tty_list[i].tty, console);
data/cfingerd-1.4.3/userlist/idle.c:19:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char idledisp[STRLEN];
data/cfingerd-1.4.3/userlist/idle.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_file[STRLEN];
data/cfingerd-1.4.3/src/configure.c:328:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(str); i++)
data/cfingerd-1.4.3/src/configure.c:444:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(finger_display[x].item)))) {
data/cfingerd-1.4.3/src/configure.c:507:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(internal_config[x].item)))) {
data/cfingerd-1.4.3/src/configure.c:551:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(finger_strings[x].item)))) {
data/cfingerd-1.4.3/src/configure.c:579:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(internal_strings[x].item)))) {
data/cfingerd-1.4.3/src/configure.c:602:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(element) > 3) {
data/cfingerd-1.4.3/src/configure.c:603:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(element);
data/cfingerd-1.4.3/src/configure.c:654:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(signal_strings[x].item)))) {
data/cfingerd-1.4.3/src/configure.c:695:23: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *line, ch = fgetc(file);
data/cfingerd-1.4.3/src/fakeuser.c:29:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(username); i++)
data/cfingerd-1.4.3/src/fakeuser.c:46:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *) username);
data/cfingerd-1.4.3/src/fakeuser.c:93:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data[i] = (char *) malloc(strlen(username)+1);
data/cfingerd-1.4.3/src/getutent.c:91:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((readval = read(utmp_fd, &s_utmp, sizeof(s_utmp))) < sizeof(s_utmp)) {
data/cfingerd-1.4.3/src/main.c:45:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++)
data/cfingerd-1.4.3/src/main.c:46:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (x = 0; x < strlen(match); x++)
data/cfingerd-1.4.3/src/main.c:92:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(username, argv[2], sizeof(username));
data/cfingerd-1.4.3/src/main.c:139:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(username) && !strncmp(username, "/W ", 3) ) {
data/cfingerd-1.4.3/src/main.c:221:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(remote_addr, ip_address, INET6_ADDRSTRLEN);
data/cfingerd-1.4.3/src/main.c:228:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(remote_addr, host_ent->h_name, INET6_ADDRSTRLEN);
data/cfingerd-1.4.3/src/main.c:242:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncasecmp(remote_addr, localhost, strlen(localhost)))
data/cfingerd-1.4.3/src/parse.c:30:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(str); i++)
data/cfingerd-1.4.3/src/parse.c:54:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(username);
data/cfingerd-1.4.3/src/parse.c:91:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((parsed = (char *)malloc (strlen(username)+1)) != NULL) {
data/cfingerd-1.4.3/src/parse.c:92:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (parsed, 0, strlen(username)+1);
data/cfingerd-1.4.3/src/parse.c:131:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp (username, "userlist", 8) && strlen (username) == 8)
data/cfingerd-1.4.3/src/rfc1413.c:106:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(j, buffer, strlen(buffer));
data/cfingerd-1.4.3/src/rfc1413.c:109:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(j, buf, 256) <= 0) {
data/cfingerd-1.4.3/src/rfc1413.c:131:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (xp=uname; *cp != '\0' && *cp!='\r'&&*cp!='\r'&&*cp!='\n'&&(strlen(uname)+1)<sizeof(uname); cp++)
data/cfingerd-1.4.3/src/rfc1413.c:135:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(uname)) {
data/cfingerd-1.4.3/src/search.c:46:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((searchname = (char *)malloc (strlen(xp)+1)) != NULL) {
data/cfingerd-1.4.3/src/search.c:47:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (searchname, 0, strlen(xp)+1);
data/cfingerd-1.4.3/src/search.c:59:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *) searchname) == 0) {
data/cfingerd-1.4.3/src/search.c:140:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(homedir)+strlen(prog_config.no_finger_file)+1 < sizeof(fn)))
data/cfingerd-1.4.3/src/search.c:140:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(homedir)+strlen(prog_config.no_finger_file)+1 < sizeof(fn)))
data/cfingerd-1.4.3/src/search.c:143:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(homedir)+10 < sizeof(fn))
data/cfingerd-1.4.3/src/search.c:159:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(searches[num_searches].realname, Rn, sizeof(searches[num_searches].realname));
data/cfingerd-1.4.3/src/search.c:160:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(searches[num_searches].username, Un, sizeof(searches[num_searches].username));
data/cfingerd-1.4.3/src/standard.c:101:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(formatter, sizeof(formatter), "%%s%%-%d.%ds", (36 - strlen(prog_config.p_strings[t2])),
data/cfingerd-1.4.3/src/standard.c:265:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &ut, sizeof(struct utmp)) != sizeof (struct utmp))
data/cfingerd-1.4.3/src/standard.c:269:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(user, (char *) ut.ut_name, strlen(user))) {
data/cfingerd-1.4.3/src/standard.c:272:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(user, (char *) ut.ut_user, strlen(user))) {
data/cfingerd-1.4.3/src/standard.c:273:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(last_tty.tty, ut.ut_line, UT_LINESIZE - 1);
data/cfingerd-1.4.3/src/standard.c:276:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(last_tty.locale, ut.ut_host, UT_HOSTSIZE - 1);
data/cfingerd-1.4.3/src/standard.c:296:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &lastlog, sizeof(lastlog)) == sizeof(lastlog)) {
data/cfingerd-1.4.3/src/standard.c:298:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(last_tty.tty, lastlog.ll_line, UT_LINESIZE - 1);
data/cfingerd-1.4.3/src/standard.c:300:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(last_tty.locale, lastlog.ll_host, UT_HOSTSIZE - 1);
data/cfingerd-1.4.3/src/standard.c:327:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen((char *) last_tty.locale) > 1) ? " from" : " ",
data/cfingerd-1.4.3/src/standard.c:328:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen((char *) last_tty.locale) > 1) ?
data/cfingerd-1.4.3/src/standard.c:504:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen((char *) tty_list[i].locale) > 1) ? " from" : "",
data/cfingerd-1.4.3/src/standard.c:505:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen((char *) tty_list[i].locale) > 1) ?
data/cfingerd-1.4.3/src/standard.c:532:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(user, (char *) ut->ut_name, strlen(user)) &&
data/cfingerd-1.4.3/src/standard.c:533:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen((char *) ut->ut_name) == strlen(user))) {
data/cfingerd-1.4.3/src/standard.c:533:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen((char *) ut->ut_name) == strlen(user))) {
data/cfingerd-1.4.3/src/standard.c:536:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(user, (char *) ut->ut_user, strlen(user)) &&
data/cfingerd-1.4.3/src/standard.c:537:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen((char *) ut->ut_user) == strlen(user))) {
data/cfingerd-1.4.3/src/standard.c:537:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen((char *) ut->ut_user) == strlen(user))) {
data/cfingerd-1.4.3/src/standard.c:543:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tty_list[times_on].tty, (char *) ut->ut_line, sizeof(tty_list[times_on].tty));
data/cfingerd-1.4.3/src/standard.c:544:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tty_list[times_on].tty, (char *) ut->ut_line, UT_LINESIZE - 1);
data/cfingerd-1.4.3/src/standard.c:568:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tty_list[times_on].locale, (char *) ut->ut_host, UT_HOSTSIZE - 1);
data/cfingerd-1.4.3/src/standard.c:628:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (cp=prog_config.mailbox_file,xp=mailfile;*cp&&strlen(mailfile)<sizeof(mailfile)-1;cp++) {
data/cfingerd-1.4.3/src/standard.c:634:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (yp=user;*yp&&strlen(mailfile)<sizeof(mailfile)-1;yp++)
data/cfingerd-1.4.3/src/standard.c:642:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (yp=pwent->pw_dir;*yp&&strlen(mailfile)<sizeof(mailfile)-1;yp++)
data/cfingerd-1.4.3/src/standard.c:753:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(line[strlen(line) - 1] == '\n')
data/cfingerd-1.4.3/src/standard.c:754:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0';
data/cfingerd-1.4.3/src/standard.c:758:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(line[strlen(line) - 1] != '/') {
data/cfingerd-1.4.3/src/standard.c:849:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(acctname, user, sizeof(acctname) -1);
data/cfingerd-1.4.3/src/standard.c:874:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (username, cp, x-cp);
data/cfingerd-1.4.3/src/standard.c:880:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (room, cp, x-cp);
data/cfingerd-1.4.3/src/standard.c:886:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (work_phone, cp, x-cp);
data/cfingerd-1.4.3/src/standard.c:892:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (home_phone, cp, x-cp);
data/cfingerd-1.4.3/src/standard.c:897:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((other = (char *)malloc (strlen(cp)+1)) != NULL) {
data/cfingerd-1.4.3/src/standard.c:898:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (other, 0, strlen(cp)+1);
data/cfingerd-1.4.3/src/standard.c:902:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((home_phone = (char *)malloc (strlen(cp)+1)) != NULL) {
data/cfingerd-1.4.3/src/standard.c:903:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (home_phone, 0, strlen(cp)+1);
data/cfingerd-1.4.3/src/standard.c:910:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((username = (char *)malloc (strlen(cp)+1)) != NULL) {
data/cfingerd-1.4.3/src/standard.c:911:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (username, 0, strlen(cp)+1);
data/cfingerd-1.4.3/src/standard.c:917:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(pwent->pw_dir)+strlen(prog_config.no_finger_file)+1 < sizeof(fn)))
data/cfingerd-1.4.3/src/standard.c:917:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(pwent->pw_dir)+strlen(prog_config.no_finger_file)+1 < sizeof(fn)))
data/cfingerd-1.4.3/src/standard.c:920:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pwent->pw_dir)+10 < sizeof(fn))
data/cfingerd-1.4.3/src/strmcpy.c:32:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*t = malloc(strlen(s) + 1);
data/cfingerd-1.4.3/src/util.c:119:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (prog_config.stime_format, "%H:%M (%Z)", sizeof (prog_config.stime_format));
data/cfingerd-1.4.3/src/util.c:120:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (prog_config.ltime_format, "%a %b %d %H:%M (%Z)", sizeof (prog_config.ltime_format));
data/cfingerd-1.4.3/src/util.c:122:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (prog_config.stime_format, "%I:%M %p (%Z)", sizeof (prog_config.stime_format));
data/cfingerd-1.4.3/src/util.c:123:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (prog_config.ltime_format, "%a %b %d %I:%M %p (%Z)", sizeof (prog_config.ltime_format));
data/cfingerd-1.4.3/src/util.c:159:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(pos < strlen(line)) {
data/cfingerd-1.4.3/src/util.c:187:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pos >= strlen(line))
data/cfingerd-1.4.3/src/util.c:202:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(command) >= 4) {
data/cfingerd-1.4.3/src/util.c:204:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(command) == 4)) {
data/cfingerd-1.4.3/src/util.c:220:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(command) == 4)) {
data/cfingerd-1.4.3/src/util.c:236:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(command) == 5)) {
data/cfingerd-1.4.3/src/util.c:246:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(command) == 6)) {
data/cfingerd-1.4.3/src/util.c:252:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(command) == 16)) {
data/cfingerd-1.4.3/src/util.c:262:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(command) == 7)) {
data/cfingerd-1.4.3/src/util.c:272:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(command) == 4) &&
data/cfingerd-1.4.3/src/util.c:294:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int center_dist = 40 - (strlen(displine) / 2) - 1;
data/cfingerd-1.4.3/src/util.c:374:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(acctname, username, 100);
data/cfingerd-1.4.3/src/util.c:383:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, &acctname[strlen(acctname) + 1]);
data/cfingerd-1.4.3/src/util.c:465:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = (char *) malloc(strlen((char *) hostname) +
data/cfingerd-1.4.3/src/util.c:466:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *) domname) + 2);
data/cfingerd-1.4.3/src/util.c:589:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((read (fd[0], line, sizeof (line)-1)) > 0) {
data/cfingerd-1.4.3/src/util.c:590:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size += strlen (line)) < MAX_POPEN_BUF) {
data/cfingerd-1.4.3/src/util.c:610:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write (fd[1], line, strlen (line));
data/cfingerd-1.4.3/src/util.c:621:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen (result)) {
data/cfingerd-1.4.3/userlist/display.c:37:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = (char *) malloc(strlen((char *) hostname) + 1);
data/cfingerd-1.4.3/userlist/display.c:75:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *) tty_list[i].locale) == 0)
data/cfingerd-1.4.3/userlist/display.c:80:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *) tty_list[i].username) > 1) {
data/cfingerd-1.4.3/userlist/display.c:87:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ru, tty_list[i].username, sizeof(ru)-1);
data/cfingerd-1.4.3/userlist/display.c:97:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((username = (char *)malloc (strlen(cp)+1)) != NULL) {
data/cfingerd-1.4.3/userlist/display.c:98:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (username, 0, strlen(cp)+1);
data/cfingerd-1.4.3/userlist/idle.c:28:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(idledisp, "-");
data/cfingerd-1.4.3/userlist/initialize.c:23:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = (char *) malloc(strlen(str));
data/cfingerd-1.4.3/userlist/initialize.c:24:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(str); i++)
data/cfingerd-1.4.3/userlist/initialize.c:63:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tty_list[times_on].username, (char *) ut->ut_name, ULIST_UNAME);
data/cfingerd-1.4.3/userlist/initialize.c:65:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tty_list[times_on].username, (char *) ut->ut_user, ULIST_UNAME);
data/cfingerd-1.4.3/userlist/initialize.c:68:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tty_list[times_on].tty, cp, ULIST_TTY);
data/cfingerd-1.4.3/userlist/initialize.c:78:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tty_list[times_on].locale, cp, ULIST_LOCALE);
data/cfingerd-1.4.3/userlist/initialize.c:79:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen ((char *) ut->ut_host) > ULIST_LINE)
data/cfingerd-1.4.3/userlist/initialize.c:82:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tty_list[times_on].line, (char *) ut->ut_line, ULIST_LINE);
ANALYSIS SUMMARY:
Hits = 256
Lines analyzed = 5669 in approximately 0.22 seconds (25380 lines/second)
Physical Source Lines of Code (SLOC) = 3777
Hits@level = [0] 258 [1] 118 [2] 98 [3] 0 [4] 33 [5] 7
Hits@level+ = [0+] 514 [1+] 256 [2+] 138 [3+] 40 [4+] 40 [5+] 7
Hits/KSLOC@level+ = [0+] 136.087 [1+] 67.7787 [2+] 36.5369 [3+] 10.5904 [4+] 10.5904 [5+] 1.85332
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.