Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ckermit-305~alpha02/ck_crp.c
Examining data/ckermit-305~alpha02/ck_des.c
Examining data/ckermit-305~alpha02/ck_ssl.h
Examining data/ckermit-305~alpha02/ckcasc.h
Examining data/ckermit-305~alpha02/ckcdeb.h
Examining data/ckermit-305~alpha02/ckcfn2.c
Examining data/ckermit-305~alpha02/ckcfn3.c
Examining data/ckermit-305~alpha02/ckcfns.c
Examining data/ckermit-305~alpha02/ckcftp.c
Examining data/ckermit-305~alpha02/ckcker.h
Examining data/ckermit-305~alpha02/ckclib.c
Examining data/ckermit-305~alpha02/ckclib.h
Examining data/ckermit-305~alpha02/ckcmdb.c
Examining data/ckermit-305~alpha02/ckcnet.c
Examining data/ckermit-305~alpha02/ckcnet.h
Examining data/ckermit-305~alpha02/ckcpro.c
Examining data/ckermit-305~alpha02/ckcsig.h
Examining data/ckermit-305~alpha02/ckcssl.h
Examining data/ckermit-305~alpha02/ckcsym.h
Examining data/ckermit-305~alpha02/ckctel.c
Examining data/ckermit-305~alpha02/ckctel.h
Examining data/ckermit-305~alpha02/ckcuni.c
Examining data/ckermit-305~alpha02/ckcuni.h
Examining data/ckermit-305~alpha02/ckcxla.h
Examining data/ckermit-305~alpha02/ckuat2.h
Examining data/ckermit-305~alpha02/ckuath.c
Examining data/ckermit-305~alpha02/ckuath.h
Examining data/ckermit-305~alpha02/ckucmd.c
Examining data/ckermit-305~alpha02/ckucmd.h
Examining data/ckermit-305~alpha02/ckucns.c
Examining data/ckermit-305~alpha02/ckucon.c
Examining data/ckermit-305~alpha02/ckudia.c
Examining data/ckermit-305~alpha02/ckufio.c
Examining data/ckermit-305~alpha02/ckupty.c
Examining data/ckermit-305~alpha02/ckupty.h
Examining data/ckermit-305~alpha02/ckuscr.c
Examining data/ckermit-305~alpha02/ckusig.c
Examining data/ckermit-305~alpha02/ckusig.h
Examining data/ckermit-305~alpha02/ckutio.c
Examining data/ckermit-305~alpha02/ckuus2.c
Examining data/ckermit-305~alpha02/ckuus3.c
Examining data/ckermit-305~alpha02/ckuus4.c
Examining data/ckermit-305~alpha02/ckuus5.c
Examining data/ckermit-305~alpha02/ckuus6.c
Examining data/ckermit-305~alpha02/ckuus7.c
Examining data/ckermit-305~alpha02/ckuusr.c
Examining data/ckermit-305~alpha02/ckuusr.h
Examining data/ckermit-305~alpha02/ckuusx.c
Examining data/ckermit-305~alpha02/ckuusy.c
Examining data/ckermit-305~alpha02/ckuver.h
Examining data/ckermit-305~alpha02/ckuxla.c
Examining data/ckermit-305~alpha02/ckuxla.h
Examining data/ckermit-305~alpha02/ckwart.c
Examining data/ckermit-305~alpha02/ckcmai.c
Examining data/ckermit-305~alpha02/ck_ssl.c

FINAL RESULTS:

data/ckermit-305~alpha02/ckcdeb.h:5950:12:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
extern int chmod(char *path, int mode);
data/ckermit-305~alpha02/ckctel.c:2191:5:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    chown(fwdx_xauthfile, pwd->pw_uid, pwd->pw_gid);
data/ckermit-305~alpha02/ckufio.c:1652:13:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
            chmod(name,ckxperms);
data/ckermit-305~alpha02/ckufio.c:2327:13:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        x = readlink(s,linkname,CKMAXPATH);
data/ckermit-305~alpha02/ckufio.c:2378:13:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        x = readlink(s,linkname,CKMAXPATH);
data/ckermit-305~alpha02/ckufio.c:4397:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    x = chmod(f,mask);
data/ckermit-305~alpha02/ckufio.c:5603:21:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
                x = chmod(f,sb.st_mode);
data/ckermit-305~alpha02/ckufio.c:7176:9:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    if (readlink(s,filbuf,CKMAXPATH) > -1)
data/ckermit-305~alpha02/ckufio.c:7254:17:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
            if (readlink(s,fnam,CKMAXPATH) > -1)
data/ckermit-305~alpha02/ckufio.c:7674:13:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        x = readlink(s1,linkname,CKMAXPATH);
data/ckermit-305~alpha02/ckufio.c:7698:10:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	    x = readlink(s2,linkname,CKMAXPATH);
data/ckermit-305~alpha02/ckupty.c:614:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(slave, 0666);
data/ckermit-305~alpha02/ckupty.c:615:5:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    chown(slave, 0, 0);
data/ckermit-305~alpha02/ckupty.c:682:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(slave, 0666);
data/ckermit-305~alpha02/ckupty.c:683:5:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    chown(slave, 0, 0);
data/ckermit-305~alpha02/ckupty.c:1132:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    if (chmod(slave, 0)) {
data/ckermit-305~alpha02/ckupty.c:1136:9:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    if (chown(slave, 0, 0 ) == -1 ) {
data/ckermit-305~alpha02/ckutio.c:5122:6:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	n = readlink(ttdev,linkto,DEVNAMLEN); /* See if it's a link */
data/ckermit-305~alpha02/ckutio.c:5316:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(tmpnam,0444);			/* Permission for a valid lock. */
data/ckermit-305~alpha02/ckutio.c:5579:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(tmpnam,0444);
data/ckermit-305~alpha02/ckutio.c:5618:4:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
			chmod(lock2, 0444); /* set permissions. */
data/ckermit-305~alpha02/ckutio.c:16107:1:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
readlink(const char *path, void *buf, size_t bufsiz) {
data/ckermit-305~alpha02/ckuus7.c:13840:5:  [5] (buffer) gets:
  Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
    gets(buffer);
data/ckermit-305~alpha02/ck_crp.c:193:10:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    rc = vsprintf(myprtfstr, format, ap);
data/ckermit-305~alpha02/ck_crp.c:221:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tmp,"%s%02X ",was_hex?"":"\" ",data[k]);
data/ckermit-305~alpha02/ck_crp.c:224:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tmp,"%s%c",was_hex?"\"":"",data[k]);
data/ckermit-305~alpha02/ck_crp.c:239:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(tmp,
data/ckermit-305~alpha02/ck_crp.c:245:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(tmp,
data/ckermit-305~alpha02/ck_crp.c:253:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tmp,
data/ckermit-305~alpha02/ck_crp.c:964:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(dbgbuf, ">>>I will support %s\n",
data/ckermit-305~alpha02/ck_crp.c:1008:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(dbgbuf, ">>>I will support %s\n",
data/ckermit-305~alpha02/ck_crp.c:1032:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(tn_msg,"TELNET SENT SB %s SUPPORT ",
data/ckermit-305~alpha02/ck_crp.c:1088:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(dbgbuf, ">>>Remote supports %s (%d)\n",
data/ckermit-305~alpha02/ck_crp.c:1113:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(dbgbuf, ">>>(*ep->start)() %s returned %d (%s)\n",
data/ckermit-305~alpha02/ck_crp.c:1151:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(dbgbuf, ">>>encrypt_is:  "
data/ckermit-305~alpha02/ck_crp.c:1164:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(dbgbuf, ">>>encrypt_is:  "
data/ckermit-305~alpha02/ck_crp.c:1177:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(dbgbuf, "encrypt_is:  "
data/ckermit-305~alpha02/ck_crp.c:1213:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(dbgbuf,
data/ckermit-305~alpha02/ck_crp.c:1226:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(dbgbuf, ">>>No initial negotiation needed for type %s (%d)\n",
data/ckermit-305~alpha02/ck_crp.c:1238:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(dbgbuf, "(*ep->reply)(%x, %d) returned %s(%d)\n",
data/ckermit-305~alpha02/ck_crp.c:1295:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(dbgbuf, "Input is now decrypted with type %s",
data/ckermit-305~alpha02/ck_crp.c:1302:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(dbgbuf, ">>>Start to decrypt input with type %s",
data/ckermit-305~alpha02/ck_crp.c:1310:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(buf, "Warning, Cannot decrypt type %s (%d)!!!",
data/ckermit-305~alpha02/ck_crp.c:1523:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(tn_msg,"TELNET SENT SB %s %s ",
data/ckermit-305~alpha02/ck_crp.c:1586:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(dbgbuf, ">>>Can't encrypt with type %s (%d)\n",
data/ckermit-305~alpha02/ck_crp.c:1599:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(dbgbuf, ">>>Encrypt start: %s (%d) %s\n",
data/ckermit-305~alpha02/ck_crp.c:1625:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tn_msg,"TELNET SENT SB %s START ",
data/ckermit-305~alpha02/ck_crp.c:1652:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(dbgbuf, ">>>Started to encrypt output with type %s",
data/ckermit-305~alpha02/ck_crp.c:1658:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(dbgbuf, "Output is now encrypted with type %s",
data/ckermit-305~alpha02/ck_crp.c:1690:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(tn_msg,"TELNET SENT SB %s END IAC SE",
data/ckermit-305~alpha02/ck_crp.c:1748:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(tn_msg,"TELNET SENT SB %s REQUEST-START ",
data/ckermit-305~alpha02/ck_crp.c:1790:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(tn_msg,"TELNET SENT SB %s REQEND IAC SE",
data/ckermit-305~alpha02/ck_crp.c:2158:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tn_msg,
data/ckermit-305~alpha02/ck_crp.c:2247:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tn_msg,
data/ckermit-305~alpha02/ck_crp.c:2290:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tn_msg,
data/ckermit-305~alpha02/ck_crp.c:2552:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_IV", type);
data/ckermit-305~alpha02/ck_crp.c:2557:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_IV_OK", type);
data/ckermit-305~alpha02/ck_crp.c:2562:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_IV_BAD", type);
data/ckermit-305~alpha02/ck_crp.c:2567:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_CHALLENGE", type);
data/ckermit-305~alpha02/ck_crp.c:2572:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_RESPONSE", type);
data/ckermit-305~alpha02/ck_crp.c:2987:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tn_msg,
data/ckermit-305~alpha02/ck_crp.c:3076:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tn_msg,
data/ckermit-305~alpha02/ck_crp.c:3119:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tn_msg,
data/ckermit-305~alpha02/ck_crp.c:3421:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_IV", type);
data/ckermit-305~alpha02/ck_crp.c:3426:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_IV_OK", type);
data/ckermit-305~alpha02/ck_crp.c:3431:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_IV_BAD", type);
data/ckermit-305~alpha02/ck_crp.c:3436:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_CHALLENGE", type);
data/ckermit-305~alpha02/ck_crp.c:3441:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_RESPONSE", type);
data/ckermit-305~alpha02/ck_crp.c:4455:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_IV", type);
data/ckermit-305~alpha02/ck_crp.c:4460:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_IV_OK", type);
data/ckermit-305~alpha02/ck_crp.c:4465:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lbuf, "%s_IV_BAD", type);
data/ckermit-305~alpha02/ck_crp.c:5559:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(msg);
data/ckermit-305~alpha02/ck_ssl.c:1767:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cert_filepath,"%s/%s",defdir,"telnetd-rsa.pem");
data/ckermit-305~alpha02/ck_ssl.c:1776:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cert_filepath,"%s/%s",defdir,"telnetd-rsa-key.pem");
data/ckermit-305~alpha02/ck_ssl.c:1785:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cert_filepath,"%s/%s",defdir,"telnetd-dsa.pem");
data/ckermit-305~alpha02/ck_ssl.c:1794:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cert_filepath,"%s/%s",defdir,"telnetd-dsa-key.pem");
data/ckermit-305~alpha02/ck_ssl.c:1803:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cert_filepath,"%s/crl",defdir);
data/ckermit-305~alpha02/ck_ssl.c:2942:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(prefix);
data/ckermit-305~alpha02/ck_ssl.c:3305:21:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    printf(ssl_err);
data/ckermit-305~alpha02/ck_ssl.c:3311:21:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    printf(ssl_err);
data/ckermit-305~alpha02/ck_ssl.c:3397:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(errbuf,"[SSL - SSL_accept error: %s",
data/ckermit-305~alpha02/ck_ssl.c:3511:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(errbuf,"[TLS - SSL_accept error: %s",
data/ckermit-305~alpha02/ck_ssl.c:3674:21:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    printf(ssl_err);
data/ckermit-305~alpha02/ck_ssl.c:3680:21:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    printf(ssl_err);
data/ckermit-305~alpha02/ck_ssl.c:3803:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(errbuf,"[TLS - SSL_accept error: %s",
data/ckermit-305~alpha02/ck_ssl.c:3837:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(errbuf,"[SSL - SSL_accept error: %s",
data/ckermit-305~alpha02/ck_ssl.c:3970:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(errbuf,"[TLS - SSL_connect error: %s",
data/ckermit-305~alpha02/ck_ssl.c:4052:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(errbuf,"[SSL - SSL_connect error: %s",
data/ckermit-305~alpha02/ck_ssl.c:4147:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(errbuf,"[TLS - SSL_connect error: %s",
data/ckermit-305~alpha02/ck_ssl.c:4420:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "%s/.tlslogin", pwd->pw_dir);
data/ckermit-305~alpha02/ckcdeb.h:1355:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf		mac_printf
data/ckermit-305~alpha02/ckcdeb.h:1365:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf Vscrnprintf
data/ckermit-305~alpha02/ckcdeb.h:1366:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf Vscrnfprintf
data/ckermit-305~alpha02/ckcdeb.h:1389:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf ckxprintf
data/ckermit-305~alpha02/ckcdeb.h:1390:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf ckxfprintf
data/ckermit-305~alpha02/ckcdeb.h:6281:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf vosprtf
data/ckermit-305~alpha02/ckcfn3.c:76:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	rc = system(tmpbuf);
data/ckermit-305~alpha02/ckcfn3.c:846:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(xbuf,			/* safe (200) */
data/ckermit-305~alpha02/ckcfn3.c:865:8:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	      sprintf(xbuf,		/* safe (checked) */
data/ckermit-305~alpha02/ckcfn3.c:903:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(xbuf,			/* 200, safe */
data/ckermit-305~alpha02/ckcfn3.c:920:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(xbuf,			/* safe (checked) */
data/ckermit-305~alpha02/ckcfns.c:3741:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(iattr.longname.val, zs); /* safe */
data/ckermit-305~alpha02/ckcfns.c:3837:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(newlongname, longname); /* safe (prechecked) */
data/ckermit-305~alpha02/ckcfns.c:3838:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(newlongname, tmp); /* safe (prechecked) */
data/ckermit-305~alpha02/ckcfns.c:3877:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(newlongname, iattr.longname.val); /* safe */
data/ckermit-305~alpha02/ckcfns.c:3878:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(newlongname, tmp); /* safe */
data/ckermit-305~alpha02/ckcfns.c:5910:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)(funcbuf+x)," GET                %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:5919:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," SEND               %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:5926:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," MAIL               %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:5934:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE ASSIGN      %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:5944:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE CD          %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:5952:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE COPY        %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:5962:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE DELETE      %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:5969:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE DIRECTORY   %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:5976:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE EXIT        %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:5983:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE HOST        %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:5998:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE PRINT       %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:6006:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE QUERY       %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:6017:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE MKDIR       %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:6024:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE RMDIR       %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:6031:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE RENAME      %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:6038:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE SET         %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:6045:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE SPACE       %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:6052:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE TYPE        %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:6059:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," REMOTE WHO         %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:6066:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," FINISH             %-14s%s\n",
data/ckermit-305~alpha02/ckcfns.c:6075:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf," BYE                %-14s%s\n\n",
data/ckermit-305~alpha02/ckcfns.c:6098:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf((char *)funcbuf, "C-Kermit %s,%s\n\n", versio, ckxsys);
data/ckermit-305~alpha02/ckcfns.c:6275:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dbuf+10,dstr+8);
data/ckermit-305~alpha02/ckcfns.c:6320:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf((char *)linebuf,
data/ckermit-305~alpha02/ckcfns.c:6324:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	      sprintf((char *)linebuf,
data/ckermit-305~alpha02/ckcfns.c:6327:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	      sprintf((char *)linebuf,
data/ckermit-305~alpha02/ckcfns.c:6332:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf((char *)linebuf,
data/ckermit-305~alpha02/ckcfns.c:6336:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	      sprintf((char *)linebuf,
data/ckermit-305~alpha02/ckcfns.c:6343:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	      sprintf((char *)linebuf,
data/ckermit-305~alpha02/ckcfns.c:6370:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf((char *)funcbuf,
data/ckermit-305~alpha02/ckcfns.c:6381:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf((char *)funcbuf,
data/ckermit-305~alpha02/ckcfns.c:6479:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf((char *)funcbuf,"Listing files: %s%s%s",fnbuf,endline,endline);
data/ckermit-305~alpha02/ckcfns.c:6553:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(cmdstr,"DIRECTORY %s",name); /* safe */
data/ckermit-305~alpha02/ckcfns.c:6602:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf((char *)funcbuf," %10s: %s%s","skipping",p,endline);
data/ckermit-305~alpha02/ckcfns.c:6606:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf((char *)funcbuf," %10s: %s%s","deleted",p,endline);
data/ckermit-305~alpha02/ckcfns.c:6609:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf((char *)funcbuf," directory: %s%s", p, endline);
data/ckermit-305~alpha02/ckcfns.c:6617:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf((char *)funcbuf,
data/ckermit-305~alpha02/ckcfns.c:6669:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf((char *)funcbuf,"Deleting \"%s\"%s",name,endline);
data/ckermit-305~alpha02/ckcfns.c:6708:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(spctext,
data/ckermit-305~alpha02/ckcfns.c:6714:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(spctext,
data/ckermit-305~alpha02/ckcfns.c:6723:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(spctext, " Free space: unknown%s", endline);
data/ckermit-305~alpha02/ckcfns.c:6725:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(spctext, " Free space: %ldK%s", space / 1024L, endline);
data/ckermit-305~alpha02/ckcftp.c:780:36:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define CHECKCONN() if(!connected){printf(nocx);return(-9);}
data/ckermit-305~alpha02/ckcftp.c:3987:17:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
            if (sscanf(s,               /* Parse into struct tm */
data/ckermit-305~alpha02/ckcftp.c:5517:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(s,p);            /* safe */
data/ckermit-305~alpha02/ckcftp.c:5692:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(fspec,p);    /* safe */
data/ckermit-305~alpha02/ckcftp.c:5971:28:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            if (sndfilter) strcpy(sndfilter,pv[SND_FLT].sval); /* safe */
data/ckermit-305~alpha02/ckcftp.c:7075:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(s,p);            /* safe */
data/ckermit-305~alpha02/ckcftp.c:11446:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, ap);
data/ckermit-305~alpha02/ckcftp.c:11449:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, fmt, p1, p2, p3, p4, p5);
data/ckermit-305~alpha02/ckcftp.c:12649:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef printf                           /* (What if it isn't?) */
data/ckermit-305~alpha02/ckcftp.c:12823:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef printf
data/ckermit-305~alpha02/ckcftp.c:13628:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ntin, op->nti);
data/ckermit-305~alpha02/ckcftp.c:13631:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ntout, op->nto);
data/ckermit-305~alpha02/ckcftp.c:13636:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(mapin, op->mi);
data/ckermit-305~alpha02/ckcftp.c:13639:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(mapout, op->mo);
data/ckermit-305~alpha02/ckcftp.c:15541:22:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
	    char * tmpfil = mktemp((char *)tmpfilnam[mlsdepth]);
data/ckermit-305~alpha02/ckcftp.c:15551:9:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
        mktemp((char *)tmpfilnam[mlsdepth]);
data/ckermit-305~alpha02/ckcftp.c:15773:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy(p2,p);	/* SAFE */
data/ckermit-305~alpha02/ckcftp.c:16695:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy(*aname, tokval);      /* safe */
data/ckermit-305~alpha02/ckcftp.c:16711:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(*apass, tokval);          /* safe */
data/ckermit-305~alpha02/ckcftp.c:16723:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(*aacct, tokval);          /* safe */
data/ckermit-305~alpha02/ckcftp.c:17642:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        (void) strcpy(temp, _PATH_TMP);
data/ckermit-305~alpha02/ckcftp.c:17645:16:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
        (void) mktemp(temp);
data/ckermit-305~alpha02/ckclib.c:1026:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(s2,s);			/* (no need for ckstrncpy here) */
data/ckermit-305~alpha02/ckclib.c:1033:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(p,s);		/* (no need for ckstrncpy here) */
data/ckermit-305~alpha02/ckclib.c:1196:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(tmp,s);		/* We already checked the length */
data/ckermit-305~alpha02/ckcmdb.c:372:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(stderr,str);
data/ckermit-305~alpha02/ckcnet.c:1163:23:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                      printf(ssl_err);
data/ckermit-305~alpha02/ckcnet.c:3833:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(remote_nua, name);
data/ckermit-305~alpha02/ckcnet.c:5636:25:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                        printf(ssl_err);
data/ckermit-305~alpha02/ckcnet.c:6424:23:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                      printf(ssl_err);
data/ckermit-305~alpha02/ckcnet.c:6650:23:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                      printf(ssl_err);
data/ckermit-305~alpha02/ckcnet.c:7384:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy((char *)outbuf+outbytes,(char *)localuser);
data/ckermit-305~alpha02/ckcnet.c:7386:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy((char *)outbuf+outbytes,(char *)remoteuser);
data/ckermit-305~alpha02/ckcnet.c:7388:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy((char *)outbuf+outbytes,(char *)term_speed);
data/ckermit-305~alpha02/ckcnet.c:9397:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(buf, response->value);
data/ckermit-305~alpha02/ckcnet.c:9656:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(bptr,ckctox(*ptr,1)); bptr += 2;
data/ckermit-305~alpha02/ckcnet.c:11639:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(request,"GET %s %s\r\n",remote,HTTP_VERSION);       /* safe */
data/ckermit-305~alpha02/ckcnet.c:11918:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(request,"HEAD %s %s\r\n",remote,HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:12110:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(request,"INDEX %s\r\n",HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:12371:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(request,"PUT %s %s\r\n",remote,HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:12665:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(request,"DELETE %s %s\r\n",remote,HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:12912:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(request,"POST %s %s\r\n",remote,HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:13189:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(request,"CONNECT %s %s\r\n",host_port,HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:13194:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(request,...);
data/ckermit-305~alpha02/ckcnet.c:13617:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(host,prefix);
data/ckermit-305~alpha02/ckcpro.c:2410:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(tmp,	/* safe (prechecked) */
data/ckermit-305~alpha02/ckcpro.c:3399:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		      sprintf(tmpbuf, s, s2);
data/ckermit-305~alpha02/ckcpro.c:3515:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(tmpbuf,s,fspec); /* safe (prechecked) */
data/ckermit-305~alpha02/ckcpro.c:3520:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf(tmpbuf,s,cmarg2); /* safe (prechecked) */
data/ckermit-305~alpha02/ckctel.c:2064:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf((char *)fwdx_msg_out,"TELNET SENT SB %s OPTION_DATA XAUTH ",
data/ckermit-305~alpha02/ckctel.c:3360:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tmp,"%s%02X ",was_hex?"":"\" ",data[k]);
data/ckermit-305~alpha02/ckctel.c:3363:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tmp,"%s%c",was_hex?"\"":"",data[k]);
data/ckermit-305~alpha02/ckctel.c:3378:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf((char *)tmp,
data/ckermit-305~alpha02/ckctel.c:3384:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf((char *)tmp,
data/ckermit-305~alpha02/ckctel.c:3392:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf((char *)tmp,
data/ckermit-305~alpha02/ckctel.c:4284:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(&tn_msg[len], s[param]);
data/ckermit-305~alpha02/ckctel.c:5423:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(TELOPT_SB(TELOPT_TTYPE).term.type,&(sb[1]));
data/ckermit-305~alpha02/ckctel.c:6030:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(&reply[n+6],uu);
data/ckermit-305~alpha02/ckctel.c:6037:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(&reply[n+5],tn_env_job);
data/ckermit-305~alpha02/ckctel.c:6044:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(&reply[n+6],tn_env_acct);
data/ckermit-305~alpha02/ckctel.c:6051:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(&reply[n+9],tn_env_prnt);
data/ckermit-305~alpha02/ckctel.c:6058:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(&reply[n+12],tn_env_sys);
data/ckermit-305~alpha02/ckctel.c:6065:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(&reply[n+9],disp);
data/ckermit-305~alpha02/ckctel.c:6072:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(&reply[n+6],uu);
data/ckermit-305~alpha02/ckctel.c:6078:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(&reply[n+5],tn_env_job);
data/ckermit-305~alpha02/ckctel.c:6084:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(&reply[n+6],tn_env_acct);
data/ckermit-305~alpha02/ckctel.c:6090:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(&reply[n+9],tn_env_prnt);
data/ckermit-305~alpha02/ckctel.c:6096:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(&reply[n+12],tn_env_sys);
data/ckermit-305~alpha02/ckctel.c:6102:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(&reply[n+9],disp);
data/ckermit-305~alpha02/ckctel.c:6119:31:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                              strcpy(&reply[n+1],tn_env_uservar[x][0]);
data/ckermit-305~alpha02/ckctel.c:6121:31:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                              strcpy(&reply[n+y+2],tn_env_uservar[x][1]);
data/ckermit-305~alpha02/ckctel.c:6128:27:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                          strcpy(&reply[n+1],SFUTLNTVER);
data/ckermit-305~alpha02/ckctel.c:6130:27:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                          strcpy(&reply[n+12],SFUTLNTVER_VALUE);
data/ckermit-305~alpha02/ckctel.c:6134:27:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                          strcpy(&reply[n+1],SFUTLNTMODE);
data/ckermit-305~alpha02/ckctel.c:6136:27:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                          strcpy(&reply[n+13],SFUTLNTMODE_VALUE);
data/ckermit-305~alpha02/ckctel.c:6143:27:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                          strcpy(&reply[n+10],tn_loc);
data/ckermit-305~alpha02/ckctel.c:6148:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(&reply[n+1],SFUTLNTVER);
data/ckermit-305~alpha02/ckctel.c:6150:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(&reply[n+12],SFUTLNTVER_VALUE);
data/ckermit-305~alpha02/ckctel.c:6154:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(&reply[n+1],SFUTLNTMODE);
data/ckermit-305~alpha02/ckctel.c:6156:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(&reply[n+13],SFUTLNTMODE_VALUE);
data/ckermit-305~alpha02/ckctel.c:6164:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(&reply[n+10],tn_loc);
data/ckermit-305~alpha02/ckctel.c:6176:31:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                              strcpy(&reply[n+1],tn_env_uservar[x][0]);
data/ckermit-305~alpha02/ckctel.c:6178:31:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                              strcpy(&reply[n+y+2],tn_env_uservar[x][1]);
data/ckermit-305~alpha02/ckuath.c:139:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef printf
data/ckermit-305~alpha02/ckuath.c:140:20:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define saveprintf printf
data/ckermit-305~alpha02/ckuath.c:141:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/ckermit-305~alpha02/ckuath.c:148:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf saveprintf
data/ckermit-305~alpha02/ckuath.c:3735:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            sprintf(prompt,k4pwprompt,krb4_init.principal,krb4_init.realm);
data/ckermit-305~alpha02/ckuath.c:4402:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            sprintf(prompt,k5pwprompt,krb5_init.principal,krb5_init.realm);
data/ckermit-305~alpha02/ckuath.c:6097:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(service_name, "%s@%s", *service, localname);
data/ckermit-305~alpha02/ckuath.c:6464:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(preface,srppwprompt,szUserName);
data/ckermit-305~alpha02/ckuath.c:6640:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(strTmp,ptr);
data/ckermit-305~alpha02/ckuath.c:6920:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(preface,srppwprompt,szUserName);
data/ckermit-305~alpha02/ckuath.c:7732:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(realm,realms[i]);
data/ckermit-305~alpha02/ckuath.c:7760:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(init->realm,realm);
data/ckermit-305~alpha02/ckuath.c:7763:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(krb5_d_realm,realm);
data/ckermit-305~alpha02/ckuath.c:8064:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(prmpt,k5pwprompt,principal,realm);
data/ckermit-305~alpha02/ckuath.c:8939:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(format,timestring);
data/ckermit-305~alpha02/ckuath.c:8942:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(format,short_date(&tv));
data/ckermit-305~alpha02/ckuath.c:9420:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(format,short_date(&tv));
data/ckermit-305~alpha02/ckuath.c:11697:13:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            printf(check);
data/ckermit-305~alpha02/ckuath.c:12794:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access (auth_name, R_OK) != 0)          /* checks REAL id */
data/ckermit-305~alpha02/ckuath.c:13305:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(uidbuf,szUserNameRequested);
data/ckermit-305~alpha02/ckucmd.c:242:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf				/* use of "printf" in syslog.h */
data/ckermit-305~alpha02/ckucmd.c:250:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf ckxprintf
data/ckermit-305~alpha02/ckucmd.c:695:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(s2[n2],filbuf);
data/ckermit-305~alpha02/ckucmd.c:1055:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,cmdbuf);
data/ckermit-305~alpha02/ckucmd.c:1060:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,savbuf);
data/ckermit-305~alpha02/ckucmd.c:1067:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,atmbuf);
data/ckermit-305~alpha02/ckucmd.c:1072:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,atxbuf);
data/ckermit-305~alpha02/ckucmd.c:1077:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,atybuf);
data/ckermit-305~alpha02/ckucmd.c:1082:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,filbuf);
data/ckermit-305~alpha02/ckucmd.c:1087:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,cmdbuf);
data/ckermit-305~alpha02/ckucmd.c:1092:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,savbuf);
data/ckermit-305~alpha02/ckucmd.c:1099:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,atmbuf);
data/ckermit-305~alpha02/ckucmd.c:1104:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,atxbuf);
data/ckermit-305~alpha02/ckucmd.c:1109:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,atybuf);
data/ckermit-305~alpha02/ckucmd.c:1114:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (cp) strcpy(cp,filbuf);
data/ckermit-305~alpha02/ckucmd.c:1777:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(np, path);
data/ckermit-305~alpha02/ckucmd.c:1899:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(sv,*xp);
data/ckermit-305~alpha02/ckucmd.c:2746:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	      printf(dirflg ? " Directory name" : " Input file specification");
data/ckermit-305~alpha02/ckucmd.c:3905:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(datebuf,"%s %02d:%02d:%02d", mjd2date(d1+d2),hh,mm,ss);
data/ckermit-305~alpha02/ckucmd.c:4737:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(yyyymmdd,"%s%s%02d",year,month,nday); /* for tz calculations... */
data/ckermit-305~alpha02/ckucmd.c:5242:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(zbuf,"%s %02d:%02d:%02d",mjd2date(zz),hh,mm,ss);
data/ckermit-305~alpha02/ckucmd.c:5608:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(obuf,"%04d-%s-%02d%s",yy,monthstring,dd,&ibuf[8]);
data/ckermit-305~alpha02/ckucmd.c:5611:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(obuf,"%02d-%s-%04d%s",dd,monthstring,yy,&ibuf[8]);
data/ckermit-305~alpha02/ckucmd.c:5614:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(obuf,"%d %s %d%s", dd, monthstring, yy, &ibuf[8]);
data/ckermit-305~alpha02/ckucmd.h:84:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/ckermit-305~alpha02/ckucmd.h:85:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf conprint
data/ckermit-305~alpha02/ckucns.c:2156:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			    sprintf(apcbuf,
data/ckermit-305~alpha02/ckucns.c:2621:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(temp," Terminal echo: %s", duplex ? "local" : "remote");
data/ckermit-305~alpha02/ckucns.c:2628:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(temp," Parity[hardware]: %s",parnam(hwparity));
data/ckermit-305~alpha02/ckucns.c:2630:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(temp," Parity: %s", parnam(parity));
data/ckermit-305~alpha02/ckucns.c:2633:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(temp," Autodownload: %s", autodl ? "on" : "off");
data/ckermit-305~alpha02/ckucns.c:2652:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(temp," Elapsed time: %s",hhmmss(z));
data/ckermit-305~alpha02/ckucon.c:1318:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			    sprintf(apcbuf,
data/ckermit-305~alpha02/ckucon.c:2594:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(temp," Terminal echo: %s", duplex ? "local" : "remote");
data/ckermit-305~alpha02/ckucon.c:2601:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(temp," Parity[hardware]: %s",parnam((char)hwparity));
data/ckermit-305~alpha02/ckucon.c:2603:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  	      sprintf(temp," Parity: %s", parnam((char)parity));
data/ckermit-305~alpha02/ckucon.c:2605:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(temp," Autodownload: %s", autodl ? "on" : "off");
data/ckermit-305~alpha02/ckucon.c:2623:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(temp," Elapsed time: %s",hhmmss(z));
data/ckermit-305~alpha02/ckudia.c:4478:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(p," %s %s T=DIAL H=%s D=%s N=%s O=%s ",	/* safe (prechecked) */
data/ckermit-305~alpha02/ckudia.c:5001:17:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
         } else printf(func_code == 0 ?
data/ckermit-305~alpha02/ckudia.c:5111:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(xbuf,"%c%s",c,telnbr);
data/ckermit-305~alpha02/ckudia.c:5802:4:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	  sprintf(lbuf, dcmd, xnum);	/* safe (prechecked) */
data/ckermit-305~alpha02/ckudia.c:6575:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(erp,"Sorry, can't open %s",ttname);
data/ckermit-305~alpha02/ckudia.c:6601:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	      sprintf(erp,"Sorry, can't reopen %s",ttname);
data/ckermit-305~alpha02/ckudia.c:6828:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    printf(
data/ckermit-305~alpha02/ckufio.c:678:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(resp[i]->resp, message);	/* safe (prechecked) */
data/ckermit-305~alpha02/ckufio.c:916:19:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
_PROTOTYP( FILE * popen, (char *, char *) );
data/ckermit-305~alpha02/ckufio.c:976:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf                           /* use of "printf" in syslog.h */
data/ckermit-305~alpha02/ckufio.c:986:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf ckxprintf
data/ckermit-305~alpha02/ckufio.c:1744:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		  sprintf(iksdmsg,	/* SAFE */
data/ckermit-305~alpha02/ckufio.c:1747:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		  sprintf(iksdmsg,	/* SAFE */
data/ckermit-305~alpha02/ckufio.c:2483:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if ((x = access(s,R_OK)) < 0)
data/ckermit-305~alpha02/ckufio.c:2484:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	  x = access(s,X_OK);		/* For RUN-class commands */
data/ckermit-305~alpha02/ckufio.c:2680:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    x = access(s,W_OK);                 /* Check access of path. */
data/ckermit-305~alpha02/ckufio.c:3294:22:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        fp[filnum] = popen(comand,"w");
data/ckermit-305~alpha02/ckufio.c:3390:9:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        execl(shpath,shname,"-c",comand,(char *)NULL); /* Execute the cmd */
data/ckermit-305~alpha02/ckufio.c:4111:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p,new);                  /* (safe) Directory part */
data/ckermit-305~alpha02/ckufio.c:4115:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(p,q);                    /* cat to new directory (safe) */
data/ckermit-305~alpha02/ckufio.c:4736:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(datbuf,
data/ckermit-305~alpha02/ckufio.c:5703:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(zmbuf,"mailx -s %c%s%c %s < %s", '"', f, '"', p, f);
data/ckermit-305~alpha02/ckufio.c:5705:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(zmbuf,"Mail -s %c%s%c %s < %s", '"', f, '"', p, f);
data/ckermit-305~alpha02/ckufio.c:5711:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(zmbuf,"mail %s < %s", p, f);
data/ckermit-305~alpha02/ckufio.c:5713:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(zmbuf,"mailx -s %c%s%c %s < %s", '"', f, '"', p, f);
data/ckermit-305~alpha02/ckufio.c:5764:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(zmbuf,"cat %s | %s", f, printername);
data/ckermit-305~alpha02/ckufio.c:5769:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(zmbuf,"cat %s >> %s", f, printername);
data/ckermit-305~alpha02/ckufio.c:5774:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(zmbuf,"%s %s < %s", PRINTCMD, p, f);
data/ckermit-305~alpha02/ckufio.c:5835:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(q,scratch);          /* (safe) Copy name to space */
data/ckermit-305~alpha02/ckufio.c:6280:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(endcur,pl -> npart);     /* (safe) Append next part. */
data/ckermit-305~alpha02/ckufio.c:6573:27:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                          strcpy(xx -> npart, pl -> npart); /* safe */
data/ckermit-305~alpha02/ckufio.c:6642:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(freeptr,str);		/* safe */
data/ckermit-305~alpha02/ckufio.c:6746:29:  [4] (misc) getlogin:
  It's often easy to fool getlogin. Sometimes it does not work at all,
  because some program messed up the utmp file. Often, it gives only the
  first 8 characters of the login name. The user currently logged in on the
  controlling tty of our program need not be the user who started it. Avoid
  getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
  and extract the desired information instead.
    _PROTOTYP(extern char * getlogin, (void) );
data/ckermit-305~alpha02/ckufio.c:6773:15:  [4] (misc) getlogin:
  It's often easy to fool getlogin. Sometimes it does not work at all,
  because some program messed up the utmp file. Often, it gives only the
  first 8 characters of the login name. The user currently logged in on the
  controlling tty of our program need not be the user who started it. Avoid
  getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
  and extract the desired information instead.
    if ((c =  getlogin()) != NULL) {    /* name from utmp file */
data/ckermit-305~alpha02/ckufio.c:6881:29:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if (!priv_chk()) return(system(s));
data/ckermit-305~alpha02/ckufio.c:6904:5:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execl("/usr/bin/sh","sh","-c",s,NULL);
data/ckermit-305~alpha02/ckufio.c:6908:5:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execl("/bin/rc", "rc", "-c", s, NULL);
data/ckermit-305~alpha02/ckufio.c:6911:5:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execl("/bin/sh","sh","-c",s,NULL);
data/ckermit-305~alpha02/ckufio.c:6955:9:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    x = execvp(p,s);
data/ckermit-305~alpha02/ckufio.c:7048:13:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            execl(shpath,shname,"-i",NULL); /* Yes, do that */
data/ckermit-305~alpha02/ckufio.c:7051:13:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            execl(shpath,shname,"-c",s,NULL); /* exec the given command */
data/ckermit-305~alpha02/ckufio.c:7314:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tp,path);			/* safe (prechecked) */
data/ckermit-305~alpha02/ckufio.c:7329:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(tp,xp);              /* Copy expanded name to new buffer */
data/ckermit-305~alpha02/ckufio.c:7730:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(buf,R_OK) < 0) {		/* Check access */
data/ckermit-305~alpha02/ckufio.c:7814:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    (void) strcpy(new, s);		/* safe */
data/ckermit-305~alpha02/ckufio.c:8114:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s%s",
data/ckermit-305~alpha02/ckufio.c:8212:24:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
    krb_set_tkt_string(mktemp(tkt_file));
data/ckermit-305~alpha02/ckufio.c:8373:27:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
        xpasswd = (char *)crypt(p, salt);
data/ckermit-305~alpha02/ckufio.c:8479:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(proctitle, "%s: anonymous/%.*s",
data/ckermit-305~alpha02/ckufio.c:8504:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(proctitle, "%s: %s",
data/ckermit-305~alpha02/ckupty.c:1843:5:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execvp(args[0],args);
data/ckermit-305~alpha02/ckuscr.c:328:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(rseqtrace,dbchr(rseqgot[rseql-1]));
data/ckermit-305~alpha02/ckutio.c:2293:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tn_loc,p);		/* safe */
data/ckermit-305~alpha02/ckutio.c:5179:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(lockfil,"LCK..%.3s%s", &ttdev[5], device);
data/ckermit-305~alpha02/ckutio.c:5185:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(lockfil,"LCK..%s", device);
data/ckermit-305~alpha02/ckutio.c:5263:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmpnam,"%s/LTMP.%05d",lockdir,(int) pid); /* safe */
data/ckermit-305~alpha02/ckutio.c:5285:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(				/* write PID as decimal string */
data/ckermit-305~alpha02/ckutio.c:5529:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(tmpnam,"%s/LTMP.%05d",lockdir,(int) pid); /* Make temp name */
data/ckermit-305~alpha02/ckutio.c:13119:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(temp,"/usr/bin/getoff.sh %s",ttname);
data/ckermit-305~alpha02/ckutio.c:13130:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(temp,"/usr/bin/geton.sh %s",ttname);
data/ckermit-305~alpha02/ckutio.c:14812:2:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execvp(args[0],args);
data/ckermit-305~alpha02/ckutio.c:15412:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	x = system(s);
data/ckermit-305~alpha02/ckutio.c:15685:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(name, "%sctl", ttname);
data/ckermit-305~alpha02/ckutio.c:15789:9:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    i = vsprintf(buf, fmt, ap);
data/ckermit-305~alpha02/ckutio.c:15808:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef fprintf
data/ckermit-305~alpha02/ckutio.c:15809:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/ckermit-305~alpha02/ckutio.c:15834:7:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	rc = vfprintf(file,format,args);
data/ckermit-305~alpha02/ckutio.c:15837:14:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
        rc = vsprintf(str1, format, args);
data/ckermit-305~alpha02/ckutio.c:15936:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef printf
data/ckermit-305~alpha02/ckutio.c:15937:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/ckermit-305~alpha02/ckutio.c:15958:7:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	rc = vprintf(format, args);
data/ckermit-305~alpha02/ckutio.c:15961:14:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
        rc = vsprintf(str1, format, args);
data/ckermit-305~alpha02/ckuus2.c:10297:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(
data/ckermit-305~alpha02/ckuus2.c:10303:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(
data/ckermit-305~alpha02/ckuus2.c:11361:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(
data/ckermit-305~alpha02/ckuus3.c:2251:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(dirpath,
data/ckermit-305~alpha02/ckuus3.c:2364:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pp[dd],s);           /* Copy string into new storage */
data/ckermit-305~alpha02/ckuus3.c:2377:25:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                        strcat(pp[dd], (char *) dirsep); /* safe */
data/ckermit-305~alpha02/ckuus3.c:2981:15:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
              printf(fc == 2 ?
data/ckermit-305~alpha02/ckuus3.c:3795:29:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                            strcpy(s3,s2);   /* SAFE */
data/ckermit-305~alpha02/ckuus3.c:4268:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(tmp,line);
data/ckermit-305~alpha02/ckuus3.c:5103:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(p," %s %s T=SERIAL H=%s D=%s ", /* SAFE */
data/ckermit-305~alpha02/ckuus3.c:5184:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(p," %s %s T=%s N=%s H=%s P=%s ",
data/ckermit-305~alpha02/ckuus3.c:5545:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(dialcmd,s);        /* and make a safe copy. */
data/ckermit-305~alpha02/ckuus3.c:5608:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tmpbuf,"Modem's command to %sable %s", /* SAFE */
data/ckermit-305~alpha02/ckuus3.c:5910:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(p[n], s); /* safe */
data/ckermit-305~alpha02/ckuus3.c:5977:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(p[n], s); /* safe */
data/ckermit-305~alpha02/ckuus3.c:6054:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(p[n], s); /* safe */
data/ckermit-305~alpha02/ckuus3.c:6779:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy((char *) macrotab[kc], s); /* safe */
data/ckermit-305~alpha02/ckuus3.c:6903:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(px,s);                   /* safe */
data/ckermit-305~alpha02/ckuus3.c:7408:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(pv[n].sval,s);   /* safe */
data/ckermit-305~alpha02/ckuus3.c:7434:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(pv[n].sval,s); /* safe */
data/ckermit-305~alpha02/ckuus3.c:7445:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(pv[n].sval,s); /* safe */
data/ckermit-305~alpha02/ckuus3.c:7464:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(pv[n].sval,s);   /* safe */
data/ckermit-305~alpha02/ckuus3.c:7491:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(pv[n].sval,s);   /* safe */
data/ckermit-305~alpha02/ckuus3.c:7712:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(printername,s);          /* (safe) Copy new name to new space */
data/ckermit-305~alpha02/ckuus3.c:9570:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy(tcp_socks_ns,s);
data/ckermit-305~alpha02/ckuus3.c:9593:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(tcp_address,s);
data/ckermit-305~alpha02/ckuus3.c:10194:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(tn_term,s);
data/ckermit-305~alpha02/ckuus3.c:13139:31:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                              strcpy(q,p);
data/ckermit-305~alpha02/ckuus4.c:1344:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
      sprintf(takepath,
data/ckermit-305~alpha02/ckuus4.c:3668:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(hompthbuf,"%s>",h);	/* SAFE */
data/ckermit-305~alpha02/ckuus4.c:7527:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(zjdbuf,"%04d%03d %s",y,j,time); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:7602:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(jzdbuf,"%04d%02d%02d %s",y,m,d,time); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:7773:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        sprintf(buf,fbuf,fpresult);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:7777:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        sprintf(buf,fbuf,fpresult);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:7870:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(p,s);                        /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:8173:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(fnval,"<ERROR:NO_SUCH_FUNCTION:\\f%s()>",fn);
data/ckermit-305~alpha02/ckuus4.c:8179:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(fnval,"<ERROR:NAME_AMBIGUOUS:\\f%s()>",fn);
data/ckermit-305~alpha02/ckuus4.c:8188:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(fnval,"<ERROR:LOOKUP_FAILURE:\\f%s()>",fn);
data/ckermit-305~alpha02/ckuus4.c:8202:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
          sprintf(fnval,"<ERROR:MISSING_ARG:\\f%s()>",fn);
data/ckermit-305~alpha02/ckuus4.c:9102:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(bp[0],val1);       /* safe */
data/ckermit-305~alpha02/ckuus4.c:9160:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(bp[1],val1);             /* safe */
data/ckermit-305~alpha02/ckuus4.c:10020:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        sprintf(fnval, cx == FN_2HEX ? "%lx" : "%lo", atol(val1)); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11422:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(fnval,fbuf,fpresult);   /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11449:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(fnval,fbuf,fpresult);
data/ckermit-305~alpha02/ckuus4.c:11453:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(fnval,fbuf,fpresult); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13035:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
          sprintf(embuf,"<ERROR:NO_SUCH_VARIABLE:\\v(%s)>",s); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13309:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(vvbuf, "%s", ckfstoa(ffc)); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13313:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(vvbuf, "%s", ckfstoa(tfc)); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13572:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(vvbuf, "%s",            /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14650:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        sprintf(vvbuf,                  /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:15675:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(p,vp);           /* (safe) Make a copy of it */
data/ckermit-305~alpha02/ckuus4.c:15749:37:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                                    strcpy(q,vp); /* safe */
data/ckermit-305~alpha02/ckuus5.c:1667:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(tfnam[tlevel],line);   /* safe */
data/ckermit-305~alpha02/ckuus5.c:1803:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(tfnam[tlevel],line);   /* safe */
data/ckermit-305~alpha02/ckuus5.c:1839:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(tfnam[tlevel],line); /* safe */
data/ckermit-305~alpha02/ckuus5.c:1913:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(line + (lp - pgmptr + 1), iksdconf);
data/ckermit-305~alpha02/ckuus5.c:1934:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(tfnam[tlevel],line);
data/ckermit-305~alpha02/ckuus5.c:1937:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(tfnam[tlevel],iksdconf);
data/ckermit-305~alpha02/ckuus5.c:2876:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf((x > 0) ?
data/ckermit-305~alpha02/ckuus5.c:3336:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(p,cmdbuf); /* the command buffer (SAFE). */
data/ckermit-305~alpha02/ckuus5.c:3597:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(v->lv_name, p);              /* Copy name into new node (SAFE) */
data/ckermit-305~alpha02/ckuus5.c:3602:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(v->lv_value, s);         /* Copy value into new node (SAFE) */
data/ckermit-305~alpha02/ckuus5.c:4430:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(s,def);                  /* NOT USED */
data/ckermit-305~alpha02/ckuus5.c:4451:20:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            } else strcpy(p,def);       /* Copy def into new space (SAFE) */
data/ckermit-305~alpha02/ckuus5.c:4498:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(p,def);          /* Copy def into new space (SAFE). */
data/ckermit-305~alpha02/ckuus5.c:4602:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p,nam);                  /* Copy name into new space (SAFE) */
data/ckermit-305~alpha02/ckuus5.c:4615:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(p,def);              /* Copy the definition (SAFE) */
data/ckermit-305~alpha02/ckuus5.c:6254:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(
data/ckermit-305~alpha02/ckuus5.c:6477:17:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                printf(flag == 3 ? " {%s}" : " %s", p[i]);
data/ckermit-305~alpha02/ckuus5.c:7531:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            sprintf(cpbuf,              /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10068:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(p,s);            /* safe */
data/ckermit-305~alpha02/ckuus6.c:2123:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(pdsfx,"%s%s",p2,sfx); /* UNSAFE */
data/ckermit-305~alpha02/ckuus6.c:2124:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(outbuf,
data/ckermit-305~alpha02/ckuus6.c:2162:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(outbuf,"%s%s%s%s%s%s%s",
data/ckermit-305~alpha02/ckuus6.c:2165:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(pdsfx,"%s%s",p2,sfx);
data/ckermit-305~alpha02/ckuus6.c:2179:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(outbuf,"%s%s%s%s%s%s",npr,p,acptr,s,p2,sfx);
data/ckermit-305~alpha02/ckuus6.c:2181:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(outbuf,"%s%s%s%s%s",npr,p,s,p2,sfx);
data/ckermit-305~alpha02/ckuus6.c:2182:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(pdsfx,"%s%s",p2,sfx);
data/ckermit-305~alpha02/ckuus6.c:2240:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                        sprintf(outbuf,"%s%s%s%s",npr,p,s,sfx);
data/ckermit-305~alpha02/ckuus6.c:2251:27:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                          sprintf(outbuf,"%s%s%s%s%s%s%s",
data/ckermit-305~alpha02/ckuus6.c:2255:27:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                          sprintf(outbuf,
data/ckermit-305~alpha02/ckuus6.c:2374:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(outbuf,"%s%s%s%s%s%s",pxo,npr,p,s,p2,sfx);
data/ckermit-305~alpha02/ckuus6.c:2375:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(pdsfx,"%s%s",p2,sfx);
data/ckermit-305~alpha02/ckuus6.c:2395:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(outbuf,"%s%s%s%s%s%s",pxo,npr,p,xbuf,p2,sfx);
data/ckermit-305~alpha02/ckuus6.c:2396:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(pdsfx,"%s%s",p2,sfx);
data/ckermit-305~alpha02/ckuus6.c:2623:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pp,line);            /* safe */
data/ckermit-305~alpha02/ckuus6.c:2678:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(tmpbuf,
data/ckermit-305~alpha02/ckuus6.c:2759:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pp,info[2]);         /* safe */
data/ckermit-305~alpha02/ckuus6.c:2782:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(d_name,info[1]); /* safe */
data/ckermit-305~alpha02/ckuus6.c:6393:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            sprintf(dbuf,               /* SAFE */
data/ckermit-305~alpha02/ckuus6.c:6409:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(dbuf+10,dstr+8);     /* hh:mm:ss */
data/ckermit-305~alpha02/ckuus6.c:6434:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(linebuf,"%-22s%-10s  %s  %s",p,"<DIR>",dstr,name);
data/ckermit-305~alpha02/ckuus6.c:6437:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(linebuf,"%10s%-10s  %s  %s",p,"<DIR>",dstr,name);
data/ckermit-305~alpha02/ckuus6.c:6439:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(linebuf,"%-10s  %s  %s", "<DIR>", dstr, name);
data/ckermit-305~alpha02/ckuus6.c:6443:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(linebuf,"%-22s%10s  %s  %s", p, ckfstoa(len), dstr, name);
data/ckermit-305~alpha02/ckuus6.c:6446:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(linebuf,"%10s%10s  %s  %s", p, ckfstoa(len), dstr, name);
data/ckermit-305~alpha02/ckuus6.c:6448:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(linebuf,"%10s  %s  %s", ckfstoa(len), dstr, name);
data/ckermit-305~alpha02/ckuus6.c:6467:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(linebuf+n+4, linkname); /* safe (checked) */
data/ckermit-305~alpha02/ckuus6.c:6495:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy(linebuf+n, s); /* safe (checked) */
data/ckermit-305~alpha02/ckuus6.c:6502:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf((char *)(linebuf+n)," %s", dirmsg); /* SAFE */
data/ckermit-305~alpha02/ckuus6.c:6512:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(dirlist[ndirlist],linebuf); /* safe */
data/ckermit-305~alpha02/ckuus6.c:8554:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(                         /* if target is not a directory */
data/ckermit-305~alpha02/ckuus6.c:8782:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    printf(			/* if target is not a directory */
data/ckermit-305~alpha02/ckuus6.c:9967:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    printf(			/* if target is not a directory */
data/ckermit-305~alpha02/ckuus6.c:10527:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(pv[n].sval,s);   /* safe */
data/ckermit-305~alpha02/ckuus6.c:10541:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(pv[n].sval,s);     /* safe */
data/ckermit-305~alpha02/ckuus6.c:10573:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(pv[n].sval,s); /* safe */
data/ckermit-305~alpha02/ckuus6.c:10599:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(pv[n].sval,s); /* safe */
data/ckermit-305~alpha02/ckuus6.c:10636:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy(pv[n].sval,s); /* safe */
data/ckermit-305~alpha02/ckuus6.c:10958:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(s,p);            /* safe */
data/ckermit-305~alpha02/ckuus6.c:11124:21:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                    sprintf(p,"%s%s",cmarg2,"x.x"); /* SAFE (prechecked) */
data/ckermit-305~alpha02/ckuus6.c:12810:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy(p,ifcond);     /* safe (prechecked) */
data/ckermit-305~alpha02/ckuus6.c:12811:19:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                  strcat(p,line);       /* safe (prechecked) */
data/ckermit-305~alpha02/ckuus6.c:12885:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(tfnam[tlevel],s);    /* safe */
data/ckermit-305~alpha02/ckuus7.c:3842:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(				/* putenv() does not allow this. */
data/ckermit-305~alpha02/ckuus7.c:5607:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(defevt.literal.string, s); /* safe */
data/ckermit-305~alpha02/ckuus7.c:5612:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(defevt.macro.string, s); /* safe */
data/ckermit-305~alpha02/ckuus7.c:6113:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy(defevt.macro.string, s); /* safe */
data/ckermit-305~alpha02/ckuus7.c:6488:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy((char *) mousemap[button][event].macro.string, s); /* safe */
data/ckermit-305~alpha02/ckuus7.c:7131:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf(
data/ckermit-305~alpha02/ckuus7.c:7421:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(p1,s);                 /* safe */
data/ckermit-305~alpha02/ckuus7.c:7431:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(p2,s);             /* safe */
data/ckermit-305~alpha02/ckuus7.c:7441:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy(p3,s);         /* safe */
data/ckermit-305~alpha02/ckuus7.c:7476:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(p1,s);                 /* safe */
data/ckermit-305~alpha02/ckuus7.c:7491:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(p2,s);                 /* safe */
data/ckermit-305~alpha02/ckuus7.c:8619:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(n_name,info[1]);     /* safe */
data/ckermit-305~alpha02/ckuus7.c:13328:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                        sprintf(buf, "set key \\%d \\K%s\t; %s",
data/ckermit-305~alpha02/ckuus7.c:13346:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                        sprintf(buf, "set key \\%d \\K%s", i, kverbs[j].kwd);
data/ckermit-305~alpha02/ckuus7.c:13363:23:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                      sprintf(buf, "set key \\%d \\{%d}\t; %s",
data/ckermit-305~alpha02/ckuus7.c:13417:21:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                    sprintf(buf, "set terminal key %s \\%d \\{%d}\t; %s",
data/ckermit-305~alpha02/ckuus7.c:13447:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                        sprintf(buf, "set terminal key %s \\%d \\K%s\t; %s",
data/ckermit-305~alpha02/ckuus7.c:13474:23:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                      sprintf(buf,"set terminal key %s \\%d ",
data/ckermit-305~alpha02/ckuus7.c:13517:23:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                      sprintf(buf,"set terminal key %s /literal \\%d ",
data/ckermit-305~alpha02/ckuus7.c:13558:21:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                    sprintf(buf,
data/ckermit-305~alpha02/ckuus7.c:13588:21:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                    sprintf(buf,
data/ckermit-305~alpha02/ckuus7.c:14936:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(prmpt,"%s@%s's Password: ",
data/ckermit-305~alpha02/ckuus7.c:14939:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(prmpt,"%s@%s's Password: ",
data/ckermit-305~alpha02/ckuus7.c:14942:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                  sprintf(prmpt,"%s's Password: ",tmpprinz);
data/ckermit-305~alpha02/ckuus7.c:15242:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy((char *)_u,s);       /* safe */
data/ckermit-305~alpha02/ckuus7.c:15353:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy((char *)_p,s);       /* safe */
data/ckermit-305~alpha02/ckuusr.c:4204:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pv[n].sval,s);	/* safe */
data/ckermit-305~alpha02/ckuusr.c:4234:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(pv[n].sval,s); /* safe */
data/ckermit-305~alpha02/ckuusr.c:4264:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pv[n].sval,s);	/* safe */
data/ckermit-305~alpha02/ckuusr.c:4289:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(pv[n].sval,s);	/* safe */
data/ckermit-305~alpha02/ckuusr.c:4307:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(pv[n].sval,s);	/* safe */
data/ckermit-305~alpha02/ckuusr.c:4325:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(pv[n].sval,s); /* safe */
data/ckermit-305~alpha02/ckuusr.c:4382:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy(pv[n].sval,s);	/* safe */
data/ckermit-305~alpha02/ckuusr.c:4438:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(pv[n].sval,s);
data/ckermit-305~alpha02/ckuusr.c:4700:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(s,p);		/* safe */
data/ckermit-305~alpha02/ckuusr.c:4866:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(fspec,p);	/* safe */
data/ckermit-305~alpha02/ckuusr.c:4903:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy(pv[SND_ASN].sval,p);	/* safe */
data/ckermit-305~alpha02/ckuusr.c:5142:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(asnbuf,cmarg2);	/* safe */
data/ckermit-305~alpha02/ckuusr.c:5505:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(pv[n].sval,s); /* safe */
data/ckermit-305~alpha02/ckuusr.c:5538:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tt_idlesnd_str,pv[CONN_IS].sval); /* safe */
data/ckermit-305~alpha02/ckuusr.c:5722:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(fspec,s);		/* safe */
data/ckermit-305~alpha02/ckuusr.c:5782:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s,line);		/* safe */
data/ckermit-305~alpha02/ckuusr.c:5791:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(s,cmarg2);	/* safe */
data/ckermit-305~alpha02/ckuusr.c:6928:4:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	  sprintf(tmpbuf,editopts,editfile);
data/ckermit-305~alpha02/ckuusr.c:6930:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(tmpbuf,"%s %s",editopts,editfile);
data/ckermit-305~alpha02/ckuusr.c:6987:4:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	  sprintf(tmpbuf,browsopts,browsurl);
data/ckermit-305~alpha02/ckuusr.c:6989:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(tmpbuf,"%s %s",browsopts,browsurl);
data/ckermit-305~alpha02/ckuusr.c:7907:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf((char *)s[i],s2);	/* Print a line. */
data/ckermit-305~alpha02/ckuusr.c:8026:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf((char *)tmperrbuf,"?%s[%s]: \"%s\": %s\n",
data/ckermit-305~alpha02/ckuusr.c:8042:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf((char *)tmperrbuf,"?%s[%s]: \"%s...\": %s\n",
data/ckermit-305~alpha02/ckuusr.c:8057:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf((char *)tmperrbuf,"?%s[%s]: \"%s...\":\n Error: %s\n",
data/ckermit-305~alpha02/ckuusr.c:8068:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf((char *)tmperrbuf,"?%s[%s]: \"%s\":\n %s\n",
data/ckermit-305~alpha02/ckuusr.c:9359:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(updstr,
data/ckermit-305~alpha02/ckuusr.c:9381:4:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	  system(updstr);
data/ckermit-305~alpha02/ckuusr.c:9962:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(fspec,p);	/* safe */
data/ckermit-305~alpha02/ckuusr.c:10541:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			    sprintf(q,"_file[%s](%d)",s,cmdlvl); /* safe */
data/ckermit-305~alpha02/ckuusr.c:10542:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			    sprintf(r,"take %s",s); /* safe */
data/ckermit-305~alpha02/ckuusx.c:219:19:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
_PROTOTYP( FILE * popen, (char *, char *) );
data/ckermit-305~alpha02/ckuusx.c:2663:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dest+1,str);			/* Checked below in setgen() */
data/ckermit-305~alpha02/ckuusx.c:3514:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(sp,"%s %s %s",s1,ckfstoa(n),s2);
data/ckermit-305~alpha02/ckuusx.c:3518:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(sp," %s",ckfstoa(n));
data/ckermit-305~alpha02/ckuusx.c:3526:14:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        else sprintf(sp,"[%s]",s2);
data/ckermit-305~alpha02/ckuusx.c:3534:14:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        else sprintf(sp,"[%s] %s",s2,ckfstoa(n));
data/ckermit-305~alpha02/ckuusx.c:3543:14:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        else sprintf(sp,"%s: %s",s1,ckfstoa(n));
data/ckermit-305~alpha02/ckuusx.c:3552:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(sp,"%s%s%s",s1,((*s2 == ':') ? "" : " "),s2);
data/ckermit-305~alpha02/ckuusx.c:3561:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(sp,"%s%s%s: %s",s1,((*s2 == ':') ? "" : " "),s2,ckfstoa(n));
data/ckermit-305~alpha02/ckuusx.c:3647:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmpbuf,"%s",ckfstoa(fs));	/* Size */
data/ckermit-305~alpha02/ckuusx.c:3681:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(s,"%s\"%0.3fsec %ldcps\"",sep,fpxfsecs,cps);
data/ckermit-305~alpha02/ckuusx.c:3684:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(s,"%s\"%ldsec %ldcps\"",sep,xfsecs,cps);
data/ckermit-305~alpha02/ckuusx.c:3687:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(s,"%s\"%s\"",sep,msg);
data/ckermit-305~alpha02/ckuusx.c:4037:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(fbuf,"Size: %s, Type: ",ckfstoa(fsize)); /* SAFE (80) */
data/ckermit-305~alpha02/ckuusx.c:4211:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
          sprintf(buffer, "%c%9s%5ld%%%8ld%8ld ", CR,ckfstoa(howfar),pd,tp,ps);
data/ckermit-305~alpha02/ckuusx.c:4213:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
          sprintf(buffer, "%c%9s      %8ld%8ld ", CR,ckfstoa(howfar),tp,ps);
data/ckermit-305~alpha02/ckuusx.c:4379:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(buf,", Size: %s",ckfstoa(n));  conoll(buf);  hpos = 0;
data/ckermit-305~alpha02/ckuusx.c:5312:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(sp,"%s[%s]=%c\n",s1,s2,(CHAR) n);
data/ckermit-305~alpha02/ckuusx.c:5314:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(sp,"%s[%s]=^%c\n",s1,s2,(CHAR) ((n+64) & 0x7F));
data/ckermit-305~alpha02/ckuusx.c:5316:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(sp,"%s[%s]=~^%c\n",s1,s2,(CHAR)((n-64) & 0x7F));
data/ckermit-305~alpha02/ckuusx.c:5317:18:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            else sprintf(sp,"%s[%s]=0x%lX\n",s1,s2,(long)n);
data/ckermit-305~alpha02/ckuusx.c:5320:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(sp,"%s=%c\n",s1,(CHAR) n);
data/ckermit-305~alpha02/ckuusx.c:5322:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(sp,"%s=^%c\n",s1,(CHAR) ((n+64) & 0x7F));
data/ckermit-305~alpha02/ckuusx.c:5324:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(sp,"%s=~^%c\n",s1,(CHAR)((n-64) & 0x7F));
data/ckermit-305~alpha02/ckuusx.c:5325:18:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            else sprintf(sp,"%s=0x%lX\n",s1,(long)n);
data/ckermit-305~alpha02/ckuusx.c:5341:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(sp,"=%s\n",ckfstoa(n));
data/ckermit-305~alpha02/ckuusx.c:5477:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(sp,"%s=%s\n",s1,ckfstoa(n));
data/ckermit-305~alpha02/ckuusx.c:5489:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(sp,"%s[%s]\n",s1,s2);
data/ckermit-305~alpha02/ckuusx.c:5501:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(sp,"%s[%s]=%s\n",s1,s2,ckfstoa(n));
data/ckermit-305~alpha02/ckuusx.c:5601:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	      sprintf(tmp,
data/ckermit-305~alpha02/ckuusx.c:5607:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	      sprintf(tmp,
data/ckermit-305~alpha02/ckuusx.c:5615:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tmp,
data/ckermit-305~alpha02/ckuusx.c:5837:16:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printw printf
data/ckermit-305~alpha02/ckuusx.c:5853:16:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printw printf
data/ckermit-305~alpha02/ckuusx.c:5859:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf                           /* use of "printf" in ncurses.h */
data/ckermit-305~alpha02/ckuusx.c:5863:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf ckxprintf
data/ckermit-305~alpha02/ckuusx.c:5867:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf                           /* use of "printf" in curses.h */
data/ckermit-305~alpha02/ckuusx.c:5882:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf ckxprintf
data/ckermit-305~alpha02/ckuusx.c:6229:29:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    text_dsc.dsc$w_length = vsprintf(buf, str, ap);
data/ckermit-305~alpha02/ckuusx.c:6245:29:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    text_dsc.dsc$w_length = sprintf(buf, str, a1, a2, a3, a4, a5, a6, a7, a8);
data/ckermit-305~alpha02/ckuusx.c:7026:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf( &xferstr[strlen(xferstr)], /* safe */
data/ckermit-305~alpha02/ckuusx.c:7032:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf( &xferstr[strlen(xferstr)], /* safe */
data/ckermit-305~alpha02/ckuusx.c:7391:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(buf,"%s (SECURE)",xname);
data/ckermit-305~alpha02/ckuusx.c:8245:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf( errbuf, "Refused, %s", s ) ;
data/ckermit-305~alpha02/ckuusx.c:8318:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(msgbuf,
data/ckermit-305~alpha02/ckuusx.c:8609:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(buf,"%s (SECURE)",xname);
data/ckermit-305~alpha02/ckuusx.c:8733:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                        sprintf(msgbuf,"Network Host: %s (%s)",
data/ckermit-305~alpha02/ckuusx.c:8744:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                        sprintf(msgbuf,
data/ckermit-305~alpha02/ckuusx.c:9012:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf( errbuf, "File skipped, (%s)", skreason[n] ) ;
data/ckermit-305~alpha02/ckuusx.c:9035:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf( errbuf, "Refused, %s", s ) ;
data/ckermit-305~alpha02/ckuusx.c:9066:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
              sprintf(msgbuf,
data/ckermit-305~alpha02/ckuusx.c:9230:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(dbdir,p);		/* safe */
data/ckermit-305~alpha02/ckuusx.c:9259:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(dbfile,"%s%s%s",dbdir,s,IK_DBASEFIL);
data/ckermit-305~alpha02/ckuusx.c:9527:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmplck,"%s%08lx.%lx",dbdir,myip,mypid);
data/ckermit-305~alpha02/ckuusx.c:9544:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(lcknam,"%s%s",dbdir,IK_LOCKFILE); /* Build lockfile name */
data/ckermit-305~alpha02/ckuusy.c:970:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(&p[1],path);      /* safe */
data/ckermit-305~alpha02/ckwart.c:54:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef printf
data/ckermit-305~alpha02/ckwart.c:55:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/ckermit-305~alpha02/ckwart.c:57:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef fprintf
data/ckermit-305~alpha02/ckwart.c:58:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/ckermit-305~alpha02/ckwart.c:64:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef printf
data/ckermit-305~alpha02/ckwart.c:65:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/ckermit-305~alpha02/ckwart.c:67:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef fprintf
data/ckermit-305~alpha02/ckwart.c:68:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/ckermit-305~alpha02/ckwart.c:74:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef printf
data/ckermit-305~alpha02/ckwart.c:75:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/ckermit-305~alpha02/ckwart.c:77:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#ifdef fprintf
data/ckermit-305~alpha02/ckwart.c:78:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef fprintf
data/ckermit-305~alpha02/ckwart.c:686:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(new,s);
data/ckermit-305~alpha02/ck_ssl.c:1555:13:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            srand((unsigned int)t);
data/ckermit-305~alpha02/ck_ssl.c:1750:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        defdir = getenv("SSL_CERT_DIR");
data/ckermit-305~alpha02/ck_ssl.c:2180:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if (p = getenv("SSL_CIPHER")) {
data/ckermit-305~alpha02/ck_ssl.c:2476:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if (p = getenv("SSL_CIPHER")) {
data/ckermit-305~alpha02/ckcdeb.h:6031:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
_PROTOTYP( char * getenv, (char *) );
data/ckermit-305~alpha02/ckcfns.c:4159:8:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
		char tmpnam[CKMAXPATH+16];
data/ckermit-305~alpha02/ckcfns.c:4164:19:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
		    s = (char *)tmpnam;
data/ckermit-305~alpha02/ckcfns.c:4166:19:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
		    s = (char *)tmpnam;
data/ckermit-305~alpha02/ckcftp.c:10432:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if (p = getenv("SSL_CIPHER")) {
data/ckermit-305~alpha02/ckcftp.c:15489:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            p = getenv("K95TMP");
data/ckermit-305~alpha02/ckcftp.c:15491:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            p = getenv("K2TMP");
data/ckermit-305~alpha02/ckcftp.c:15495:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
              p = getenv("CK_TMP");
data/ckermit-305~alpha02/ckcftp.c:15497:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
              p = getenv("TMPDIR");
data/ckermit-305~alpha02/ckcftp.c:15498:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if (!p) p = getenv("TEMP");
data/ckermit-305~alpha02/ckcftp.c:15499:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if (!p) p = getenv("TMP");
data/ckermit-305~alpha02/ckcftp.c:16640:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    hdir = getenv("HOME");
data/ckermit-305~alpha02/ckcmai.c:3251:9:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srand((unsigned int)c);
data/ckermit-305~alpha02/ckcmai.c:3632:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *s = getenv("K_NOLOCALE");	/* environment variable */
data/ckermit-305~alpha02/ckcnet.c:7252:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char * user = getenv("USER");
data/ckermit-305~alpha02/ckcnet.c:7297:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            char *p = getenv("TERM");
data/ckermit-305~alpha02/ckcnet.c:13842:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("DISPLAY");
data/ckermit-305~alpha02/ckcnet.c:13984:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("DISPLAY");
data/ckermit-305~alpha02/ckctel.c:1433:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        display = getenv("DISPLAY");
data/ckermit-305~alpha02/ckctel.c:1980:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand((unsigned int)c);
data/ckermit-305~alpha02/ckctel.c:5430:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                  p = (CHAR *) getenv("TERM");
data/ckermit-305~alpha02/ckctel.c:6282:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        ttn = getenv("TERM");           /* get it from the environment. */
data/ckermit-305~alpha02/ckuath.c:5240:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *getenv();
data/ckermit-305~alpha02/ckuath.c:6616:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        ptr = getenv("SRP_ETC");
data/ckermit-305~alpha02/ckuath.c:6618:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            ptr = getenv("ETC");
data/ckermit-305~alpha02/ckuath.c:10922:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    p = getenv("KRB5CCNAME");
data/ckermit-305~alpha02/ckuath.c:11722:17:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define SRAND   srand
data/ckermit-305~alpha02/ckuath.c:12733:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (name = getenv ("XAUTHORITY"))
data/ckermit-305~alpha02/ckucmd.c:2177:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				    p = getenv(atmbuf);
data/ckermit-305~alpha02/ckudia.c:4818:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    makestr(&p,getenv("K_DIAL_DIRECTORY"));
data/ckermit-305~alpha02/ckudia.c:4830:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    xmakestr(&diallcc,getenv("K_COUNTRYCODE")); /* My country code */
data/ckermit-305~alpha02/ckudia.c:4831:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    xmakestr(&dialixp,getenv("K_LD_PREFIX"));   /* My long-distance prefix */
data/ckermit-305~alpha02/ckudia.c:4832:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    xmakestr(&dialldp,getenv("K_INTL_PREFIX")); /* My international prefix */
data/ckermit-305~alpha02/ckudia.c:4833:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    xmakestr(&dialldp,getenv("K_TF_PREFIX"));   /* Ny Toll-free prefix */
data/ckermit-305~alpha02/ckudia.c:4836:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    p = getenv("K_DIAL_METHOD");	/* Local dial method */
data/ckermit-305~alpha02/ckudia.c:4854:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    xmakestr(&p,getenv("K_TF_AREACODE")); /* Toll-free areacodes */
data/ckermit-305~alpha02/ckudia.c:4926:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    xmakestr(&diallac,getenv("K_AREACODE"));
data/ckermit-305~alpha02/ckudia.c:4927:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    xmakestr(&dialpxo,getenv("K_PBX_OCP"));
data/ckermit-305~alpha02/ckudia.c:4928:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    xmakestr(&dialpxi,getenv("K_PBX_ICP"));
data/ckermit-305~alpha02/ckudia.c:4929:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    p = getenv("K_PBX_XCH");
data/ckermit-305~alpha02/ckufio.c:2978:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((namechars = getenv("NAMECHARS")) != NULL) {
data/ckermit-305~alpha02/ckufio.c:3132:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    home = getenv("home");
data/ckermit-305~alpha02/ckufio.c:3134:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    home = getenv("HOME");
data/ckermit-305~alpha02/ckufio.c:3181:18:  [3] (buffer) getwd:
  This does not protect against buffer overflows by itself, so use with
  caution (CWE-120, CWE-20). Use getcwd instead.
    extern char *getwd();
data/ckermit-305~alpha02/ckufio.c:3182:9:  [3] (buffer) getwd:
  This does not protect against buffer overflows by itself, so use with
  caution (CWE-120, CWE-20). Use getcwd instead.
    s = getwd(buf);
data/ckermit-305~alpha02/ckufio.c:3230:18:  [3] (buffer) getwd:
  This does not protect against buffer overflows by itself, so use with
  caution (CWE-120, CWE-20). Use getcwd instead.
    extern char *getwd();
data/ckermit-305~alpha02/ckufio.c:3232:9:  [3] (buffer) getwd:
  This does not protect against buffer overflows by itself, so use with
  caution (CWE-120, CWE-20). Use getcwd instead.
    s = getwd(buf);
data/ckermit-305~alpha02/ckufio.c:3372:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if ((shpath = getenv("SERVERSHELL")) == NULL)
data/ckermit-305~alpha02/ckufio.c:3375:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        shpath = getenv("SHELL");       /* What shell? */
data/ckermit-305~alpha02/ckufio.c:4967:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((tz = getenv("TZ")) == NULL)
data/ckermit-305~alpha02/ckufio.c:5989:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((namechars = getenv("NAMECHARS")) != NULL) {
data/ckermit-305~alpha02/ckufio.c:6759:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((c = getenv(NAMEENV)) != NULL) { /* check the env variable */
data/ckermit-305~alpha02/ckufio.c:6991:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if ((shpath = getenv("SHELL")) == NULL) shpath = "/com/sh";
data/ckermit-305~alpha02/ckufio.c:7017:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        shpath = getenv("SHELL");       /* What shell? */
data/ckermit-305~alpha02/ckufio.c:7490:10:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
    if (!realpath(s,zfntmp)) {
data/ckermit-305~alpha02/ckufio.c:8437:13:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
        if (chroot(dir) < 0) {
data/ckermit-305~alpha02/ckutio.c:1673:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    p = getenv("LINES");
data/ckermit-305~alpha02/ckutio.c:1678:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    p = getenv("COLUMNS");
data/ckermit-305~alpha02/ckutio.c:2250:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            p = getenv("USER");
data/ckermit-305~alpha02/ckutio.c:2254:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                p = getenv("LOGNAME");
data/ckermit-305~alpha02/ckutio.c:2271:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((p = getenv("JOB"))) ckstrncpy(tn_env_job,p,63);
data/ckermit-305~alpha02/ckutio.c:2272:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((p = getenv("ACCT"))) ckstrncpy(tn_env_acct,p,63);
data/ckermit-305~alpha02/ckutio.c:2273:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((p = getenv("PRINTER"))) ckstrncpy(tn_env_prnt,p,63);
data/ckermit-305~alpha02/ckutio.c:2274:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((p = getenv("DISPLAY"))) ckstrncpy(tn_env_disp,p,63);
data/ckermit-305~alpha02/ckutio.c:2291:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (p = getenv("LOCATION"))
data/ckermit-305~alpha02/ckutio.c:5090:10:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    char tmpnam[LFNAML+30];		/* Temporary lockfile name. */
data/ckermit-305~alpha02/ckutio.c:5263:13:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    sprintf(tmpnam,"%s/LTMP.%05d",lockdir,(int) pid); /* safe */
data/ckermit-305~alpha02/ckutio.c:5265:32:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    debug(F110,"ttlock tmpnam",tmpnam,0);
data/ckermit-305~alpha02/ckutio.c:5268:20:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    lockfd = creat(tmpnam, 0444);	/* Try to create temp lock file. */
data/ckermit-305~alpha02/ckutio.c:5270:35:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
	debug(F111,"ttlock creat failed",tmpnam,errno);
data/ckermit-305~alpha02/ckutio.c:5277:13:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
	    unlink(tmpnam);		/* Get rid of the temporary file. */
data/ckermit-305~alpha02/ckutio.c:5316:11:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    chmod(tmpnam,0444);			/* Permission for a valid lock. */
data/ckermit-305~alpha02/ckutio.c:5320:22:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
        dummy = link(tmpnam,flfnam);    /* Create a link to it. */
data/ckermit-305~alpha02/ckutio.c:5369:10:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
		unlink(tmpnam);		/* Delete the tempfile */
data/ckermit-305~alpha02/ckutio.c:5377:12:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    unlink(tmpnam);			/* Unlink (remove) the temp file. */
data/ckermit-305~alpha02/ckutio.c:5424:10:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    char tmpnam[LFNAML];		/* Temporary lockfile name. */
data/ckermit-305~alpha02/ckutio.c:5529:15:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
      sprintf(tmpnam,"%s/LTMP.%05d",lockdir,(int) pid); /* Make temp name */
data/ckermit-305~alpha02/ckutio.c:5534:29:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
	debug(F110,"TTLOCK tmpnam",tmpnam,0);
data/ckermit-305~alpha02/ckutio.c:5544:20:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    lockfd = creat(tmpnam, 0444);	/* Try to create temporary file. */
data/ckermit-305~alpha02/ckutio.c:5546:35:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
	debug(F111,"TTLOCK creat failed",tmpnam,errno);
data/ckermit-305~alpha02/ckutio.c:5553:13:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
	    unlink(tmpnam);		/* Get rid of the temporary file. */
data/ckermit-305~alpha02/ckutio.c:5559:33:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    debug(F110,"TTLOCK temp ok",tmpnam,0);
data/ckermit-305~alpha02/ckutio.c:5579:11:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    chmod(tmpnam,0444);
data/ckermit-305~alpha02/ckutio.c:5583:18:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
	haslock = (link(tmpnam,flfnam) == 0); /* Create a link to it. */
data/ckermit-305~alpha02/ckutio.c:5627:12:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    unlink(tmpnam);			/* Unlink (remove) the temp file. */
data/ckermit-305~alpha02/ckutio.c:11745:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *cp = getenv("HZ");
data/ckermit-305~alpha02/ckuus3.c:2233:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            env = getenv("K95PHONES");
data/ckermit-305~alpha02/ckuus3.c:2237:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            env = getenv("K2PHONES");
data/ckermit-305~alpha02/ckuus3.c:2240:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
              env = getenv("K95PHONES");
data/ckermit-305~alpha02/ckuus3.c:9487:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	      char * p = getenv("SOCKS_SERVER");
data/ckermit-305~alpha02/ckuus3.c:9554:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            char * p = getenv("SOCKS_NS");
data/ckermit-305~alpha02/ckuus3.c:10505:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                  env = getenv(uvar);
data/ckermit-305~alpha02/ckuus3.c:12240:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            char *p = getenv("PATH");
data/ckermit-305~alpha02/ckuus3.c:12242:47:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            e = editor[0] ? (char *) editor : getenv("EDITOR");
data/ckermit-305~alpha02/ckuus3.c:12304:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            char *p = getenv("PATH");
data/ckermit-305~alpha02/ckuus3.c:13051:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                      d= getenv("SSL_CERT_DIR");
data/ckermit-305~alpha02/ckuus3.c:13144:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                      char * p = getenv("SSL_CIPHER");
data/ckermit-305~alpha02/ckuus4.c:1310:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    scriptenv = getenv("K95SCRIPTS");
data/ckermit-305~alpha02/ckuus4.c:1311:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    keymapenv = getenv("K95KEYMAPS");
data/ckermit-305~alpha02/ckuus4.c:1315:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    scriptenv = getenv("K2SCRIPTS");
data/ckermit-305~alpha02/ckuus4.c:1316:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    keymapenv = getenv("K2KEYMAPS");
data/ckermit-305~alpha02/ckuus4.c:1319:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      scriptenv = getenv("CK_SCRIPTS");
data/ckermit-305~alpha02/ckuus4.c:1323:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      keymapenv = getenv("CK_KEYMAPS");
data/ckermit-305~alpha02/ckuus4.c:1466:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        p = getenv("PATH");             /* Search the PATH */
data/ckermit-305~alpha02/ckuus4.c:1552:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    yp = getenv("K95STARTFLAGS");
data/ckermit-305~alpha02/ckuus4.c:1852:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                      p = getenv("PRAGMASYS_INETD_SOCK");
data/ckermit-305~alpha02/ckuus4.c:5073:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        p = getenv("TERM");
data/ckermit-305~alpha02/ckuus4.c:13338:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        p = getenv("HOSTTYPE");		/* 20091116 */
data/ckermit-305~alpha02/ckuus4.c:13581:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        p = getenv("TERM");
data/ckermit-305~alpha02/ckuus4.c:13885:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            p = getenv("K95TMP");
data/ckermit-305~alpha02/ckuus4.c:13887:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            p = getenv("K2TMP");
data/ckermit-305~alpha02/ckuus4.c:13891:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
              p = getenv("CK_TMP");
data/ckermit-305~alpha02/ckuus4.c:13892:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if (!p) p = getenv("TMPDIR");
data/ckermit-305~alpha02/ckuus4.c:13893:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if (!p) p = getenv("TEMP");
data/ckermit-305~alpha02/ckuus4.c:13894:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if (!p) p = getenv("TMP");
data/ckermit-305~alpha02/ckuus4.c:14178:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                ss = getenv("EDITOR");
data/ckermit-305~alpha02/ckuus4.c:14221:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
              s = getenv("BROWSER");
data/ckermit-305~alpha02/ckuus4.c:15689:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                vp = getenv(vnambuf);   /* This way for environment variable */
data/ckermit-305~alpha02/ckuus5.c:1118:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    p = getenv("K_CHARSET");            /* Set default file character set */
data/ckermit-305~alpha02/ckuus5.c:1126:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    p = getenv("K_INFO_DIRECTORY");     /* Find Kermit info directory */
data/ckermit-305~alpha02/ckuus5.c:1130:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        p = getenv("K_INFO_DIR");
data/ckermit-305~alpha02/ckuus5.c:1570:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        env = getenv("K95.KSC");
data/ckermit-305~alpha02/ckuus5.c:1572:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        env = getenv("K2.KSC");
data/ckermit-305~alpha02/ckuus5.c:1576:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            env = getenv("K95.INI");
data/ckermit-305~alpha02/ckuus5.c:1578:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            env = getenv("K2.INI");
data/ckermit-305~alpha02/ckuus5.c:1582:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
          env = getenv("CKERMIT.INI");
data/ckermit-305~alpha02/ckuus5.c:1584:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
          env = getenv("CKERMIT_INI");
data/ckermit-305~alpha02/ckuus5.c:1727:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
              env = getenv("CKERMIT.INI");
data/ckermit-305~alpha02/ckuus5.c:1729:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                env = getenv("CKERMIT_INI");
data/ckermit-305~alpha02/ckuus5.c:6168:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    s = getenv("TERM");
data/ckermit-305~alpha02/ckuus5.c:7765:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            s = getenv("EDITOR");
data/ckermit-305~alpha02/ckuus5.c:7779:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            s = getenv("BROWSER");
data/ckermit-305~alpha02/ckuus5.c:8113:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  s = getenv("CDPATH");
data/ckermit-305~alpha02/ckuus5.c:8245:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	printf("  LANG=\"%s\"\n",getenv("LANG"));
data/ckermit-305~alpha02/ckuus5.c:10008:43:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                    ckcdpath ? ckcdpath : getenv("CDPATH"),
data/ckermit-305~alpha02/ckuus5.c:10030:43:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                    ckcdpath ? ckcdpath : getenv("CDPATH"),
data/ckermit-305~alpha02/ckuus6.c:6694:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!(dc = getenv("CK_DIR")))
data/ckermit-305~alpha02/ckuus7.c:3126:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        s = getenv("TERM");
data/ckermit-305~alpha02/ckuus7.c:8494:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    makestr(&p,getenv("K_NET_DIRECTORY")); /* Dialing directories */
data/ckermit-305~alpha02/ckuusr.c:6866:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	s = getenv("EDITOR");
data/ckermit-305~alpha02/ckuusr.c:6962:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	s = getenv("BROWSER");
data/ckermit-305~alpha02/ckuusr.c:10389:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	scriptenv = getenv("K95SCRIPTS");
data/ckermit-305~alpha02/ckuusr.c:10390:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	keymapenv = getenv("K95KEYMAPS");
data/ckermit-305~alpha02/ckuusr.c:10394:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	scriptenv = getenv("K2SCRIPTS");
data/ckermit-305~alpha02/ckuusr.c:10395:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	keymapenv = getenv("K2KEYMAPS");
data/ckermit-305~alpha02/ckuusr.c:10400:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  scriptenv = getenv("CK_SCRIPTS"); /* Use this if defined */
data/ckermit-305~alpha02/ckuusr.c:10412:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  keymapenv = getenv("CK_KEYMAPS");
data/ckermit-305~alpha02/ckuusr.c:12710:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (!(wc = getenv("CK_WHO"))) wc = WHOCMD;
data/ckermit-305~alpha02/ckuusx.c:2873:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("CK_NOPUSH")) {          /* No shell access allowed */
data/ckermit-305~alpha02/ckuusx.c:2929:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    g = getenv("SYS$NODE");
data/ckermit-305~alpha02/ckuusx.c:2963:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        g = getenv("HOST");             /* try this */
data/ckermit-305~alpha02/ckuusx.c:5983:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        s = getenv("TERM");
data/ckermit-305~alpha02/ckuusx.c:7144:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	s = getenv("LINES");
data/ckermit-305~alpha02/ckuusx.c:7151:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	s = getenv("COLUMNS");
data/ckermit-305~alpha02/ckuusx.c:7186:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        s = getenv("TERM");
data/ckermit-305~alpha02/ckuusx.c:9223:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            p = getenv("SystemRoot");
data/ckermit-305~alpha02/ckuusx.c:9225:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            p = getenv("winbootdir");
data/ckermit-305~alpha02/ckuusx.c:9226:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if (!p)  p = getenv("windir");
data/ckermit-305~alpha02/ckuusy.c:3482:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	      p = getenv("PRAGMASYS_INETD_SOCK");
data/ckermit-305~alpha02/ck_crp.c:182:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char myprtfstr[4096];
data/ckermit-305~alpha02/ck_crp.c:275:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tn_msg[TN_MSG_LEN], hexbuf[TN_MSG_LEN];   /* from ckcnet.c */
data/ckermit-305~alpha02/ck_crp.c:501:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dbgbuf [16384];
data/ckermit-305~alpha02/ck_crp.c:744:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPTION,
data/ckermit-305~alpha02/ck_crp.c:747:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPTION };
data/ckermit-305~alpha02/ck_crp.c:916:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char keyid[MAXKEYLEN];
data/ckermit-305~alpha02/ck_crp.c:1248:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(dbgbuf, ">>>encrypt_reply returned %d\n", ret); /* safe */
data/ckermit-305~alpha02/ck_crp.c:1309:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[1024];
data/ckermit-305~alpha02/ck_crp.c:1376:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(dbgbuf, ">>>Input is back to clear text");      /* safe */
data/ckermit-305~alpha02/ck_crp.c:1381:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(dbgbuf, "Input is now clear text");             /* safe */
data/ckermit-305~alpha02/ck_crp.c:1420:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char str_keyid[(MAXKEYLEN*2)+5] = {
data/ckermit-305~alpha02/ck_crp.c:1476:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(kp->keyid, keyid, len);          /* length < MAXKEYLEN */
data/ckermit-305~alpha02/ck_crp.c:1510:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(kp->keyid, keyid, keylen);
data/ckermit-305~alpha02/ck_crp.c:1708:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(dbgbuf, ">>>Output is back to clear text");     /* safe */
data/ckermit-305~alpha02/ck_crp.c:1713:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(dbgbuf, "Output is now clear text");            /* safe */
data/ckermit-305~alpha02/ck_crp.c:1764:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(dbgbuf, ">>>Request input to be encrypted\n");  /* safe */
data/ckermit-305~alpha02/ck_crp.c:1804:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(dbgbuf, ">>>Request input to be clear text\n"); /* safe */
data/ckermit-305~alpha02/ck_crp.c:1896:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char       str_keybytes[8];
data/ckermit-305~alpha02/ck_crp.c:1911:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char fb_feed[64];
data/ckermit-305~alpha02/ck_crp.c:1939:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char fb_feed[64];
data/ckermit-305~alpha02/ck_crp.c:2413:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf((char *)buf,"Can't set DES session key (%d < %d)",
data/ckermit-305~alpha02/ck_crp.c:2426:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->keybytes,
data/ckermit-305~alpha02/ck_crp.c:2432:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)fbp->krbdes_key, (void *)key->data, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:2445:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key,
data/ckermit-305~alpha02/ck_crp.c:2451:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)fbp->krbdes_key, (void *)key->data, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:2543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lbuf[64];
data/ckermit-305~alpha02/ck_crp.c:2577:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(lbuf, " %d (unknown)", data[2]);
data/ckermit-305~alpha02/ck_crp.c:2583:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(lbuf, " %d", data[i]);
data/ckermit-305~alpha02/ck_crp.c:2615:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stp->str_iv,     seed, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:2616:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stp->str_output, seed, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:2651:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stp->str_keybytes, key, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:2659:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stp->str_ikey, key, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:2682:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stp->str_output, stp->str_iv, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:2726:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(stp->str_feed,b,sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:2764:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(stp->str_feed, b, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:2810:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(stp->str_feed,b,sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:2845:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(stp->str_feed, b, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3243:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf((char *)buf,"Can't set 3DES session key (%d < %d)",
data/ckermit-305~alpha02/ck_crp.c:3257:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)fbp->krbdes_key[0], (void *)key->data, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3258:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[1],(void *)(key->data + sizeof(Block)),
data/ckermit-305~alpha02/ck_crp.c:3260:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)fbp->krbdes_key[2], (void *)key->data, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3264:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)fbp->krbdes_key[0], (void *)key->data, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3265:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[1],(void *)(key->data + sizeof(Block)),
data/ckermit-305~alpha02/ck_crp.c:3267:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[2],
data/ckermit-305~alpha02/ck_crp.c:3289:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[0],(void *)(key->data + sizeof(Block)),
data/ckermit-305~alpha02/ck_crp.c:3291:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)fbp->krbdes_key[1], (void *)key->data, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3292:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[2],(void *)(key->data + sizeof(Block)),
data/ckermit-305~alpha02/ck_crp.c:3296:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[0],(void *)(key->data + sizeof(Block)),
data/ckermit-305~alpha02/ck_crp.c:3298:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[1],
data/ckermit-305~alpha02/ck_crp.c:3300:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)fbp->krbdes_key[2], (void *)key->data, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3303:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[0],(void *)(key->data + sizeof(Block)),
data/ckermit-305~alpha02/ck_crp.c:3305:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[1],
data/ckermit-305~alpha02/ck_crp.c:3307:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)fbp->krbdes_key[2], (void *)key->data, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3310:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[0],(void *)(key->data + sizeof(Block)),
data/ckermit-305~alpha02/ck_crp.c:3312:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[1],
data/ckermit-305~alpha02/ck_crp.c:3314:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)fbp->krbdes_key[2],
data/ckermit-305~alpha02/ck_crp.c:3318:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[0],
data/ckermit-305~alpha02/ck_crp.c:3320:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)fbp->krbdes_key[1],
data/ckermit-305~alpha02/ck_crp.c:3322:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *) fbp->krbdes_key[2],
data/ckermit-305~alpha02/ck_crp.c:3412:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lbuf[64];
data/ckermit-305~alpha02/ck_crp.c:3446:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(lbuf, " %d (unknown)", data[2]);
data/ckermit-305~alpha02/ck_crp.c:3452:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(lbuf, " %d", data[i]);
data/ckermit-305~alpha02/ck_crp.c:3484:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stp->str_iv,     seed, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3485:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stp->str_output, seed, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3518:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(stp->str_ikey[i], key[i], sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3541:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stp->str_output, stp->str_iv, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3593:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(stp->str_feed,b,sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3637:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(stp->str_feed, b, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3693:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(stp->str_feed,b,sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3734:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(stp->str_feed, b, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:3898:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char fb_feed[64];
data/ckermit-305~alpha02/ck_crp.c:4333:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf((char *)buf,"Can't set CAST session key (%d < %d)",
data/ckermit-305~alpha02/ck_crp.c:4358:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(fbp->temp_feed, key->data + 2 * klen, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:4446:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lbuf[64];
data/ckermit-305~alpha02/ck_crp.c:4470:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(lbuf, " %d (unknown)", data[2]);
data/ckermit-305~alpha02/ck_crp.c:4476:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(lbuf, " %d", data[i]);
data/ckermit-305~alpha02/ck_crp.c:4505:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)stp->str_iv, (void *)seed, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:4506:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)stp->str_output, (void *)seed, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:4524:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:4581:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((void *)stp->str_feed, (void *)b, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:4631:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)stp->str_feed, (void *)b, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:4691:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((void *)stp->str_feed, (void *)b, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:4738:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)stp->str_feed, (void *)b, sizeof(Block));
data/ckermit-305~alpha02/ck_crp.c:5440:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, key, sz);
data/ckermit-305~alpha02/ck_crp.c:5618:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(cp, str, len);
data/ckermit-305~alpha02/ck_ssl.c:133:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ssl_err[SSL_ERR_BFSZ]="";
data/ckermit-305~alpha02/ck_ssl.c:344:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char subject[256]="", issuer[256]="";
data/ckermit-305~alpha02/ck_ssl.c:425:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char prefix[1024];
data/ckermit-305~alpha02/ck_ssl.c:1095:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512]="";
data/ckermit-305~alpha02/ck_ssl.c:1515:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[256]="";
data/ckermit-305~alpha02/ck_ssl.c:1516:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char randombytes[256];
data/ckermit-305~alpha02/ck_ssl.c:1556:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buffer, "%.0f", (((double)(rand()%RAND_MAX)/RAND_MAX)*
data/ckermit-305~alpha02/ck_ssl.c:1558:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            n = (atoi(buffer)+1)%(sizeof(randombytes)-128-1);
data/ckermit-305~alpha02/ck_ssl.c:1746:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cert_filepath[1024];
data/ckermit-305~alpha02/ck_ssl.c:1884:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[CKMAXPATH];
data/ckermit-305~alpha02/ck_ssl.c:1938:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[CKMAXPATH];
data/ckermit-305~alpha02/ck_ssl.c:2004:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[CKMAXPATH];
data/ckermit-305~alpha02/ck_ssl.c:2267:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[CKMAXPATH];
data/ckermit-305~alpha02/ck_ssl.c:2314:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[CKMAXPATH];
data/ckermit-305~alpha02/ck_ssl.c:2360:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[CKMAXPATH];
data/ckermit-305~alpha02/ck_ssl.c:2527:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(dns, gen->d.ia5->data, gen->d.ia5->length);
data/ckermit-305~alpha02/ck_ssl.c:2543:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char name[256];
data/ckermit-305~alpha02/ck_ssl.c:2573:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char name[256];
data/ckermit-305~alpha02/ck_ssl.c:2593:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char name[256];
data/ckermit-305~alpha02/ck_ssl.c:2791:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char cn[256];
data/ckermit-305~alpha02/ck_ssl.c:2819:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char *objs[NUM_SAN_OBJS];
data/ckermit-305~alpha02/ck_ssl.c:2852:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(objs[j], gen->d.ia5->data, gen->d.ia5->length);
data/ckermit-305~alpha02/ck_ssl.c:2930:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefix[1024];
data/ckermit-305~alpha02/ck_ssl.c:2971:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char b[4];
data/ckermit-305~alpha02/ck_ssl.c:2976:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        dummy.b[0] = atoi(q->a_head[1]);
data/ckermit-305~alpha02/ck_ssl.c:2977:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        dummy.b[1] = atoi(q->a_head[2]);
data/ckermit-305~alpha02/ck_ssl.c:2978:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        dummy.b[2] = atoi(q->a_head[3]);
data/ckermit-305~alpha02/ck_ssl.c:2979:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        dummy.b[3] = atoi(q->a_head[4]);
data/ckermit-305~alpha02/ck_ssl.c:3089:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            if (!dNSName_cmp(hostname,(char *)dNSName[i]))
data/ckermit-305~alpha02/ck_ssl.c:3093:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				   (char *)((dNSName[i - 1] == NULL) ? 
data/ckermit-305~alpha02/ck_ssl.c:3094:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			           (char *)"UNKNOWN" : (char *)dNSName[i - 1]))
data/ckermit-305~alpha02/ck_ssl.c:3136:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/ckermit-305~alpha02/ck_ssl.c:3180:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/ckermit-305~alpha02/ck_ssl.c:3395:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char errbuf[1024];
data/ckermit-305~alpha02/ck_ssl.c:3475:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[256], *uid=NULL;
data/ckermit-305~alpha02/ck_ssl.c:3509:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char errbuf[1024];
data/ckermit-305~alpha02/ck_ssl.c:3690:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char prmpt[1024];
data/ckermit-305~alpha02/ck_ssl.c:3731:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char msg[32];
data/ckermit-305~alpha02/ck_ssl.c:3739:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        sprintf(hexbuf,"%02X ",msg[i]);
data/ckermit-305~alpha02/ck_ssl.c:3748:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        sprintf(hexbuf,"%02X ",msg[i]);
data/ckermit-305~alpha02/ck_ssl.c:3801:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char errbuf[1024];
data/ckermit-305~alpha02/ck_ssl.c:3835:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char errbuf[1024];
data/ckermit-305~alpha02/ck_ssl.c:3860:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char str[256], *uid=NULL;
data/ckermit-305~alpha02/ck_ssl.c:3968:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char errbuf[1024];
data/ckermit-305~alpha02/ck_ssl.c:4003:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char prmpt[1024];
data/ckermit-305~alpha02/ck_ssl.c:4050:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char errbuf[1024];
data/ckermit-305~alpha02/ck_ssl.c:4081:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char prmpt[1024];
data/ckermit-305~alpha02/ck_ssl.c:4145:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char errbuf[1024];
data/ckermit-305~alpha02/ck_ssl.c:4178:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char prmpt[1024];
data/ckermit-305~alpha02/ck_ssl.c:4235:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[CKMAXPATH];
data/ckermit-305~alpha02/ck_ssl.c:4236:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hash[16];
data/ckermit-305~alpha02/ck_ssl.c:4243:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(hash,"%08lx",X509_subject_name_hash(cert));
data/ckermit-305~alpha02/ck_ssl.c:4316:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char email[256];
data/ckermit-305~alpha02/ck_ssl.c:4345:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(email, gen->d.ia5->data, gen->d.ia5->length);
data/ckermit-305~alpha02/ck_ssl.c:4405:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/ckermit-305~alpha02/ck_ssl.c:4422:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(fp = fopen(buf, "r")))
data/ckermit-305~alpha02/ckcdeb.h:1652:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define fopen mac_fopen
data/ckermit-305~alpha02/ckcdeb.h:3574:23:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define FD_COPY(f,t) (bcopy(f,t,sizeof(*(f)))
data/ckermit-305~alpha02/ckcdeb.h:6032:17:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
_PROTOTYP( long atol, (char *) );
data/ckermit-305~alpha02/ckcdeb.h:6410:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define memcpy(a,b,c) ckmemcpy((a),(b),(c))
data/ckermit-305~alpha02/ckcdeb.h:6414:18:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
_PROTOTYP( void *memcpy, (void *, const void *, size_t));
data/ckermit-305~alpha02/ckcfn2.c:583:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char foo[256];
data/ckermit-305~alpha02/ckcfn2.c:829:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char foo[256];
data/ckermit-305~alpha02/ckcfn2.c:1964:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf((char *)epktmsg,
data/ckermit-305~alpha02/ckcfn2.c:2265:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[16];
data/ckermit-305~alpha02/ckcfn2.c:2280:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"Ox%d",oopts);	/* safe */
data/ckermit-305~alpha02/ckcfn2.c:2302:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"Mx%d",omode);	/* safe */
data/ckermit-305~alpha02/ckcfn2.c:2668:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[100];			/* Longest S/I packet is about 30 */
data/ckermit-305~alpha02/ckcfn2.c:3172:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char plog[20];
data/ckermit-305~alpha02/ckcfn2.c:3176:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(plog,"%c-xx-%02d-",c,(gtimer()%60)); /* safe */
data/ckermit-305~alpha02/ckcfn2.c:3178:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(plog,"%c-%02d-%02d-",c,n,(gtimer()%60)); /* safe */
data/ckermit-305~alpha02/ckcfn3.c:42:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ckmkdbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfn3.c:45:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ckmkdbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfn3.c:53:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfn3.c:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf2[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfn3.c:238:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char optbuf[OPTBUFLEN];			/* Options for MAIL or REMOTE PRINT */
data/ckermit-305~alpha02/ckcfn3.c:320:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char xbuf[200];				/* For debug logging */
data/ckermit-305~alpha02/ckcfn3.c:326:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bigsbt[8];				/* Protection (shouldn't need this). */
data/ckermit-305~alpha02/ckcfn3.c:329:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char bigrbt[8];				/* Safety padding */
data/ckermit-305~alpha02/ckcfn3.c:863:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    x = (int)strlen((char *) s_pkt[j].pk_adr);
data/ckermit-305~alpha02/ckcfn3.c:868:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	      sprintf(xbuf,"[(empty string)]\n"); /* safe (200) */
data/ckermit-305~alpha02/ckcfn3.c:870:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(xbuf,"[(null pointer)]\n");	/* safe (200) */
data/ckermit-305~alpha02/ckcfn3.c:877:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(xbuf,"free: %d, winlo: %d\n", sbufnum, winlo); /* safe (200) */
data/ckermit-305~alpha02/ckcfn3.c:919:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	x = (int)strlen((char *)r_pkt[j].bf_adr);
data/ckermit-305~alpha02/ckcfn3.c:927:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(xbuf,"free: %d, winlo: %d\n", rbufnum, winlo); /* safe (200) */
data/ckermit-305~alpha02/ckcfn3.c:966:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char xdate[24];
data/ckermit-305~alpha02/ckcfn3.c:1190:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf((char *) &data[i+2],"%ld",x.lengthk); /* safe */
data/ckermit-305~alpha02/ckcfn3.c:1209:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf((char *) &data[i+2],"%ld",x.length); /* safe */
data/ckermit-305~alpha02/ckcfn3.c:1253:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf((char *) &data[i+2],"%d",fblksiz); /* safe */
data/ckermit-305~alpha02/ckcfn3.c:1421:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char abuf[ABUFL+1];
data/ckermit-305~alpha02/ckcfn3.c:1423:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char rfbuf[RFBUFL+1];
data/ckermit-305~alpha02/ckcfn3.c:1425:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char ftbuf[FTBUFL+1];
data/ckermit-305~alpha02/ckcfn3.c:1427:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char dtbuf[DTBUFL+1];
data/ckermit-305~alpha02/ckcfn3.c:1429:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tsbuf[TSBUFL+1];
data/ckermit-305~alpha02/ckcfn3.c:1431:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char idbuf[IDBUFL+1];
data/ckermit-305~alpha02/ckcfn3.c:1434:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char dsbuf[DSBUFL+1];
data/ckermit-305~alpha02/ckcfn3.c:1436:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char spbuf[SPBUFL+1];
data/ckermit-305~alpha02/ckcfn3.c:1444:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char rpbuf[RPBUFL+1];
data/ckermit-305~alpha02/ckcfn3.c:1447:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char lprmbuf[CK_PERMLEN+1];
data/ckermit-305~alpha02/ckcfn3.c:1448:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char gprmbuf[2];
data/ckermit-305~alpha02/ckcfn3.c:1583:22:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      yy->blksize = atol(abuf); /* Convert to number */
data/ckermit-305~alpha02/ckcfn3.c:1891:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(abuf,"%ld",fsize);	/* safe */
data/ckermit-305~alpha02/ckcfn3.c:1914:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(rpbuf+2,"%ld",rs_len); /* Reply with length of file */
data/ckermit-305~alpha02/ckcfn3.c:2286:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char xname[CKMAXPATH];		/* convert the name */
data/ckermit-305~alpha02/ckcfn3.c:2453:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[128];
data/ckermit-305~alpha02/ckcfns.c:261:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char sndafter[19]   = { NUL, NUL };
data/ckermit-305~alpha02/ckcfns.c:262:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char sndbefore[19]  = { NUL, NUL };
data/ckermit-305~alpha02/ckcfns.c:263:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char sndnafter[19]  = { NUL, NUL };
data/ckermit-305~alpha02/ckcfns.c:264:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char sndnbefore[19] = { NUL, NUL };
data/ckermit-305~alpha02/ckcfns.c:265:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *sndexcept[NSNDEXCEPT]  = { NULL, NULL };
data/ckermit-305~alpha02/ckcfns.c:266:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *rcvexcept[NSNDEXCEPT]  = { NULL, NULL };
data/ckermit-305~alpha02/ckcfns.c:370:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cmdstr[50];			/* System command string. */
data/ckermit-305~alpha02/ckcfns.c:377:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cmdstr[CMDSTRL+1];
data/ckermit-305~alpha02/ckcfns.c:766:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char jbuf[16] = { NUL, NUL };
data/ckermit-305~alpha02/ckcfns.c:3196:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char cmargbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfns.c:3198:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *cmargp[2];
data/ckermit-305~alpha02/ckcfns.c:3377:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ofn1[CKMAXPATH+4];			/* Buffer for output file name */
data/ckermit-305~alpha02/ckcfns.c:3451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fnbuf[CKMAXPATH+1];	/* Result buffer */
data/ckermit-305~alpha02/ckcfns.c:3647:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(ofn1,"FILE%02ld",filcnt);
data/ckermit-305~alpha02/ckcfns.c:3649:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(ofn1,"FILE%02ld",filcnt);
data/ckermit-305~alpha02/ckcfns.c:3831:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char tmp[10];
data/ckermit-305~alpha02/ckcfns.c:3833:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(tmp,".~%d~",ck_znewn);
data/ckermit-305~alpha02/ckcfns.c:3871:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[10];
data/ckermit-305~alpha02/ckcfns.c:3873:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp,".~%d~",ck_znewn);
data/ckermit-305~alpha02/ckcfns.c:4133:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmpbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfns.c:4159:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmpnam[CKMAXPATH+16];
data/ckermit-305~alpha02/ckcfns.c:4213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pktnam[PKTNL+1];		/* Local copy of name */
data/ckermit-305~alpha02/ckcfns.c:4406:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		  sprintf(pktnam,"FILE%02ld",filcnt);
data/ckermit-305~alpha02/ckcfns.c:4469:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(pktnam,"FILE%02ld",filcnt);
data/ckermit-305~alpha02/ckcfns.c:4601:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmpbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfns.c:5468:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfns.c:5939:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf((char *)funcbuf," REMOTE ASSIGN      not configured\n");
data/ckermit-305~alpha02/ckcfns.c:5957:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf((char *)funcbuf," REMOTE COPY        not configured\n");
data/ckermit-305~alpha02/ckcfns.c:6012:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf((char *)funcbuf," REMOTE QUERY       not configured\n");
data/ckermit-305~alpha02/ckcfns.c:6102:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf((char *)(funcbuf+funclen),
data/ckermit-305~alpha02/ckcfns.c:6142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfns.c:6200:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[CKMAXPATH+1], dbuf[24], *p = NULL;
data/ckermit-305~alpha02/ckcfns.c:6418:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfns.c:6451:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(name, "./*");
data/ckermit-305~alpha02/ckcfns.c:6454:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(name, "*.*");
data/ckermit-305~alpha02/ckcfns.c:6578:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[257], *p = NULL;
data/ckermit-305~alpha02/ckcfns.c:6648:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcfns.c:6702:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char spctext[64];
data/ckermit-305~alpha02/ckcfns.c:6861:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    x = atoi(s);			/* Value of first field */
data/ckermit-305~alpha02/ckcfns.c:6866:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	atcapr = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6872:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	atleni = atleno = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6876:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	attypi = attypo = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6880:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	atdati = atdato = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6884:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	atblki = atblko = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6888:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	atenci = atenco = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6892:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	atdisi = atdiso = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6896:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	atsidi = atsido = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6900:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	atsysi = atsyso = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6903:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	atcapr = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6906:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	binary = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6913:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	fncnv = 1 - atoi(p);		/* (oops) */
data/ckermit-305~alpha02/ckcfns.c:6926:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	x = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6934:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	keep = atoi(p);			/* Keep, Discard, Auto */
data/ckermit-305~alpha02/ckcfns.c:6937:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	fblksiz = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6940:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	frecl = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6943:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	frecfm = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6946:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	forg = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6949:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	fcctrl = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6955:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	matchdot = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6958:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	matchfifo = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6961:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6977:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	rpsiz = urpsiz = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6983:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y = atoi(p);			/* Client is telling us */
data/ckermit-305~alpha02/ckcfns.c:6989:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:6995:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:7038:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y = atoi(p);
data/ckermit-305~alpha02/ckcfns.c:7047:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y = atoi(p);			/* 0 = automatic, nonzero = manual */
data/ckermit-305~alpha02/ckcfns.c:7054:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	y = atoi(p);			/* 0 = automatic, nonzero = manual */
data/ckermit-305~alpha02/ckcftp.c:332:25:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define FD_COPY(f, t)   bcopy(f, t, sizeof(*(f)))
data/ckermit-305~alpha02/ckcftp.c:386:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char proxyhost[HTTPCPYL];
data/ckermit-305~alpha02/ckcftp.c:690:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ftp_realm[REALM_SZ + 1];
data/ckermit-305~alpha02/ckcftp.c:921:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ftp_reply_str[FTP_BUFSIZ] = "";    /* Last line of previous reply */
data/ckermit-305~alpha02/ckcftp.c:922:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ftp_srvtyp[SRVNAMLEN] = { NUL, NUL }; /* Server's system type */
data/ckermit-305~alpha02/ckcftp.c:923:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ftp_user_host[MAX_DNS_NAMELEN]= ""; /* FTP hostname specified by user */
data/ckermit-305~alpha02/ckcftp.c:937:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ftpsndbuf[FTP_BUFSIZ+64];
data/ckermit-305~alpha02/ckcftp.c:1011:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char putpath[CKMAXPATH+1] = { NUL, NUL };
data/ckermit-305~alpha02/ckcftp.c:1012:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char asnambuf[CKMAXPATH+1] = { NUL, NUL };
data/ckermit-305~alpha02/ckcftp.c:1127:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char bytename[8];
data/ckermit-305~alpha02/ckcftp.c:1130:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *reply_parse, reply_buf[FTP_BUFSIZ], *reply_ptr;
data/ckermit-305~alpha02/ckcftp.c:1136:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pasv[64];                   /* Passive-mode port */
data/ckermit-305~alpha02/ckcftp.c:1142:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ftpcmdbuf[FTP_BUFSIZ];
data/ckermit-305~alpha02/ckcftp.c:1997:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char rfnbuf[RFNBUFSIZ];          /* Remote filename translate buffer */
data/ckermit-305~alpha02/ckcftp.c:2047:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ftplogbuf[CXLOGBUFL] = { NUL, NUL }; /* Connection Log */
data/ckermit-305~alpha02/ckcftp.c:2056:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32], * p;
data/ckermit-305~alpha02/ckcftp.c:2072:10:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t1 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckcftp.c:2072:30:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t1 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckcftp.c:2072:49:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t1 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckcftp.c:2078:10:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t2 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckcftp.c:2078:30:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t2 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckcftp.c:2078:49:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t2 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckcftp.c:2115:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * dummy[2] = { NULL, NULL };
data/ckermit-305~alpha02/ckcftp.c:2543:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                      ssl_verify_flag = atoi(q);
data/ckermit-305~alpha02/ckcftp.c:2604:9:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    z = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckcftp.c:2604:30:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    z = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckcftp.c:2604:49:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    z = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckcftp.c:3482:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcftp.c:3483:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcftp.c:3484:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msgbuf[CKMAXPATH+64];
data/ckermit-305~alpha02/ckcftp.c:3915:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * s, timebuf[64];
data/ckermit-305~alpha02/ckcftp.c:4067:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcftp.c:4237:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char asname[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcftp.c:4238:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcftp.c:5970:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            sndfilter = (char *) malloc((int) strlen(pv[SND_FLT].sval) + 1);
data/ckermit-305~alpha02/ckcftp.c:6155:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char xtmpbuf[4096];
data/ckermit-305~alpha02/ckcftp.c:6239:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        if (doftpcwd((char *)cmlist[mgetx],-1)) {
data/ckermit-305~alpha02/ckcftp.c:6361:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        s = (char *)remote_files(first,(CHAR *)cmlist[mgetx],NULL,0);
data/ckermit-305~alpha02/ckcftp.c:6367:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              s = (char *)remote_files(first,(CHAR *)cmlist[mgetx],NULL,0);
data/ckermit-305~alpha02/ckcftp.c:7299:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
          fp_nml = fopen(ftp_nml, "wb");
data/ckermit-305~alpha02/ckcftp.c:7324:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            s = (char *)remote_files(first,
data/ckermit-305~alpha02/ckcftp.c:7352:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    s = (char *)remote_files(first,
data/ckermit-305~alpha02/ckcftp.c:7367:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		      s = (char *)remote_files(first,
data/ckermit-305~alpha02/ckcftp.c:7901:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char tmpbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcftp.c:7923:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char tmpbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcftp.c:7942:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char tmpbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckcftp.c:8401:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char name[TTNAMLEN+1], *p;
data/ckermit-305~alpha02/ckcftp.c:9708:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char srp_user[BUFSIZ];                  /* where is BUFSIZ defined? */
data/ckermit-305~alpha02/ckcftp.c:9758:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char xcmdbuf[RFNBUFSIZ];
data/ckermit-305~alpha02/ckcftp.c:10087:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ftp_port = atoi(service);
data/ckermit-305~alpha02/ckcftp.c:10247:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[CKMAXPATH];
data/ckermit-305~alpha02/ckcftp.c:10300:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[CKMAXPATH];
data/ckermit-305~alpha02/ckcftp.c:10346:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[CKMAXPATH];
data/ckermit-305~alpha02/ckcftp.c:10443:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char errbuf[1024];
data/ckermit-305~alpha02/ckcftp.c:10521:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char in[FTP_BUFSIZ], out[FTP_BUFSIZ];
data/ckermit-305~alpha02/ckcftp.c:10618:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(out, out_buf.value,
data/ckermit-305~alpha02/ckcftp.c:10645:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char out[FTP_BUFSIZ];
data/ckermit-305~alpha02/ckcftp.c:10654:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char inbuf[4096];
data/ckermit-305~alpha02/ckcftp.c:10713:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[128];
data/ckermit-305~alpha02/ckcftp.c:10798:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char kwbuf[8];
data/ckermit-305~alpha02/ckcftp.c:10915:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ibuf[FTP_BUFSIZ], obuf[FTP_BUFSIZ]; /* (these are pretty big...) */
data/ckermit-305~alpha02/ckcftp.c:11297:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(ibuf,ftp_msg_data.app_data,
data/ckermit-305~alpha02/ckcftp.c:11322:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(ibuf, msg_buf.value, msg_buf.length);
data/ckermit-305~alpha02/ckcftp.c:11526:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char uid[UIDBUFLEN];
data/ckermit-305~alpha02/ckcftp.c:11527:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char pwd[PWDSIZ];
data/ckermit-305~alpha02/ckcftp.c:12487:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newname[CKMAXPATH+1];		/* For file dialog */
data/ckermit-305~alpha02/ckcftp.c:13096:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char host[512], *p, *q;
data/ckermit-305~alpha02/ckcftp.c:13140:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy((char *)&hisctladdr.sin_addr, hp->h_addr_list[0],
data/ckermit-305~alpha02/ckcftp.c:13143:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy((char *)&hisctladdr.sin_addr, hp->h_addr,
data/ckermit-305~alpha02/ckcftp.c:13166:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              hisctladdr.sin_port = htons(atoi(p));
data/ckermit-305~alpha02/ckcftp.c:13191:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                      memcpy((char *)&hisctladdr.sin_addr,
data/ckermit-305~alpha02/ckcftp.c:13259:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&hisdataaddr,&data_addr,sizeof(struct sockaddr_in));
data/ckermit-305~alpha02/ckcftp.c:13265:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&data_addr,&myctladdr,sizeof(struct sockaddr_in));
data/ckermit-305~alpha02/ckcftp.c:13370:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char errbuf[1024];
data/ckermit-305~alpha02/ckcftp.c:13552:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[MAXHOSTNAMELEN];
data/ckermit-305~alpha02/ckcftp.c:13564:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char nti[17];
data/ckermit-305~alpha02/ckcftp.c:13565:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char nto[17];
data/ckermit-305~alpha02/ckcftp.c:13567:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char mi[CKMAXPATH];
data/ckermit-305~alpha02/ckcftp.c:13568:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char mo[CKMAXPATH];
data/ckermit-305~alpha02/ckcftp.c:13651:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ip->session, ftp_cred.session, sizeof(ftp_cred.session));
data/ckermit-305~alpha02/ckcftp.c:13653:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ip->schedule, ftp_sched, sizeof(ftp_sched));
data/ckermit-305~alpha02/ckcftp.c:13850:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *service, inst[INST_SZ];
data/ckermit-305~alpha02/ckcftp.c:13877:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char stbuf[FTP_BUFSIZ];
data/ckermit-305~alpha02/ckcftp.c:13881:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char tgt[256];
data/ckermit-305~alpha02/ckcftp.c:14083:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char tgt[4*REALM_SZ+1];
data/ckermit-305~alpha02/ckcftp.c:14353:38:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if ((maxbuf = (unsigned int) atol(reply_parse)) > actualbuf)
data/ckermit-305~alpha02/ckcftp.c:14664:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char hostnamebuf[MAXHOSTNAMELEN];
data/ckermit-305~alpha02/ckcftp.c:14665:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hostname[MAXHOSTNAMELEN] /* , *p, *q */ ;
data/ckermit-305~alpha02/ckcftp.c:14698:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          cport = atoi(p);
data/ckermit-305~alpha02/ckcftp.c:14730:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((char *)&hisctladdr.sin_addr, hp->h_addr_list[0],
data/ckermit-305~alpha02/ckcftp.c:14733:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((char *)&hisctladdr.sin_addr, hp->h_addr,
data/ckermit-305~alpha02/ckcftp.c:14778:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy((char *)&hisctladdr.sin_addr,
data/ckermit-305~alpha02/ckcftp.c:14841:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char uid[UIDBUFLEN];
data/ckermit-305~alpha02/ckcftp.c:14842:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char pwd[PWDSIZ];
data/ckermit-305~alpha02/ckcftp.c:15067:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char ftppass[PASSBUFSIZ]="";
data/ckermit-305~alpha02/ckcftp.c:15068:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[PASSBUFSIZ];
data/ckermit-305~alpha02/ckcftp.c:15125:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char *myname, prompt[PROMPTSIZ];
data/ckermit-305~alpha02/ckcftp.c:15182:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            static char ftpacct[80];
data/ckermit-305~alpha02/ckcftp.c:15293:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pwd[PWDSIZ];
data/ckermit-305~alpha02/ckcftp.c:15418:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * tmpfilnam[MLSDEPTH+1] = { NULL, NULL }; /* Temp file names */
data/ckermit-305~alpha02/ckcftp.c:15508:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    static char foo[CKMAXPATH];
data/ckermit-305~alpha02/ckcftp.c:15532:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    ckmakmsg((char *)tmpfilnam[mlsdepth],
data/ckermit-305~alpha02/ckcftp.c:15541:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char * tmpfil = mktemp((char *)tmpfilnam[mlsdepth]);
data/ckermit-305~alpha02/ckcftp.c:15548:6:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	x = mkstemp((char *)tmpfilnam[mlsdepth]);
data/ckermit-305~alpha02/ckcftp.c:15548:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	x = mkstemp((char *)tmpfilnam[mlsdepth]);
data/ckermit-305~alpha02/ckcftp.c:15551:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        mktemp((char *)tmpfilnam[mlsdepth]);
data/ckermit-305~alpha02/ckcftp.c:15619:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    (char *)tmpfilnam[mlsdepth],
data/ckermit-305~alpha02/ckcftp.c:15654:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        tmpfilptr[mlsdepth] = fopen((char *)tmpfilnam[mlsdepth], "r");
data/ckermit-305~alpha02/ckcftp.c:15654:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        tmpfilptr[mlsdepth] = fopen((char *)tmpfilnam[mlsdepth], "r");
data/ckermit-305~alpha02/ckcftp.c:15698:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if (fgets((char *)buf, FTPNAMBUFLEN, tmpfilptr[mlsdepth]) == NULL) {
data/ckermit-305~alpha02/ckcftp.c:15708:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		   (char *)tmpfilnam[mlsdepth]);
data/ckermit-305~alpha02/ckcftp.c:16014:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&ucbuf[nout],&buf[bsent],b2cp);
data/ckermit-305~alpha02/ckcftp.c:16212:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(outbuf, out_buf.value, length=out_buf.length);
data/ckermit-305~alpha02/ckcftp.c:16382:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(ucbuf,ftp_msg_data.app_data,ftp_msg_data.app_length);
data/ckermit-305~alpha02/ckcftp.c:16405:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(ucbuf, msg_buf.value, nin = bufp = msg_buf.length);
data/ckermit-305~alpha02/ckcftp.c:16574:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tokval[100];
data/ckermit-305~alpha02/ckcftp.c:16631:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *hdir, buf[FTP_BUFSIZ], *tmp;
data/ckermit-305~alpha02/ckcftp.c:16632:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myname[MAXHOSTNAMELEN], *mydomain;
data/ckermit-305~alpha02/ckcftp.c:16644:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    cfile = fopen(buf, "r");
data/ckermit-305~alpha02/ckcftp.c:16949:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[BUFSIZ], prompt[PROMPTSIZ];
data/ckermit-305~alpha02/ckcftp.c:17093:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            static char ftppass[PASSBUFSIZ];
data/ckermit-305~alpha02/ckcftp.c:17151:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (seqnum, cp, 4);
data/ckermit-305~alpha02/ckcftp.c:17266:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (*out, &net_len, 4);
data/ckermit-305~alpha02/ckcftp.c:17270:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (*out, in, inlen);
data/ckermit-305~alpha02/ckcftp.c:17290:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (&net_len, *in, 4); *inlen -= 4; *in += 4;
data/ckermit-305~alpha02/ckcftp.c:17366:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *cp, *tp2, tmpbuf[CKMAXPATH];
data/ckermit-305~alpha02/ckcftp.c:17470:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *cp, *tp, *tp2, tmpbuf[CKMAXPATH];
data/ckermit-305~alpha02/ckcftp.c:17571:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *cmd, mode[1], *dest;
data/ckermit-305~alpha02/ckcftp.c:17616:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[16];
data/ckermit-305~alpha02/ckcftp.c:17617:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[CKMAXPATH];
data/ckermit-305~alpha02/ckcftp.c:17663:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        ftemp = fopen(temp, "r");
data/ckermit-305~alpha02/ckcker.h:1071:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *x_aliases[4];
data/ckermit-305~alpha02/ckclib.c:97:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char rxresult[RXRESULT+1];
data/ckermit-305~alpha02/ckclib.c:243:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, *a[4];
data/ckermit-305~alpha02/ckclib.c:282:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, *a[12];
data/ckermit-305~alpha02/ckclib.c:312:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[2];			/* Returns string pointer. */
data/ckermit-305~alpha02/ckclib.c:446:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char numbuf[NUMBUF+32] = { NUL, NUL };
data/ckermit-305~alpha02/ckclib.c:468:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];			/* Internal working buffer */
data/ckermit-305~alpha02/ckclib.c:505:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];			/* Internal working buffer */
data/ckermit-305~alpha02/ckclib.c:534:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];			/* Internal working buffer */
data/ckermit-305~alpha02/ckclib.c:539:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(bp, "%lx", n);
data/ckermit-305~alpha02/ckclib.c:542:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(bp, "0%lx", n);
data/ckermit-305~alpha02/ckclib.c:572:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];			/* Internal working buffer */
data/ckermit-305~alpha02/ckclib.c:667:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[32];
data/ckermit-305~alpha02/ckclib.c:683:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[48];
data/ckermit-305~alpha02/ckclib.c:1190:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[24];		/* So get a good record of it. */
data/ckermit-305~alpha02/ckclib.c:1193:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tmp+20,"...");
data/ckermit-305~alpha02/ckclib.c:1271:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char t1buf[2], t2buf[2];
data/ckermit-305~alpha02/ckclib.c:1979:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgbuf[256];
data/ckermit-305~alpha02/ckclib.c:2104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[400];
data/ckermit-305~alpha02/ckclib.c:2111:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%200.100f",fpnum);	/* Make string version to work with. */
data/ckermit-305~alpha02/ckclib.c:2285:9:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			n1 = atol(t1);
data/ckermit-305~alpha02/ckclib.c:2287:11:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			  n2 = atol(t2);
data/ckermit-305~alpha02/ckclib.c:2618:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[60];
data/ckermit-305~alpha02/ckclib.c:2625:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(buf,"%02ld:%02ld:%02ld",h,m,s);
data/ckermit-305~alpha02/ckclib.c:2648:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p,s,x);
data/ckermit-305~alpha02/ckclib.c:2672:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p+n-x,s,x);
data/ckermit-305~alpha02/ckclib.c:2695:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char hexbuf[17];
data/ckermit-305~alpha02/ckclib.c:2722:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/ckermit-305~alpha02/ckcmai.c:144:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char versiox[CKVERLEN];                 /* Version string buffer  */
data/ckermit-305~alpha02/ckcmai.c:158:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char homedirpath[CKMAXPATH+1] = { NUL, NUL }; /* Home directory path */
data/ckermit-305~alpha02/ckcmai.c:675:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * cdmsgfile[8] = { NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL };
data/ckermit-305~alpha02/ckcmai.c:693:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char uidbuf[UIDBUFLEN] = { NUL, NUL };  /* User ID buffer */
data/ckermit-305~alpha02/ckcmai.c:695:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char cmdfil[CKMAXPATH + 1] = { NUL, NUL }; /* Application file name */
data/ckermit-305~alpha02/ckcmai.c:902:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char whoareu[16] = { NUL, NUL };        /* System ID of other Kermit */
data/ckermit-305~alpha02/ckcmai.c:1029:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char filnam[CKMAXPATH + 1];             /* Name of current file. */
data/ckermit-305~alpha02/ckcmai.c:1030:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ofilnam[CKMAXPATH + 1];            /* Original name. */
data/ckermit-305~alpha02/ckcmai.c:1047:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * getpath[MAXGETPATH];
data/ckermit-305~alpha02/ckcmai.c:1102:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ttname[TTNAMLEN+1];                /* Name of communication device */
data/ckermit-305~alpha02/ckcmai.c:1157:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char myhost[MYHOSTL];                   /* Local host name */
data/ckermit-305~alpha02/ckcmai.c:1202:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char udata[MAXCUDATA];                  /* X.25 call user data */
data/ckermit-305~alpha02/ckcmai.c:1212:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char x25name[32] = {'\0'};          /* x25 device name, sx25a0 or sx25a1 */
data/ckermit-305~alpha02/ckcmai.c:1213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char x25dev[64] =  "/dev/x25pkt";   /* x25 device in /dev */
data/ckermit-305~alpha02/ckcmai.c:1459:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *tt_trigger[TRIGGERS] = { NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL };
data/ckermit-305~alpha02/ckcmai.c:1621:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char zinbuffer[INBUFSIZE], zoutbuffer[OBUFSIZE];
data/ckermit-305~alpha02/ckcmai.c:3060:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char scratch[TMPBUFSIZ];
data/ckermit-305~alpha02/ckcmai.c:3240:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char stackdata[256];
data/ckermit-305~alpha02/ckcmai.c:3635:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    if (atoi(s) != 0) {
data/ckermit-305~alpha02/ckcmdb.c:242:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *m_used[BUCKETS];
data/ckermit-305~alpha02/ckcmdb.c:243:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *m_used2[BUCKETS];
data/ckermit-305~alpha02/ckcmdb.c:365:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/ckermit-305~alpha02/ckcnet.c:147:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char myipaddr[20] = { '\0' };           /* Global copy of my IP address */
data/ckermit-305~alpha02/ckcnet.c:148:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char hostipaddr[64] = { '\0' };		/* Global copy of remote IP address */
data/ckermit-305~alpha02/ckcnet.c:160:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char http_inbuf[HTTP_INBUFLEN];
data/ckermit-305~alpha02/ckcnet.c:394:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char namecopy[NAMECPYL];                /* Referenced by ckctel.c */
data/ckermit-305~alpha02/ckcnet.c:395:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char namecopy2[NAMECPYL];		/* Referenced by ckctel.c */
data/ckermit-305~alpha02/ckcnet.c:397:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char http_host_port[NAMECPYL];          /* orig host/port necessary for http */
data/ckermit-305~alpha02/ckcnet.c:398:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char http_ip[20] = { '\0' };            /* ip address of host */
data/ckermit-305~alpha02/ckcnet.c:405:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char http_reply_str[HTTPBUFLEN] = "";
data/ckermit-305~alpha02/ckcnet.c:408:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ipaddr[20] = { '\0' };             /* Global copy of IP address */
data/ckermit-305~alpha02/ckcnet.c:423:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char proxycopy[HTTPCPYL];
data/ckermit-305~alpha02/ckcnet.c:692:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * krb5_d_addrs[KRB5_NUM_OF_ADDRS+1]={NULL,NULL}; /* Addrs to include */
data/ckermit-305~alpha02/ckcnet.c:921:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char svcbuf[80];                 /* TCP service string */
data/ckermit-305~alpha02/ckcnet.c:1516:13:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            bcopy(h->h_addr_list[i],hosts[next].h_addr_list[i],h->h_length);
data/ckermit-305~alpha02/ckcnet.c:1522:5:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    bcopy(h->h_addr, &hosts[next].h_addr, h->h_length);
data/ckermit-305~alpha02/ckcnet.c:1525:5:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    bcopy(h->h_addr, &hosts[next].h_addr, h->h_length);
data/ckermit-305~alpha02/ckcnet.c:1554:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    else port = atoi(service);
data/ckermit-305~alpha02/ckcnet.c:1581:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char name[80];
data/ckermit-305~alpha02/ckcnet.c:1624:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sbuf[30], pbuf[30];
data/ckermit-305~alpha02/ckcnet.c:2471:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ttyfd = atoi(&name[1]);
data/ckermit-305~alpha02/ckcnet.c:2676:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        service->s_port = htons((unsigned short)atoi(p));
data/ckermit-305~alpha02/ckcnet.c:3161:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char namebuf[256];
data/ckermit-305~alpha02/ckcnet.c:3243:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char namebuf[256];
data/ckermit-305~alpha02/ckcnet.c:3268:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        bcopy(host->h_addr_list[0],
data/ckermit-305~alpha02/ckcnet.c:3273:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        bcopy(host->h_addr, (caddr_t)&r_addr.sin_addr, host->h_length);
data/ckermit-305~alpha02/ckcnet.c:3276:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        bcopy(host->h_addr, (caddr_t)&r_addr.sin_addr, host->h_length);
data/ckermit-305~alpha02/ckcnet.c:3368:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        switch (atoi(p)) {
data/ckermit-305~alpha02/ckcnet.c:3439:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        service->s_port = htons((unsigned short)atoi(servicename));
data/ckermit-305~alpha02/ckcnet.c:3532:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char xxname[XXNAMELEN];
data/ckermit-305~alpha02/ckcnet.c:3749:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((ttyfd = open(x25dev, O_RDWR)) < 0) {
data/ckermit-305~alpha02/ckcnet.c:3895:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char temphost[256], tempservice[80], temppath[256];
data/ckermit-305~alpha02/ckcnet.c:4106:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(++p,"http");
data/ckermit-305~alpha02/ckcnet.c:4227:13:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            bcopy(host->h_addr_list[0],
data/ckermit-305~alpha02/ckcnet.c:4232:13:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            bcopy(host->h_addr, (caddr_t)&r_addr.sin_addr, host->h_length);
data/ckermit-305~alpha02/ckcnet.c:4238:13:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            bcopy(host->h_addr, (caddr_t)&r_addr.sin_addr, host->h_length);
data/ckermit-305~alpha02/ckcnet.c:4549:19:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  bcopy(host->h_addr_list[0],
data/ckermit-305~alpha02/ckcnet.c:5906:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf,&ttibuf[ttibp],len);         /* safe */
data/ckermit-305~alpha02/ckcnet.c:5910:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf,&ttibuf[ttibp],n);           /* safe */
data/ckermit-305~alpha02/ckcnet.c:7033:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localhost[256];
data/ckermit-305~alpha02/ckcnet.c:7041:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char messageBuf[60];
data/ckermit-305~alpha02/ckcnet.c:7122:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char id[4];
data/ckermit-305~alpha02/ckcnet.c:7177:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outbuf[512];
data/ckermit-305~alpha02/ckcnet.c:7245:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char localuid[UIDBUFLEN+1];
data/ckermit-305~alpha02/ckcnet.c:7261:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy((char *)localuser,"unknown");
data/ckermit-305~alpha02/ckcnet.c:7720:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char x25obuf[MAXOX25];
data/ckermit-305~alpha02/ckcnet.c:8067:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[30];
data/ckermit-305~alpha02/ckcnet.c:8094:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[30];
data/ckermit-305~alpha02/ckcnet.c:8580:5:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    bcopy( addr, addtl_info, addr_len ); /* include trailing null */
data/ckermit-305~alpha02/ckcnet.c:8583:7:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      bcopy( cud, addtl_info, cud_len );
data/ckermit-305~alpha02/ckcnet.c:8718:5:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    bcopy( remote_nua, addtl_info, addr_len );
data/ckermit-305~alpha02/ckcnet.c:8734:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        bcopy(cud,
data/ckermit-305~alpha02/ckcnet.c:8936:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((x25callfd = open(x25dev, O_RDWR)) < 0) {
data/ckermit-305~alpha02/ckcnet.c:8980:5:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    bcopy( local_nua, addtl_info, addr_len );
data/ckermit-305~alpha02/ckcnet.c:9286:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char query[64];             /* odm database query */
data/ckermit-305~alpha02/ckcnet.c:9299:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( x25name, "sx25a0" );
data/ckermit-305~alpha02/ckcnet.c:9981:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char cmdatebuf[18];
data/ckermit-305~alpha02/ckcnet.c:9984:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ldate[32];
data/ckermit-305~alpha02/ckcnet.c:10024:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char nowstr[32];
data/ckermit-305~alpha02/ckcnet.c:10154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[24];
data/ckermit-305~alpha02/ckcnet.c:10197:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char buf[128];
data/ckermit-305~alpha02/ckcnet.c:10247:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namecopy[NAMECPYL];
data/ckermit-305~alpha02/ckcnet.c:10338:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(++p,"http");
data/ckermit-305~alpha02/ckcnet.c:10429:13:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            bcopy(host->h_addr_list[0],
data/ckermit-305~alpha02/ckcnet.c:10434:13:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            bcopy(host->h_addr, (caddr_t)&r_addr.sin_addr, host->h_length);
data/ckermit-305~alpha02/ckcnet.c:10437:13:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            bcopy(host->h_addr, (caddr_t)&r_addr.sin_addr, host->h_length);
data/ckermit-305~alpha02/ckcnet.c:10593:19:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  bcopy(host->h_addr_list[0],
data/ckermit-305~alpha02/ckcnet.c:11527:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[16];
data/ckermit-305~alpha02/ckcnet.c:11536:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    http_code = atoi(buf);
data/ckermit-305~alpha02/ckcnet.c:11560:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   buf[HTTPBUFLEN], *p;
data/ckermit-305~alpha02/ckcnet.c:11577:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[64];
data/ckermit-305~alpha02/ckcnet.c:11578:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64in[128];
data/ckermit-305~alpha02/ckcnet.c:11579:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64out[256];
data/ckermit-305~alpha02/ckcnet.c:11580:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * headers[HTTPHEADCNT];
data/ckermit-305~alpha02/ckcnet.c:11723:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                len = atoi(&buf[16]);
data/ckermit-305~alpha02/ckcnet.c:11864:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   buf[HTTPBUFLEN], *p;
data/ckermit-305~alpha02/ckcnet.c:11869:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[64];
data/ckermit-305~alpha02/ckcnet.c:11870:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64in[128];
data/ckermit-305~alpha02/ckcnet.c:11871:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64out[256];
data/ckermit-305~alpha02/ckcnet.c:11872:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * headers[HTTPHEADCNT];
data/ckermit-305~alpha02/ckcnet.c:12054:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   buf[HTTPBUFLEN], *p;
data/ckermit-305~alpha02/ckcnet.c:12059:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[64];
data/ckermit-305~alpha02/ckcnet.c:12060:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64in[128];
data/ckermit-305~alpha02/ckcnet.c:12061:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64out[256];
data/ckermit-305~alpha02/ckcnet.c:12062:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * headers[HTTPHEADCNT];
data/ckermit-305~alpha02/ckcnet.c:12187:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    len = atoi(&buf[16]);
data/ckermit-305~alpha02/ckcnet.c:12302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   buf[HTTPBUFLEN], *p;
data/ckermit-305~alpha02/ckcnet.c:12307:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[64];
data/ckermit-305~alpha02/ckcnet.c:12308:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64in[128];
data/ckermit-305~alpha02/ckcnet.c:12309:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64out[256];
data/ckermit-305~alpha02/ckcnet.c:12311:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * headers[HTTPHEADCNT];
data/ckermit-305~alpha02/ckcnet.c:12401:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"Content-length: %d\r\n",filelen); /* safe */
data/ckermit-305~alpha02/ckcnet.c:12492:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        len = atoi(&buf[16]);
data/ckermit-305~alpha02/ckcnet.c:12607:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   buf[HTTPBUFLEN], *p;
data/ckermit-305~alpha02/ckcnet.c:12612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[64];
data/ckermit-305~alpha02/ckcnet.c:12613:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64in[128];
data/ckermit-305~alpha02/ckcnet.c:12614:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64out[256];
data/ckermit-305~alpha02/ckcnet.c:12615:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * headers[HTTPHEADCNT];
data/ckermit-305~alpha02/ckcnet.c:12749:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    len = atoi(&buf[16]);
data/ckermit-305~alpha02/ckcnet.c:12847:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   buf[HTTPBUFLEN], *p;
data/ckermit-305~alpha02/ckcnet.c:12852:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[64];
data/ckermit-305~alpha02/ckcnet.c:12853:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64in[128];
data/ckermit-305~alpha02/ckcnet.c:12854:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64out[256];
data/ckermit-305~alpha02/ckcnet.c:12856:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * headers[HTTPHEADCNT];
data/ckermit-305~alpha02/ckcnet.c:12941:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"Content-length: %d\r\n",filelen); /* safe */
data/ckermit-305~alpha02/ckcnet.c:13021:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        len = atoi(&buf[16]);
data/ckermit-305~alpha02/ckcnet.c:13135:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   buf[HTTPBUFLEN], *p, ch;
data/ckermit-305~alpha02/ckcnet.c:13140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[64];
data/ckermit-305~alpha02/ckcnet.c:13141:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64in[128];
data/ckermit-305~alpha02/ckcnet.c:13142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b64out[256];
data/ckermit-305~alpha02/ckcnet.c:13143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * headers[HTTPHEADCNT];
data/ckermit-305~alpha02/ckcnet.c:13261:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                tcp_http_proxy_errno = atoi(p);
data/ckermit-305~alpha02/ckcnet.c:13339:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char bytes[2048];
data/ckermit-305~alpha02/ckcnet.c:13548:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy((char *) &sin->sin_addr,
data/ckermit-305~alpha02/ckcnet.c:13604:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char bytes[2048];
data/ckermit-305~alpha02/ckcnet.c:13608:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char host[MAX_DNS_NAMELEN], *h;
data/ckermit-305~alpha02/ckcnet.c:13745:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char env[512];
data/ckermit-305~alpha02/ckcnet.c:13827:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256], * host=NULL, * rest=NULL;
data/ckermit-305~alpha02/ckcnet.c:13877:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(host, "localhost");
data/ckermit-305~alpha02/ckcnet.c:13926:13:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            bcopy(host->h_addr_list[0],
data/ckermit-305~alpha02/ckcnet.c:13931:13:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            bcopy(host->h_addr, (caddr_t)&saddr.sin_addr, host->h_length);
data/ckermit-305~alpha02/ckcnet.c:13934:13:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            bcopy(host->h_addr, (caddr_t)&saddr.sin_addr, host->h_length);
data/ckermit-305~alpha02/ckcnet.c:13978:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256], *host=NULL, *rest=NULL;
data/ckermit-305~alpha02/ckcnet.c:14011:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(host, "localhost");
data/ckermit-305~alpha02/ckcnet.c:14066:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        bcopy(host->h_addr_list[0],
data/ckermit-305~alpha02/ckcnet.c:14071:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        bcopy(host->h_addr, (caddr_t)&saddr.sin_addr, host->h_length);
data/ckermit-305~alpha02/ckcnet.c:14074:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        bcopy(host->h_addr, (caddr_t)&saddr.sin_addr, host->h_length);
data/ckermit-305~alpha02/ckcnet.c:14113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sb[8];
data/ckermit-305~alpha02/ckcnet.c:14351:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[32000];
data/ckermit-305~alpha02/ckcnet.h:350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                buffer[NPI_MAX_CTL];    /* maximum primitive size */
data/ckermit-305~alpha02/ckcnet.h:371:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char    x25addr_t[45];          /* max 40 defined by CCITT */
data/ckermit-305~alpha02/ckcnet.h:372:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char    N_npi_data_t[NPI_MAX_DATA];
data/ckermit-305~alpha02/ckcnet.h:741:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifndef bcopy
data/ckermit-305~alpha02/ckcnet.h:742:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:742:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:751:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifndef bcopy
data/ckermit-305~alpha02/ckcnet.h:752:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:752:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:779:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifndef bcopy
data/ckermit-305~alpha02/ckcnet.h:780:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:780:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:783:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifndef bcopy
data/ckermit-305~alpha02/ckcnet.h:784:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memmove(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:792:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifndef bcopy
data/ckermit-305~alpha02/ckcnet.h:793:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:793:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:863:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifndef bcopy
data/ckermit-305~alpha02/ckcnet.h:864:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:864:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:940:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifndef bcopy
data/ckermit-305~alpha02/ckcnet.h:941:17:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
_PROTOTYP( void bcopy, (char *, char *, int) );
data/ckermit-305~alpha02/ckcnet.h:1031:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifndef bcopy
data/ckermit-305~alpha02/ckcnet.h:1032:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memmove(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:1039:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifndef bcopy
data/ckermit-305~alpha02/ckcnet.h:1040:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memmove(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:1122:25:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define FD_COPY(f, t)   bcopy(f, t, sizeof(*(f)))
data/ckermit-305~alpha02/ckcnet.h:1164:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(s,d,z) memcpy(d,s,z)
data/ckermit-305~alpha02/ckcnet.h:1164:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(s,d,z) memcpy(d,s,z)
data/ckermit-305~alpha02/ckcnet.h:1180:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifndef bcopy
data/ckermit-305~alpha02/ckcnet.h:1181:9:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:1181:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define bcopy(h,a,l) memcpy(a,h,l)
data/ckermit-305~alpha02/ckcnet.h:1503:8:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#ifdef bcopy
data/ckermit-305~alpha02/ckcnet.h:1504:8:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#undef bcopy
data/ckermit-305~alpha02/ckcpro.c:95:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ipktack[PKTZEROLEN];
data/ckermit-305~alpha02/ckcpro.c:209:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char querybuf[QBUFL+1] = { NUL, NUL }; /* QUERY response buffer */
data/ckermit-305~alpha02/ckcpro.c:2675:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *str1, *str2, f1[256], f2[256];
data/ckermit-305~alpha02/ckcpro.c:2728:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *str1, *str2, f1[256], f2[256];
data/ckermit-305~alpha02/ckcpro.c:2777:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char f1[LOGINLEN+1], f2[LOGINLEN+1], f3[LOGINLEN+1];
data/ckermit-305~alpha02/ckcpro.c:3291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xss[2];			/* String representation of sstate */
data/ckermit-305~alpha02/ckcpro.c:3389:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmpbuf[356];
data/ckermit-305~alpha02/ckcpro.c:3466:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpbuf[356];
data/ckermit-305~alpha02/ckcpro.c:3748:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		val = atoi(p);		/* Convert to int */
data/ckermit-305~alpha02/ckcpro.c:3760:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		val = atoi(p);
data/ckermit-305~alpha02/ckctel.c:128:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tn_msg[TN_MSG_LEN];                /* Telnet data can be rather long */
data/ckermit-305~alpha02/ckctel.c:129:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char hexbuf[TN_MSG_LEN];
data/ckermit-305~alpha02/ckctel.c:130:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tn_msg_out[TN_MSG_LEN];
data/ckermit-305~alpha02/ckctel.c:167:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tncnts[NTELOPTS+1][4];             /* Counts */
data/ckermit-305~alpha02/ckctel.c:168:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tnopps[4] = { 1,0,3,2 };           /* Opposites */
data/ckermit-305~alpha02/ckctel.c:176:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tn_env_acct[64];
data/ckermit-305~alpha02/ckctel.c:177:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tn_env_disp[64];
data/ckermit-305~alpha02/ckctel.c:178:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tn_env_job[64];
data/ckermit-305~alpha02/ckctel.c:179:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tn_env_prnt[64];
data/ckermit-305~alpha02/ckctel.c:180:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tn_env_sys[64];
data/ckermit-305~alpha02/ckctel.c:181:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * tn_env_uservar[8][2];
data/ckermit-305~alpha02/ckctel.c:448:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tn_wait_buf[TN_WAIT_BUF_SZ];
data/ckermit-305~alpha02/ckctel.c:724:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[128];
data/ckermit-305~alpha02/ckctel.c:831:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&buf[4],data,len);
data/ckermit-305~alpha02/ckctel.c:856:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(hexbuf,"%02x",data[i]); /* safe but ugly */
data/ckermit-305~alpha02/ckctel.c:878:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        sprintf(hexbuf,"%c",data[i]); /* safe but ugly */
data/ckermit-305~alpha02/ckctel.c:885:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(hexbuf,"%02x",sub);             /* safe but ugly */
data/ckermit-305~alpha02/ckctel.c:964:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tmploc[256];
data/ckermit-305~alpha02/ckctel.c:1090:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/ckermit-305~alpha02/ckctel.c:1185:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        dpynum = atoi (ptr);            /* it will handle num. as well */
data/ckermit-305~alpha02/ckctel.c:1203:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        scrnum = atoi (ptr);            /* it will handle num. as well */
data/ckermit-305~alpha02/ckctel.c:1442:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char address[300] = "localhost";
data/ckermit-305~alpha02/ckctel.c:1469:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char msg[64];
data/ckermit-305~alpha02/ckctel.c:1494:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&msg[12],real_xauth->name,18);
data/ckermit-305~alpha02/ckctel.c:1496:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&msg[32],real_xauth->data,16);
data/ckermit-305~alpha02/ckctel.c:1577:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(data + 12 + ((name_len + 3) & ~3),
data/ckermit-305~alpha02/ckctel.c:1962:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stackdata[256];
data/ckermit-305~alpha02/ckctel.c:1972:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(fake_xauth.name, name, name_len);
data/ckermit-305~alpha02/ckctel.c:2002:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char address[300] = "localhost";
data/ckermit-305~alpha02/ckctel.c:2044:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(p, "%c%c%c%c%c", IAC, SB, TELOPT_FORWARD_X,
data/ckermit-305~alpha02/ckctel.c:2059:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(p, "%c%c", IAC, SE);
data/ckermit-305~alpha02/ckctel.c:2101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myhost[300], *host, *rest = NULL;
data/ckermit-305~alpha02/ckctel.c:2125:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(xauth.address, myhost, xauth.address_length);
data/ckermit-305~alpha02/ckctel.c:2132:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(file = fopen(fwdx_xauthfile, "wb")))
data/ckermit-305~alpha02/ckctel.c:2163:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(xauth.name, sp + 4, xauth.name_length);
data/ckermit-305~alpha02/ckctel.c:2164:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(xauth.data, sp + 4 + xauth.name_length, xauth.data_length);
data/ckermit-305~alpha02/ckctel.c:2169:20:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    if ((xauthfd = mkstemp(fwdx_xauthfile)) != -1)
data/ckermit-305~alpha02/ckctel.c:3685:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char * s[16];
data/ckermit-305~alpha02/ckctel.c:4321:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char rows_buf[16] = { 0, 0 }; /* LINES Environment variable */
data/ckermit-305~alpha02/ckctel.c:4322:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cols_buf[16] = { 0, 0 }; /* COLUMNS Enviornment variable */
data/ckermit-305~alpha02/ckctel.c:4323:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char term_buf[64] = { 0, 0 }; /* TERM Environment variable */
data/ckermit-305~alpha02/ckctel.c:4664:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  char request[6];      /* request it */
data/ckermit-305~alpha02/ckctel.c:4665:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(request,"%cUSER",TEL_ENV_VAR);        /* safe */
data/ckermit-305~alpha02/ckctel.c:5596:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy((char *)TELOPT_SB(TELOPT_NEWENVIRON).env.str,
data/ckermit-305~alpha02/ckctel.c:5674:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char varname[17];
data/ckermit-305~alpha02/ckctel.c:5675:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[65];
data/ckermit-305~alpha02/ckctel.c:5846:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char varname[16];
data/ckermit-305~alpha02/ckctel.c:5851:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localuidbuf[UIDBUFLEN];	/* (Initialized just below) */
data/ckermit-305~alpha02/ckctel.c:6028:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(&reply[n+1],"USER");
data/ckermit-305~alpha02/ckctel.c:6035:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(&reply[n+1],"JOB");
data/ckermit-305~alpha02/ckctel.c:6042:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(&reply[n+1],"ACCT");
data/ckermit-305~alpha02/ckctel.c:6049:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(&reply[n+1],"PRINTER");
data/ckermit-305~alpha02/ckctel.c:6056:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(&reply[n+1],"SYSTEMTYPE");
data/ckermit-305~alpha02/ckctel.c:6063:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(&reply[n+1],"DISPLAY");
data/ckermit-305~alpha02/ckctel.c:6070:21:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                    strcpy(&reply[n+1],"USER");
data/ckermit-305~alpha02/ckctel.c:6076:21:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                    strcpy(&reply[n+1],"JOB");
data/ckermit-305~alpha02/ckctel.c:6082:21:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                    strcpy(&reply[n+1],"ACCT");
data/ckermit-305~alpha02/ckctel.c:6088:21:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                    strcpy(&reply[n+1],"PRINTER");
data/ckermit-305~alpha02/ckctel.c:6094:21:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                    strcpy(&reply[n+1],"SYSTEMTYPE");
data/ckermit-305~alpha02/ckctel.c:6100:21:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                    strcpy(&reply[n+1],"DISPLAY");
data/ckermit-305~alpha02/ckctel.c:6141:27:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                          strcpy(&reply[n+1],"LOCATION");
data/ckermit-305~alpha02/ckctel.c:6162:23:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                      strcpy(&reply[n+1],"LOCATION");
data/ckermit-305~alpha02/ckctel.c:6442:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            screen = atoi(&disp[colon+dot]);
data/ckermit-305~alpha02/ckctel.c:6744:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(tnc_signature,&sb[1],len-1);
data/ckermit-305~alpha02/ckctel.h:444:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *telopts[NTELOPTS+2] = {
data/ckermit-305~alpha02/ckctel.h:543:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       unsigned char type[41];     /* Last terminal type       */
data/ckermit-305~alpha02/ckctel.h:629:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * telopt_modes[4] = {
data/ckermit-305~alpha02/ckcuni.c:15887:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[16];
data/ckermit-305~alpha02/ckcuni.c:15890:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf,"%04X",ucs2return);
data/ckermit-305~alpha02/ckuat2.h:86:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char Block[8];
data/ckermit-305~alpha02/ckuath.c:52:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char szUserNameRequested[UIDBUFLEN+1];    /* for incoming connections */
data/ckermit-305~alpha02/ckuath.c:53:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char szUserNameAuthenticated[UIDBUFLEN+1];/* for incoming connections */
data/ckermit-305~alpha02/ckuath.c:54:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char szHostName[UIDBUFLEN+1];
data/ckermit-305~alpha02/ckuath.c:55:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char szUserName[UIDBUFLEN+1];
data/ckermit-305~alpha02/ckuath.c:56:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char szIP[16];
data/ckermit-305~alpha02/ckuath.c:280:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char     k4_name[ANAME_SZ];
data/ckermit-305~alpha02/ckuath.c:330:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gss_stbuf[GSS_BUFSIZ];
data/ckermit-305~alpha02/ckuath.c:359:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char str_data[4096] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
data/ckermit-305~alpha02/ckuath.c:362:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char strTmp[AUTHTMPBL+1];
data/ckermit-305~alpha02/ckuath.c:363:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char szLocalHostName[UIDBUFLEN+1];
data/ckermit-305~alpha02/ckuath.c:405:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char srp_passwd[PWD_SZ];
data/ckermit-305~alpha02/ckuath.c:416:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char des_inbuf[2*RLOG_BUFSIZ];       /* needs to be > largest read size */
data/ckermit-305~alpha02/ckuath.c:417:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char des_outpkt[2*RLOG_BUFSIZ+4];    /* needs to be > largest write size */
data/ckermit-305~alpha02/ckuath.c:441:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char storage[65536];            /* storage for the decryption */
data/ckermit-305~alpha02/ckuath.c:541:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ktname[CKMAXPATH]="";
data/ckermit-305~alpha02/ckuath.c:649:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[CKMAXPATH]="";
data/ckermit-305~alpha02/ckuath.c:886:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char str_request[64] = { IAC, SB,
data/ckermit-305~alpha02/ckuath.c:1274:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(tn_msg,"TELNET SENT SB AUTHENTICATION SEND ");
data/ckermit-305~alpha02/ckuath.c:1431:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &buf[1], sb, len-2 );
data/ckermit-305~alpha02/ckuath.c:1480:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &buf[1], sb, len-2 );
data/ckermit-305~alpha02/ckuath.c:2013:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[9];
data/ckermit-305~alpha02/ckuath.c:2037:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%c%c%c%c%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION,
data/ckermit-305~alpha02/ckuath.c:2295:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char send_list[512];
data/ckermit-305~alpha02/ckuath.c:2328:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char buf[4096];
data/ckermit-305~alpha02/ckuath.c:2361:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(send_list,parsedat,send_len);
data/ckermit-305~alpha02/ckuath.c:2910:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char msg[80];
data/ckermit-305~alpha02/ckuath.c:2955:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf((char *)buf, "%c%c%c%c", IAC, SB, 
data/ckermit-305~alpha02/ckuath.c:2958:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&buf[4], pname, plen);               /* safe */
data/ckermit-305~alpha02/ckuath.c:2959:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf((char *)&buf[plen + 4], "%c%c", IAC, SE);   /* safe */
data/ckermit-305~alpha02/ckuath.c:2968:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf((char *)buf, "%c%c%c%c%c%c", IAC, SB, 
data/ckermit-305~alpha02/ckuath.c:2994:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf((char *)buf, "%c%c%c%c%c%c%c",
data/ckermit-305~alpha02/ckuath.c:3012:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(&buf[7], "%c%c", IAC, SE);      /* safe */
data/ckermit-305~alpha02/ckuath.c:3037:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            if ( ((char *)NTLMSecBuf[0].pvBuffer)[i] == IAC )
data/ckermit-305~alpha02/ckuath.c:3048:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(&buf[7+length], "%c%c", IAC, SE);
data/ckermit-305~alpha02/ckuath.c:3084:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(&buf[k4_auth.length+7], "%c%c", IAC, SE);
data/ckermit-305~alpha02/ckuath.c:3271:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(&buf[gss_send_tok.length+7], "%c%c", IAC, SE);       /* safe */
data/ckermit-305~alpha02/ckuath.c:3310:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf((char *)&buf[k5_auth.length+7], "%c%c", IAC, SE); /* safe */
data/ckermit-305~alpha02/ckuath.c:3556:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(szUserNameRequested,&parsedat[2],len);           /* safe */
data/ckermit-305~alpha02/ckuath.c:3701:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[PWD_SZ];
data/ckermit-305~alpha02/ckuath.c:3702:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prompt[256];
data/ckermit-305~alpha02/ckuath.c:3791:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char instance[INST_SZ+1]="";
data/ckermit-305~alpha02/ckuath.c:3793:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tgt[4*REALM_SZ+1];
data/ckermit-305~alpha02/ckuath.c:3819:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(strTmp, "Can't find realm for host \"");
data/ckermit-305~alpha02/ckuath.c:3849:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(strTmp, "Can't get \"");
data/ckermit-305~alpha02/ckuath.c:3924:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(strTmp, "Authentication rejected by remote machine!");
data/ckermit-305~alpha02/ckuath.c:4080:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char realm[REALM_SZ+1];
data/ckermit-305~alpha02/ckuath.c:4081:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char instance[INST_SZ];
data/ckermit-305~alpha02/ckuath.c:4112:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((void *)k4_auth.dat, (void *)data, k4_auth.length);
data/ckermit-305~alpha02/ckuath.c:4153:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)k4_session_key, (void *)k4_adat.session,
data/ckermit-305~alpha02/ckuath.c:4209:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)datablock, (void *)data, sizeof(Block)); /* safe */
data/ckermit-305~alpha02/ckuath.c:4277:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)datablock, (void *)data, sizeof(Block)); /* safe */
data/ckermit-305~alpha02/ckuath.c:4370:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[PWD_SZ];
data/ckermit-305~alpha02/ckuath.c:4371:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prompt[64];
data/ckermit-305~alpha02/ckuath.c:4470:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cc_tmp[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuath.c:4494:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[128];
data/ckermit-305~alpha02/ckuath.c:4518:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[128];
data/ckermit-305~alpha02/ckuath.c:4615:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type_check[32];
data/ckermit-305~alpha02/ckuath.c:4619:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tgt[256];
data/ckermit-305~alpha02/ckuath.c:4678:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(szUserName,
data/ckermit-305~alpha02/ckuath.c:4691:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(szUserName,name,len);    /* safe */
data/ckermit-305~alpha02/ckuath.c:4891:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(s, data, cnt);           /* safe */
data/ckermit-305~alpha02/ckuath.c:4969:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(s,data,cnt);
data/ckermit-305~alpha02/ckuath.c:5101:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(s, data, cnt);
data/ckermit-305~alpha02/ckuath.c:5118:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char tls_verify[24];
data/ckermit-305~alpha02/ckuath.c:5239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errbuf[128]="";
data/ckermit-305~alpha02/ckuath.c:5249:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char princ[256]="";
data/ckermit-305~alpha02/ckuath.c:5341:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char type_check[26];
data/ckermit-305~alpha02/ckuath.c:5368:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(princ,
data/ckermit-305~alpha02/ckuath.c:5398:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char type_check[26];
data/ckermit-305~alpha02/ckuath.c:5446:24:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                (void) strcpy(errbuf,
data/ckermit-305~alpha02/ckuath.c:5458:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char tls_verify[24];
data/ckermit-305~alpha02/ckuath.c:5847:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tgt[256];
data/ckermit-305~alpha02/ckuath.c:5953:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(s, data, cnt);           /* safe */
data/ckermit-305~alpha02/ckuath.c:5971:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(s,data,cnt);
data/ckermit-305~alpha02/ckuath.c:6052:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gbuf[GSS_BUFSIZ];
data/ckermit-305~alpha02/ckuath.c:6054:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localname[MAXHOSTNAMELEN];
data/ckermit-305~alpha02/ckuath.c:6055:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char service_name[MAXHOSTNAMELEN+10];
data/ckermit-305~alpha02/ckuath.c:6315:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type_check[26];
data/ckermit-305~alpha02/ckuath.c:6341:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(str,data,cnt);
data/ckermit-305~alpha02/ckuath.c:6458:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char preface[128];
data/ckermit-305~alpha02/ckuath.c:6544:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type_check[26];
data/ckermit-305~alpha02/ckuath.c:6546:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type_check[2];
data/ckermit-305~alpha02/ckuath.c:6683:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, ts->n.data, ts->n.len);     /* safe */
data/ckermit-305~alpha02/ckuath.c:6688:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, ts->g.data, ts->g.len);     /* safe */
data/ckermit-305~alpha02/ckuath.c:6693:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, ts->s.data, ts->s.len);     /* safe */
data/ckermit-305~alpha02/ckuath.c:6914:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char preface[128];
data/ckermit-305~alpha02/ckuath.c:6943:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char type_check[26];
data/ckermit-305~alpha02/ckuath.c:7039:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(str,data,cnt);
data/ckermit-305~alpha02/ckuath.c:7069:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type_check[26];
data/ckermit-305~alpha02/ckuath.c:7144:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, pass->tc.modulus.data, pass->tc.modulus.len);
data/ckermit-305~alpha02/ckuath.c:7149:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, pass->tc.generator.data, pass->tc.generator.len);
data/ckermit-305~alpha02/ckuath.c:7154:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, pass->tp.salt.data, pass->tp.salt.len);
data/ckermit-305~alpha02/ckuath.c:7396:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                 (char *)prompts[i].prompt,
data/ckermit-305~alpha02/ckuath.c:7720:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const char  *names[4];
data/ckermit-305~alpha02/ckuath.c:7777:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(realm,krb5_princ_realm(kcontext, me)->data,
data/ckermit-305~alpha02/ckuath.c:7804:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(realm,name,len); /* safe */
data/ckermit-305~alpha02/ckuath.c:7812:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char princ_realm[256];
data/ckermit-305~alpha02/ckuath.c:7847:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(principal,name,len);     /* safe */
data/ckermit-305~alpha02/ckuath.c:7852:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char princ_realm[256];
data/ckermit-305~alpha02/ckuath.c:8006:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
data/ckermit-305~alpha02/ckuath.c:8012:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(addrs[i]->contents,local_addrs[i]->contents,
data/ckermit-305~alpha02/ckuath.c:8026:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
data/ckermit-305~alpha02/ckuath.c:8031:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(addrs[i]->contents,&ipaddr,4);   /* safe */
data/ckermit-305~alpha02/ckuath.c:8056:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char prmpt[256];
data/ckermit-305~alpha02/ckuath.c:8102:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char prmpt[256];
data/ckermit-305~alpha02/ckuath.c:8133:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char prmpt[256];
data/ckermit-305~alpha02/ckuath.c:8540:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmp[BUFSIZ];
data/ckermit-305~alpha02/ckuath.c:8567:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ]; /* hopefully large enough for any type */
data/ckermit-305~alpha02/ckuath.c:8827:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[12];
data/ckermit-305~alpha02/ckuath.c:8876:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[32];
data/ckermit-305~alpha02/ckuath.c:8929:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timestring[BUFSIZ];
data/ckermit-305~alpha02/ckuath.c:8930:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[12];
data/ckermit-305~alpha02/ckuath.c:8934:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(format,"%%-%ds",timestamp_width);   /* safe */
data/ckermit-305~alpha02/ckuath.c:9208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    aname[ANAME_SZ+1];
data/ckermit-305~alpha02/ckuath.c:9209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    inst[INST_SZ+1];
data/ckermit-305~alpha02/ckuath.c:9210:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    realm[REALM_SZ+1];
data/ckermit-305~alpha02/ckuath.c:9212:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    passwd[80]="";
data/ckermit-305~alpha02/ckuath.c:9280:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char prmpt[80];
data/ckermit-305~alpha02/ckuath.c:9414:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timestring[BUFSIZ];
data/ckermit-305~alpha02/ckuath.c:9415:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[12];
data/ckermit-305~alpha02/ckuath.c:9419:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(format,"%%-%ds",timestamp_width);   /* safe */
data/ckermit-305~alpha02/ckuath.c:9432:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    pname[ANAME_SZ];
data/ckermit-305~alpha02/ckuath.c:9433:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    pinst[INST_SZ];
data/ckermit-305~alpha02/ckuath.c:9434:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    prealm[REALM_SZ];
data/ckermit-305~alpha02/ckuath.c:9435:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    buf1[20], buf2[20];
data/ckermit-305~alpha02/ckuath.c:9630:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char serv[SNAME_SZ];
data/ckermit-305~alpha02/ckuath.c:9631:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char inst[INST_SZ];
data/ckermit-305~alpha02/ckuath.c:9632:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rlm[REALM_SZ];
data/ckermit-305~alpha02/ckuath.c:9633:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[8];
data/ckermit-305~alpha02/ckuath.c:9644:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((stab = open(file, O_RDONLY, 0400)) < 0) {
data/ckermit-305~alpha02/ckuath.c:9742:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    pname[ANAME_SZ];
data/ckermit-305~alpha02/ckuath.c:9743:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    pinst[INST_SZ];
data/ckermit-305~alpha02/ckuath.c:9744:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    prealm[REALM_SZ];
data/ckermit-305~alpha02/ckuath.c:9745:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    buf1[20], buf2[20];
data/ckermit-305~alpha02/ckuath.c:9814:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tkt_buf[256];
data/ckermit-305~alpha02/ckuath.c:9871:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    pname[ANAME_SZ];
data/ckermit-305~alpha02/ckuath.c:9872:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    pinst[INST_SZ];
data/ckermit-305~alpha02/ckuath.c:9873:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    prealm[REALM_SZ];
data/ckermit-305~alpha02/ckuath.c:9874:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    buf1[20], buf2[20];
data/ckermit-305~alpha02/ckuath.c:9946:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tkt_buf[256];
data/ckermit-305~alpha02/ckuath.c:9966:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    extern char myipaddr[20];       /* From ckcnet.c */
data/ckermit-305~alpha02/ckuath.c:9969:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char buf[60];
data/ckermit-305~alpha02/ckuath.c:10042:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tgt[256];
data/ckermit-305~alpha02/ckuath.c:10065:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    pname[ANAME_SZ];
data/ckermit-305~alpha02/ckuath.c:10066:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    pinst[INST_SZ];
data/ckermit-305~alpha02/ckuath.c:10067:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    prealm[REALM_SZ];
data/ckermit-305~alpha02/ckuath.c:10068:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    buf1[20], buf2[20];
data/ckermit-305~alpha02/ckuath.c:10128:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tkt_buf[256];
data/ckermit-305~alpha02/ckuath.c:10160:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char realm[256]="";
data/ckermit-305~alpha02/ckuath.c:10205:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char principal[256]="";
data/ckermit-305~alpha02/ckuath.c:10206:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        instance[256]="";
data/ckermit-305~alpha02/ckuath.c:10207:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        realm[256]="";
data/ckermit-305~alpha02/ckuath.c:10742:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tgt[256];
data/ckermit-305~alpha02/ckuath.c:10911:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char cc_name[CKMAXPATH+1]="";
data/ckermit-305~alpha02/ckuath.c:10969:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char realm[256]="";
data/ckermit-305~alpha02/ckuath.c:10997:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(realm,krb5_princ_realm(kcontext, me)->data,
data/ckermit-305~alpha02/ckuath.c:11026:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char principal[UIDBUFLEN+1]="";
data/ckermit-305~alpha02/ckuath.c:11316:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tgt[256];
data/ckermit-305~alpha02/ckuath.c:11612:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tgt[4*REALM_SZ+1];
data/ckermit-305~alpha02/ckuath.c:11617:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(strTmp, "Can't find realm for host \"");
data/ckermit-305~alpha02/ckuath.c:11796:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf, store_ptr, len);        /* safe */
data/ckermit-305~alpha02/ckuath.c:11804:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf, store_ptr, nstored);    /* safe */
data/ckermit-305~alpha02/ckuath.c:11926:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, store_ptr, len);            /* safe */
data/ckermit-305~alpha02/ckuath.c:11931:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, store_ptr, nstored);        /* safe */
data/ckermit-305~alpha02/ckuath.c:11945:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[2*RLOG_BUFSIZ+8];
data/ckermit-305~alpha02/ckuath.c:11966:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (tmpbuf + 4, buf, len);
data/ckermit-305~alpha02/ckuath.c:12045:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf, store_ptr, len);        /* safe */
data/ckermit-305~alpha02/ckuath.c:12054:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf, store_ptr, nstored);    /* safe */
data/ckermit-305~alpha02/ckuath.c:12174:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, store_ptr, len);            /* safe */
data/ckermit-305~alpha02/ckuath.c:12179:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, store_ptr, nstored);        /* safe */
data/ckermit-305~alpha02/ckuath.c:12194:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char garbage_buf[8];
data/ckermit-305~alpha02/ckuath.c:12219:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        (void) memcpy(garbage_buf + 8 - len, buf, len); /* safe */
data/ckermit-305~alpha02/ckuath.c:12610:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, store_ptr, len);        /* safe */
data/ckermit-305~alpha02/ckuath.c:12615:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, store_ptr, nstored);    /* safe */
data/ckermit-305~alpha02/ckuath.c:12626:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, msg.data, msg.length);
data/ckermit-305~alpha02/ckuath.c:12630:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, msg.data, len);
data/ckermit-305~alpha02/ckuath.c:12636:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(storage,msg.data+len,nstored);
data/ckermit-305~alpha02/ckuath.c:12796:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auth_file = fopen (auth_name, "rb");
data/ckermit-305~alpha02/ckuath.c:12855:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char   file_short[2];
data/ckermit-305~alpha02/ckuath.c:12941:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char   file_short[2];
data/ckermit-305~alpha02/ckuath.c:13036:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cp, krb5_princ_realm(princ)->data, rlen);    /* safe */
data/ckermit-305~alpha02/ckuath.c:13046:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(cp, pdata, plen);                        /* safe */
data/ckermit-305~alpha02/ckuath.c:13090:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(krb5_princ_realm(*princ)->data, cp, rlen);   /* safe */
data/ckermit-305~alpha02/ckuath.c:13124:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pdata, cp, plen);        /* safe */
data/ckermit-305~alpha02/ckuath.c:13296:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(uidbuf,"(unknown)");
data/ckermit-305~alpha02/ckuath.c:13300:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(uidbuf,"(other)");
data/ckermit-305~alpha02/ckuath.h:162:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * addrs[KRB5_NUM_OF_ADDRS+1];  /* List of IP Addresses */
data/ckermit-305~alpha02/ckucmd.c:276:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cmdefault[CMDEFAULT+1];
data/ckermit-305~alpha02/ckucmd.c:312:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char cmdbuf[CMDBL+4];                   /* Command buffer */
data/ckermit-305~alpha02/ckucmd.c:313:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char savbuf[CMDBL+4];                   /* Buffer to save copy of command */
data/ckermit-305~alpha02/ckucmd.c:314:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char atmbuf[ATMBL+4];                   /* Atom buffer */
data/ckermit-305~alpha02/ckucmd.c:315:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char atxbuf[CMDBL+4];                   /* For expanding the atom buffer */
data/ckermit-305~alpha02/ckucmd.c:316:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char prevcmd[CMDBL+4];			/* For displaying the last command */
data/ckermit-305~alpha02/ckucmd.c:317:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char atybuf[ATMBL+4];		/* For copying atom buffer */
data/ckermit-305~alpha02/ckucmd.c:318:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char filbuf[ATMBL+4];		/* File name buffer */
data/ckermit-305~alpha02/ckucmd.c:319:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cmprom[PROMPTL+1];		/* Program's prompt */
data/ckermit-305~alpha02/ckucmd.c:320:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cmprxx[PROMPTL+1];		/* Program's prompt, unevaluated */
data/ckermit-305~alpha02/ckucmd.c:326:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ppvnambuf[PPVLEN+1] = { NUL, NUL };
data/ckermit-305~alpha02/ckucmd.c:643:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filbuf[CKMAXPATH + 1];		/* Temp buffer for one filename */
data/ckermit-305~alpha02/ckucmd.c:1007:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *c[3];				/* stack for pointers */
data/ckermit-305~alpha02/ckucmd.c:1008:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *b[8];				/* stack for buffer contents */
data/ckermit-305~alpha02/ckucmd.c:1013:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *cmp_c[CMDDEP+1][5];		/* for misc pointers */
data/ckermit-305~alpha02/ckucmd.c:1014:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *cmp_b[CMDDEP+1][7];		/* for buffer contents pointers */
data/ckermit-305~alpha02/ckucmd.c:1939:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmpbuf[600];
data/ckermit-305~alpha02/ckucmd.c:2037:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    char rb[2] = "]";
data/ckermit-305~alpha02/ckucmd.c:2457:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	      strcat(*xp, ".*");	/* abc -> abc*.* */
data/ckermit-305~alpha02/ckucmd.c:2533:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char localfn[CKMAXPATH+1];
data/ckermit-305~alpha02/ckucmd.c:2796:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	      strcat(*xp, ".*");	/* abc -> abc*.* */
data/ckermit-305~alpha02/ckucmd.c:3700:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char cmdatebuf[CMDATEBUF+4] = { NUL, NUL };
data/ckermit-305~alpha02/ckucmd.c:3792:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char deltabuf[DELTABUF];
data/ckermit-305~alpha02/ckucmd.c:3802:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datebuf[DATEBUFLEN+1];
data/ckermit-305~alpha02/ckucmd.c:3885:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(datebuf,"%04d%02d%02d %02d:%02d:%02d",yy,mo,dd,hh,mm,ss);
data/ckermit-305~alpha02/ckucmd.c:3932:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/ckermit-305~alpha02/ckucmd.c:3963:11:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ddays = atol(p);
data/ckermit-305~alpha02/ckucmd.c:3969:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dhours = atoi(p);	/* so it's hours */
data/ckermit-305~alpha02/ckucmd.c:3972:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dhours = atoi(p);	/* it's still hours */
data/ckermit-305~alpha02/ckucmd.c:3997:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    ddays = atol(p);
data/ckermit-305~alpha02/ckucmd.c:4013:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dhours = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:4016:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dhours = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:4024:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dmins = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:4027:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dmins = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:4035:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dsecs = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:4038:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		dsecs = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:4091:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * fld[8], * p = "", * p2, * p3; /* Assorted buffers and pointers  */
data/ckermit-305~alpha02/ckucmd.c:4096:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[16];
data/ckermit-305~alpha02/ckucmd.c:4097:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xbuf[DATEBUFLEN+1];
data/ckermit-305~alpha02/ckucmd.c:4098:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ybuf[DATEBUFLEN+1];
data/ckermit-305~alpha02/ckucmd.c:4099:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char zbuf[DATEBUFLEN+1];
data/ckermit-305~alpha02/ckucmd.c:4100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char yyyymmdd[YYYYMMDD];
data/ckermit-305~alpha02/ckucmd.c:4101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbuf[26];
data/ckermit-305~alpha02/ckucmd.c:4102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char daybuf[3];
data/ckermit-305~alpha02/ckucmd.c:4103:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char monbuf[3];
data/ckermit-305~alpha02/ckucmd.c:4104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char yearbuf[5];
data/ckermit-305~alpha02/ckucmd.c:4105:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timbuf[16], *tb, cc;
data/ckermit-305~alpha02/ckucmd.c:4147:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    hh = atoi(&dbuf[11]);
data/ckermit-305~alpha02/ckucmd.c:4148:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    mm = atoi(&dbuf[14]);
data/ckermit-305~alpha02/ckucmd.c:4149:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    ss = atoi(&dbuf[17]);
data/ckermit-305~alpha02/ckucmd.c:4159:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nday = atoi(daybuf);
data/ckermit-305~alpha02/ckucmd.c:4411:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	nday = atoi(daybuf);
data/ckermit-305~alpha02/ckucmd.c:4532:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	hh = atoi(&dbuf[11]);
data/ckermit-305~alpha02/ckucmd.c:4533:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	mm = atoi(&dbuf[14]);
data/ckermit-305~alpha02/ckucmd.c:4534:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ss = atoi(&dbuf[17]);
data/ckermit-305~alpha02/ckucmd.c:4593:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmpbuf,"%02d",x);
data/ckermit-305~alpha02/ckucmd.c:4612:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    f0 = atoi(fld[0]);
data/ckermit-305~alpha02/ckucmd.c:4613:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    f1 = atoi(fld[1]);
data/ckermit-305~alpha02/ckucmd.c:4645:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	tmpyear = atoi(fld[2]);
data/ckermit-305~alpha02/ckucmd.c:4665:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    x = atoi(month);
data/ckermit-305~alpha02/ckucmd.c:4666:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmpbuf,"%02d",x);		/* 2-digit numeric month */
data/ckermit-305~alpha02/ckucmd.c:4692:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	nday = atoi(daybuf);
data/ckermit-305~alpha02/ckucmd.c:4707:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    x = atoi(month);
data/ckermit-305~alpha02/ckucmd.c:4713:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nday  = atoi(day);
data/ckermit-305~alpha02/ckucmd.c:4715:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (x == 2) if (isleap(atoi(year))) i++;
data/ckermit-305~alpha02/ckucmd.c:4722:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(zbuf,"%04d%02d%02d",atoi(year),atoi(month),nday);	
data/ckermit-305~alpha02/ckucmd.c:4722:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	sprintf(zbuf,"%04d%02d%02d",atoi(year),atoi(month),nday);	
data/ckermit-305~alpha02/ckucmd.c:4722:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	sprintf(zbuf,"%04d%02d%02d",atoi(year),atoi(month),nday);	
data/ckermit-305~alpha02/ckucmd.c:4887:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		nday = atoi(daybuf);
data/ckermit-305~alpha02/ckucmd.c:5005:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ddays = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:5011:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ddays = atoi(p) * 7;   /* weeks... */
data/ckermit-305~alpha02/ckucmd.c:5017:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dmonths = atoi(p); /* months... */
data/ckermit-305~alpha02/ckucmd.c:5023:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dyears = atoi(p); /* years... */
data/ckermit-305~alpha02/ckucmd.c:5029:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dhours = atoi(p);  /* so it's hours */
data/ckermit-305~alpha02/ckucmd.c:5032:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dhours = atoi(p);  /* it's still hours */
data/ckermit-305~alpha02/ckucmd.c:5061:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			    ddays = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:5064:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			    ddays = atoi(p) * 7;
data/ckermit-305~alpha02/ckucmd.c:5067:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			    dmonths = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:5070:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			    dyears = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:5086:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dhours = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:5089:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dhours = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:5097:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dmins = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:5100:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dmins = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:5108:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dsecs = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:5111:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			dsecs = atoi(p);
data/ckermit-305~alpha02/ckucmd.c:5227:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	nday = atoi(daybuf);
data/ckermit-305~alpha02/ckucmd.c:5229:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(zbuf,"%04d%02d%02d %02d:%02d:%02d", /* SAFE */
data/ckermit-305~alpha02/ckucmd.c:5230:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    atoi(year),atoi(month),nday,hh,mm,ss
data/ckermit-305~alpha02/ckucmd.c:5230:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    atoi(year),atoi(month),nday,hh,mm,ss
data/ckermit-305~alpha02/ckucmd.c:5260:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	nday = atoi(daybuf);
data/ckermit-305~alpha02/ckucmd.c:5263:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	hh = atoi(&dp[9]);
data/ckermit-305~alpha02/ckucmd.c:5264:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	mm = atoi(&dp[12]);
data/ckermit-305~alpha02/ckucmd.c:5265:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ss = atoi(&dp[15]);
data/ckermit-305~alpha02/ckucmd.c:5291:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (!(dp = cmdelta(atoi(year),
data/ckermit-305~alpha02/ckucmd.c:5292:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    atoi(month),
data/ckermit-305~alpha02/ckucmd.c:5341:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char d1buf[9], d2buf[9];
data/ckermit-305~alpha02/ckucmd.c:5342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char x1buf[18], x2buf[18];
data/ckermit-305~alpha02/ckucmd.c:5350:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char result[24], *rp;
data/ckermit-305~alpha02/ckucmd.c:5370:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    hh1 = atoi(&d1[9]);			/* Get hours, minutes, and seconds */
data/ckermit-305~alpha02/ckucmd.c:5371:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    mm1 = atoi(&d1[12]);		/* for first date */
data/ckermit-305~alpha02/ckucmd.c:5372:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ss1 = atoi(&d1[15]);
data/ckermit-305~alpha02/ckucmd.c:5375:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    hh2 = atoi(&d2[9]);			/* ditto for second date */
data/ckermit-305~alpha02/ckucmd.c:5376:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    mm2 = atoi(&d2[12]);
data/ckermit-305~alpha02/ckucmd.c:5377:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ss2 = atoi(&d2[15]);
data/ckermit-305~alpha02/ckucmd.c:5412:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(rp,"%ldd",jd);
data/ckermit-305~alpha02/ckucmd.c:5415:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(rp,"%d:%02d",hh,mm);
data/ckermit-305~alpha02/ckucmd.c:5417:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(rp,"%d:%02d:%02d",hh,mm,ss);
data/ckermit-305~alpha02/ckucmd.c:5420:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(rp,"%ldd%d:%02d",jd,hh,mm);
data/ckermit-305~alpha02/ckucmd.c:5422:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(rp,"%ldd%d:%02d:%02d",jd,hh,mm,ss);
data/ckermit-305~alpha02/ckucmd.c:5447:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ibuf[32];
data/ckermit-305~alpha02/ckucmd.c:5448:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char obuf[128];
data/ckermit-305~alpha02/ckucmd.c:5452:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char monthbuf[MONTHBUFLEN];
data/ckermit-305~alpha02/ckucmd.c:5491:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	mm = atoi(&ibuf[4]);		/* Month */
data/ckermit-305~alpha02/ckucmd.c:5561:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    yy = atoi(ibuf);
data/ckermit-305~alpha02/ckucmd.c:5569:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    mm = atoi(&ibuf[4]);
data/ckermit-305~alpha02/ckucmd.c:5577:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dd = atoi(&ibuf[6]);
data/ckermit-305~alpha02/ckucmd.c:5860:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(s, disp ? "a" : "w");
data/ckermit-305~alpha02/ckucns.c:150:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char learnbuf[LEARNBUFSIZ] = { NUL, NUL };
data/ckermit-305~alpha02/ckucns.c:226:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ecbuf[10], *ecbp;		/* Escape char buffer & pointer */
data/ckermit-305~alpha02/ckucns.c:251:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ibuf[IBUFL], obuf[OBUFL], temp[TMPLEN];
data/ckermit-305~alpha02/ckucns.c:255:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tnopt[4];
data/ckermit-305~alpha02/ckucns.c:439:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char escbuf[ESCBUFLEN+1] = { NUL, NUL };
data/ckermit-305~alpha02/ckucns.c:836:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char kbuf[KBUFL];
data/ckermit-305~alpha02/ckucns.c:996:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xbuf[8];
data/ckermit-305~alpha02/ckucns.c:1005:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[LEARNBUFSIZ];
data/ckermit-305~alpha02/ckucns.c:1098:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cbuf[2];			/* Ditto */
data/ckermit-305~alpha02/ckucns.c:2618:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(temp,"Speed %ld", speed);
data/ckermit-305~alpha02/ckucns.c:2623:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(temp," Terminal bytesize: %d", (cmask == 0177) ? 7 : 8);
data/ckermit-305~alpha02/ckucns.c:2625:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(temp," Command bytesize: %d", (cmdmsk == 0177) ? 7 : 8);
data/ckermit-305~alpha02/ckucon.c:181:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ecbuf[10], *ecbp;		/* Escape char buffer & pointer */
data/ckermit-305~alpha02/ckucon.c:206:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ibuf[IBUFL], obuf[OBUFL], temp[TMPLEN];
data/ckermit-305~alpha02/ckucon.c:226:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char x25ibuf[MAXIX25];			/* Input buffer */
data/ckermit-305~alpha02/ckucon.c:227:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char x25obuf[MAXOX25];			/* Output buffer */
data/ckermit-305~alpha02/ckucon.c:864:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char kbuf[KBUFL];
data/ckermit-305~alpha02/ckucon.c:2591:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(temp,"Speed %ld", speed);
data/ckermit-305~alpha02/ckucon.c:2596:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(temp," Terminal bytesize: %d", (cmask  == 0177) ? 7 : 8);
data/ckermit-305~alpha02/ckucon.c:2598:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(temp," Command bytesize: %d", (cmdmsk == 0177) ? 7 : 8 );
data/ckermit-305~alpha02/ckudia.c:244:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char modemmsg[128] = { NUL, NUL };	/* DIAL response from modem */
data/ckermit-305~alpha02/ckudia.c:308:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *dialdir[MAXDDIR];			/* DIAL DIRECTORY filename array */
data/ckermit-305~alpha02/ckudia.c:4412:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char lbuf[LBUFL+4];
data/ckermit-305~alpha02/ckudia.c:4413:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char modemmsg[LBUFL+4] = { NUL, NUL };	/* DIAL response from modem */
data/ckermit-305~alpha02/ckudia.c:4420:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char rbuf[RBUFL+1];
data/ckermit-305~alpha02/ckudia.c:4428:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char fbuf[FULLNUML];
data/ckermit-305~alpha02/ckudia.c:4444:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf2[16];
data/ckermit-305~alpha02/ckudia.c:4488:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(p,"LOGDIAL BUFFER OVERFLOW");
data/ckermit-305~alpha02/ckudia.c:4935:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char * pp[MAXPBXEXCH+2];
data/ckermit-305~alpha02/ckudia.c:5106:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char xbuf[200];
data/ckermit-305~alpha02/ckudia.c:5586:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tbcmdbuf[64];		/* Command buffer */
data/ckermit-305~alpha02/ckudia.c:5591:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	      sprintf(tbcmdbuf,"APM1;KMC%d\015",stchr);	/* safe */
data/ckermit-305~alpha02/ckudia.c:5593:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	      sprintf(tbcmdbuf,"APM0\015"); /* safe */
data/ckermit-305~alpha02/ckudia.c:5603:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tbcmdbuf,"ATS111=0\015"); /* safe */
data/ckermit-305~alpha02/ckudia.c:5613:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tbcmdbuf,"ATS111=%d S112=%d\015",r,stchr); /* safe */
data/ckermit-305~alpha02/ckudia.c:5636:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(lbuf,"ATM1L%d%c",mdmvol,13); /* safe */
data/ckermit-305~alpha02/ckudia.c:5638:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(lbuf,"ATM0%c",13);	/* safe */
data/ckermit-305~alpha02/ckudia.c:5785:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(lbuf,
data/ckermit-305~alpha02/ckudia.c:5789:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	      sprintf(lbuf,"ATS7=%d%c",mdmwait,13); /* safe */
data/ckermit-305~alpha02/ckudia.c:6433:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errmsg[ERMSGL], *erp;		/* For error messages */
data/ckermit-305~alpha02/ckudia.c:6577:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(erp,"Sorry, can't open device");
data/ckermit-305~alpha02/ckudia.c:6603:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	      sprintf(erp,"Sorry, can't reopen device");
data/ckermit-305~alpha02/ckudia.c:7174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nbuf[NBUFL+1];			/* Response buffer */
data/ckermit-305~alpha02/ckudia.c:7224:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	i = atoi(nbuf);	/* Convert to integer */
data/ckermit-305~alpha02/ckudia.c:7255:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    if (mymdmtyp == n_MICROLINK && atoi(diallcc) == 49 && dialdpy)
data/ckermit-305~alpha02/ckudia.c:7271:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    if (mymdmtyp == n_MICROLINK && atoi(diallcc) == 41 && dialdpy)
data/ckermit-305~alpha02/ckudia.c:7872:17:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      conspd = atol(cptr + 8);   /* CONNECT nnnn */
data/ckermit-305~alpha02/ckufio.c:275:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char iksdmsg[IKSDMSGLEN];
data/ckermit-305~alpha02/ckufio.c:512:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char guestpass[GUESTPASS] = { NUL, NUL }; /* Anonymous "password" */
data/ckermit-305~alpha02/ckufio.c:521:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ckroot[CKMAXPATH+1] = { NUL, NUL };
data/ckermit-305~alpha02/ckufio.c:623:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[PAM_MAX_MSG_SIZE];
data/ckermit-305~alpha02/ckufio.c:644:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                readpass((char *)msg[i]->msg,message,PAM_MAX_MSG_SIZE);
data/ckermit-305~alpha02/ckufio.c:647:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            readtext((char *)msg[i]->msg,message,PAM_MAX_MSG_SIZE);
data/ckermit-305~alpha02/ckufio.c:894:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char sspace[SSPACE];             /* Buffer for generating filenames */
data/ckermit-305~alpha02/ckufio.c:929:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char npart[MAXNAMLEN+4];            /* name part of path segment */
data/ckermit-305~alpha02/ckufio.c:970:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fullname[CKMAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:971:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tmp2[CKMAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:1031:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ut_line[UT_LINESIZE];            /* NUL-terminated devicename of tty */
data/ckermit-305~alpha02/ckufio.c:1032:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ut_id[4];                        /* Inittab id */
data/ckermit-305~alpha02/ckufio.c:1033:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ut_user[UT_NAMESIZE];            /* Username (not NUL terminated) */
data/ckermit-305~alpha02/ckufio.c:1035:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ut_host[UT_HOSTSIZE];            /* Hostname for remote login */
data/ckermit-305~alpha02/ckufio.c:1040:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pad[20];                         /* Reserved */
data/ckermit-305~alpha02/ckufio.c:1108:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cksysline[32] = { NUL, NUL };
data/ckermit-305~alpha02/ckufio.c:1156:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!wtmpfd && (wtmpfd = open(wtmpfile, O_WRONLY|O_APPEND, 0)) < 0) {
data/ckermit-305~alpha02/ckufio.c:1264:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char startupdir[MAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:1291:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char nambuf[CKMAXPATH+4];        /* Buffer for a pathname */
data/ckermit-305~alpha02/ckufio.c:1295:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char zmbuf[ZMBUFLEN];		/* For mail, remote print strings */
data/ckermit-305~alpha02/ckufio.c:1392:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            xferlog = open(xferfile, O_WRONLY | O_APPEND | O_CREAT, 0660);
data/ckermit-305~alpha02/ckufio.c:1454:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp[n] = fopen(name,"r");            /* Real file, open it. */
data/ckermit-305~alpha02/ckufio.c:1503:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char p[8];
data/ckermit-305~alpha02/ckufio.c:1587:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(name,O_WRONLY|flags,0600);
data/ckermit-305~alpha02/ckufio.c:1601:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fp[n] = fopen(name,p);		/* Try to open the file */
data/ckermit-305~alpha02/ckufio.c:2267:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char linkname[CKMAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:2276:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnam[CKMAXPATH+4];
data/ckermit-305~alpha02/ckufio.c:2594:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(name,O_WRONLY|O_CREAT|flags,0600);
data/ckermit-305~alpha02/ckufio.c:2632:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(s,"./");
data/ckermit-305~alpha02/ckufio.c:2747:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[CKMAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:2793:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[CKMAXPATH+1];          /* New temporary buffer on stack */
data/ckermit-305~alpha02/ckufio.c:2862:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char work[CKMAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:2915:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[CKMAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:3167:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cwdbuf[CWDBL+2];
data/ckermit-305~alpha02/ckufio.c:3326:16:  [2] (race) vfork:
  On some old systems, vfork() permits race conditions, and it's very
  difficult to use correctly (CWE-362). Use fork() instead.
         pid = vfork()                  /* child */
data/ckermit-305~alpha02/ckufio.c:3352:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (open("/dev/null",0) < 0) return(0); /* replace input by null */
data/ckermit-305~alpha02/ckufio.c:3608:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnbuf[CKMAXPATH+8], * fn, * p;
data/ckermit-305~alpha02/ckufio.c:3906:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		return(atoi(&fn[i+1]));
data/ckermit-305~alpha02/ckufio.c:3943:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char znewbuf[ZNEWNBL+12];
data/ckermit-305~alpha02/ckufio.c:4023:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            t = atoi(xp+buflen+2);      /* Get number */
data/ckermit-305~alpha02/ckufio.c:4026:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf+buflen,".~%d~",d+1); /* Yes, make "name.~<d+1>~" */
data/ckermit-305~alpha02/ckufio.c:4031:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf2[ZNEWNBL+12];
data/ckermit-305~alpha02/ckufio.c:4047:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            t = atoi(xp+xlen+2);        /* Get number */
data/ckermit-305~alpha02/ckufio.c:4053:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf2+xlen,".~%d~",d+1); /* This just fits */
data/ckermit-305~alpha02/ckufio.c:4199:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];                     /* File copying buffer */
data/ckermit-305~alpha02/ckufio.c:4294:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = open(src, O_RDONLY, 0);        /* Open source file */
data/ckermit-305~alpha02/ckufio.c:4299:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        out = open(dst, O_WRONLY|O_CREAT|O_TRUNC, perms);
data/ckermit-305~alpha02/ckufio.c:4301:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        out = open(dst, O_WRONLY|O_CREAT, perms);
data/ckermit-305~alpha02/ckufio.c:4373:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gperms[2];
data/ckermit-305~alpha02/ckufio.c:4377:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char lperms[24];
data/ckermit-305~alpha02/ckufio.c:4380:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char xlperms[24];
data/ckermit-305~alpha02/ckufio.c:4440:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s,"%o",buf.st_mode);
data/ckermit-305~alpha02/ckufio.c:4447:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char xsperms[24];
data/ckermit-305~alpha02/ckufio.c:4655:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(lperms,"%o",buf.st_mode & 0777);
data/ckermit-305~alpha02/ckufio.c:4688:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char datbuf[40];
data/ckermit-305~alpha02/ckufio.c:4874:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[5];
data/ckermit-305~alpha02/ckufio.c:4970:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      timezone = atoi(&tz[3]);          /* Set 'timezone'. */
data/ckermit-305~alpha02/ckufio.c:4983:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    n = atoi(s);
data/ckermit-305~alpha02/ckufio.c:5001:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        n = atoi(s);
data/ckermit-305~alpha02/ckufio.c:5118:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char zltimbuf[64];
data/ckermit-305~alpha02/ckufio.c:5158:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[5];
data/ckermit-305~alpha02/ckufio.c:5222:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    n = atoi(s);
data/ckermit-305~alpha02/ckufio.c:5240:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        n = atoi(s);
data/ckermit-305~alpha02/ckufio.c:5314:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(zltimbuf,"%04d%02d%02d %02d:%02d:%02d",
data/ckermit-305~alpha02/ckufio.c:5432:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char obuf[24];
data/ckermit-305~alpha02/ckufio.c:5439:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(obuf,"%o",sb.st_mode);
data/ckermit-305~alpha02/ckufio.c:5488:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(obuf,"%o",x);
data/ckermit-305~alpha02/ckufio.c:5550:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(obuf,"%04o",sb.st_mode);
data/ckermit-305~alpha02/ckufio.c:5787:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char scratch[MAXPATH+4];         /* Used by both methods */
data/ckermit-305~alpha02/ckufio.c:5918:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(cur->npart, "..");	/* safe */
data/ckermit-305~alpha02/ckufio.c:6007:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(scratch,"./");		/* safe */
data/ckermit-305~alpha02/ckufio.c:6163:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nambuf[MAXNAMLEN+4];           /* Buffer for a filename */
data/ckermit-305~alpha02/ckufio.c:6339:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(sofar,O_RDONLY)) < 0) {
data/ckermit-305~alpha02/ckufio.c:6741:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char realname[UIDBUFLEN+1];  /* user's name */
data/ckermit-305~alpha02/ckufio.c:6743:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loginname[UIDBUFLEN+1], envname[256]; /* temp storage */
data/ckermit-305~alpha02/ckufio.c:6808:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char olddir[BUFLEN+1];
data/ckermit-305~alpha02/ckufio.c:6809:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char oldrealdir[BUFLEN+1];
data/ckermit-305~alpha02/ckufio.c:6810:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char temp[BUFLEN+1];
data/ckermit-305~alpha02/ckufio.c:6987:16:  [2] (race) vfork:
  On some old systems, vfork() permits race conditions, and it's very
  difficult to use correctly (CWE-362). Use fork() instead.
    if ((pid = vfork()) == 0) {         /* Make child quickly */
data/ckermit-305~alpha02/ckufio.c:7159:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char prevpath[CKMAXPATH+4] = { '\0', '\0' };
data/ckermit-305~alpha02/ckufio.c:7175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filbuf[CKMAXPATH+4];
data/ckermit-305~alpha02/ckufio.c:7187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnam[CKMAXPATH+4];
data/ckermit-305~alpha02/ckufio.c:7449:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char zfntmp[MAXPATHLEN+4];
data/ckermit-305~alpha02/ckufio.c:7451:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char zfntmp[CKMAXPATH+4];
data/ckermit-305~alpha02/ckufio.c:7454:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sb[32], * tmp;
data/ckermit-305~alpha02/ckufio.c:7648:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf1[CKMAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:7649:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf2[CKMAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:7652:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char linkname[CKMAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:7723:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckufio.c:7763:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[CKMAXPATH+2];
data/ckermit-305~alpha02/ckufio.c:7909:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char zvuname[64] = { NUL, NUL };
data/ckermit-305~alpha02/ckufio.c:7910:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char zvhome[CKMAXPATH+1] = { NUL, NUL };
data/ckermit-305~alpha02/ckufio.c:7914:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char zenvuser[ZENVUSER];
data/ckermit-305~alpha02/ckufio.c:7915:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char zenvhome[ZENVHOME];
data/ckermit-305~alpha02/ckufio.c:7916:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char zenvlogname[ZENVLOGNAME];
data/ckermit-305~alpha02/ckufio.c:7919:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char pam_data[500];
data/ckermit-305~alpha02/ckufio.c:8113:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[CKXLOGBSIZ];
data/ckermit-305~alpha02/ckufio.c:8140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[CKXLOGBSIZ+1];
data/ckermit-305~alpha02/ckufio.c:8149:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = fopen(userfile ? userfile : _PATH_FTPUSERS, "r");
data/ckermit-305~alpha02/ckufio.c:8199:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char instance[INST_SZ];
data/ckermit-305~alpha02/ckufio.c:8200:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char realm[REALM_SZ];
data/ckermit-305~alpha02/ckufio.c:8201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tkt_file[20];
data/ckermit-305~alpha02/ckufio.c:8222:5:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    bcopy((char *)hp->h_addr, (char *) &faddr, sizeof(faddr));
data/ckermit-305~alpha02/ckufio.c:8417:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(cksysline,"iks_%04x", getpid()); /* safe */
data/ckermit-305~alpha02/ckupty.c:320:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ptyibuf2[BUFSIZ];
data/ckermit-305~alpha02/ckupty.c:321:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char ctlbuf[BUFSIZ];
data/ckermit-305~alpha02/ckupty.c:330:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ptyibuf[BUFSIZ], *ptyip = ptyibuf;
data/ckermit-305~alpha02/ckupty.c:331:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ptyibuf2[BUFSIZ];
data/ckermit-305~alpha02/ckupty.c:480:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *)&termbuf, cp, len);
data/ckermit-305~alpha02/ckupty.c:576:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    con_fd = open("/dev/tty", O_RDWR);
data/ckermit-305~alpha02/ckupty.c:697:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char slavebuf[1024];
data/ckermit-305~alpha02/ckupty.c:748:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    *fd = open("/dev/ptym/clone", O_RDWR|O_NDELAY); /* HPUX */
data/ckermit-305~alpha02/ckupty.c:756:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    *fd = open("/dev/ptmx",O_RDWR|O_NDELAY);
data/ckermit-305~alpha02/ckupty.c:763:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    *fd = open("/dev/ptc", O_RDWR|O_NDELAY); /* AIX */
data/ckermit-305~alpha02/ckupty.c:768:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    *fd = open("/dev/pty", O_RDWR|O_NDELAY); /* sysvimp */
data/ckermit-305~alpha02/ckupty.c:814:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(slavebuf, "/dev/ttyp%x", ptynum); /* safe */
data/ckermit-305~alpha02/ckupty.c:825:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(slavebuf,"/dev/ptyXX"); /* safe */
data/ckermit-305~alpha02/ckupty.c:833:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		*fd = open(slavebuf, O_RDWR|O_NDELAY);
data/ckermit-305~alpha02/ckupty.c:977:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utmp_id[5];
data/ckermit-305~alpha02/ckupty.c:1043:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    *fd = open(slave, O_RDWR);
data/ckermit-305~alpha02/ckupty.c:1052:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    *fd = open(slave, O_RDWR);
data/ckermit-305~alpha02/ckupty.c:1058:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	x = open("/dev/tty", O_RDWR);
data/ckermit-305~alpha02/ckupty.c:1220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utmp_id[5];
data/ckermit-305~alpha02/ckupty.c:1222:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char userbuf[32];
data/ckermit-305~alpha02/ckupty.c:1361:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(UTMP_FILE, O_RDWR)) < 0)
data/ckermit-305~alpha02/ckupty.c:1384:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (tty > 0 && (fd = open(UTMP_FILE, O_WRONLY, 0)) >= 0) {
data/ckermit-305~alpha02/ckupty.c:1461:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) >= 0) {
data/ckermit-305~alpha02/ckupty.c:1529:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char Xline[17] = { 0, 0 };
data/ckermit-305~alpha02/ckupty.c:1731:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    xx = open(s, O_WRONLY);
data/ckermit-305~alpha02/ckupty.c:1735:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    xx = open(s, O_CREAT, 0644);
data/ckermit-305~alpha02/ckuscr.c:117:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char seq_buf[SBUFL+2], *s;	/* expect-send sequence buffer */
data/ckermit-305~alpha02/ckuscr.c:366:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *e, got[7], trace[SBUFL];
data/ckermit-305~alpha02/ckutio.c:315:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char unm_mch[CK_SYSNMLN+1] = { '\0', '\0' };
data/ckermit-305~alpha02/ckutio.c:316:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char unm_mod[CK_SYSNMLN+1] = { '\0', '\0' };
data/ckermit-305~alpha02/ckutio.c:317:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char unm_nam[CK_SYSNMLN+1] = { '\0', '\0' };
data/ckermit-305~alpha02/ckutio.c:318:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char unm_rel[CK_SYSNMLN+1] = { '\0', '\0' };
data/ckermit-305~alpha02/ckutio.c:319:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char unm_ver[CK_SYSNMLN+1] = { '\0', '\0' };
data/ckermit-305~alpha02/ckutio.c:1092:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *initrawq(), *qaddr[2]={0,0};
data/ckermit-305~alpha02/ckutio.c:1137:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char conbuf[CONBUFSIZ];	/* Console readahead buffer */
data/ckermit-305~alpha02/ckutio.c:1141:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cttnam[DEVNAMLEN+1] = { '\0', '\0' }; /* Determined at runtime */
data/ckermit-305~alpha02/ckutio.c:1226:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char msgbuf[MSGBUF_SIZE];
data/ckermit-305~alpha02/ckutio.c:1321:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char lockpid[16] = { '\0', '\0' };	/* PID stored in lockfile, as string */
data/ckermit-305~alpha02/ckutio.c:1450:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char lkflfn[FLFNAML] = { '\0', '\0' };	/* and possible link to it */
data/ckermit-305~alpha02/ckutio.c:1452:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char lock2[FLFNAML] =  { '\0', '\0' };	/* Name of second lockfile */
data/ckermit-305~alpha02/ckutio.c:1457:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char flfnam[FLFNAML+1] = { '\0', '\0' }; /* UUCP lock file path name */
data/ckermit-305~alpha02/ckutio.c:1476:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ttnmsv[DEVNAMLEN+1] = { '\0', '\0' };
data/ckermit-305~alpha02/ckutio.c:1478:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char lockname[DEVNAMLEN+1];	/* Ditto, the part after "/dev/". */
data/ckermit-305~alpha02/ckutio.c:1676:9:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	rows = atol(p);
data/ckermit-305~alpha02/ckutio.c:1681:10:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		cols = atol(p);
data/ckermit-305~alpha02/ckutio.c:2197:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    	consctlfd = open("/dev/consctl", O_WRONLY);
data/ckermit-305~alpha02/ckutio.c:2389:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullname[DEVNAMLEN+1];
data/ckermit-305~alpha02/ckutio.c:2495:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    ttyfd = atoi(ttname);	/* Is there a way to test it's open? */
data/ckermit-305~alpha02/ckutio.c:2634:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    ttyfd = atoi(ttname);	/* Is there a way to test it's open? */
data/ckermit-305~alpha02/ckutio.c:2897:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(lockpid,"%d",xpid);	/* Record it too */
data/ckermit-305~alpha02/ckutio.c:3156:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((kmem[TTY] = open("/dev/kmem", 0)) < 0) {
data/ckermit-305~alpha02/ckutio.c:3861:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char modem_state[64];
data/ckermit-305~alpha02/ckutio.c:4135:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((ttyfd = open(ttnmsv,2)) < 0)	/* on Fortune computers... */
data/ckermit-305~alpha02/ckutio.c:4182:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(modem_state,"%#lx",modem_rtn);
data/ckermit-305~alpha02/ckutio.c:4186:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(modem_state,"%#lx",modem_rtn);
data/ckermit-305~alpha02/ckutio.c:4195:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(modem_state,"%#lx",modem_rtn);
data/ckermit-305~alpha02/ckutio.c:4215:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(modem_state,"%#lx",modem_sav);
data/ckermit-305~alpha02/ckutio.c:4750:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];
data/ckermit-305~alpha02/ckutio.c:4764:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(name,O_RDONLY);		/* Try to open lockfile. */
data/ckermit-305~alpha02/ckutio.c:4921:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char linkto[DEVNAMLEN+1];
data/ckermit-305~alpha02/ckutio.c:5076:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pid_str[32];			/* My pid in string format. */
data/ckermit-305~alpha02/ckutio.c:5083:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lockfil[LFNAML];		/* Lock file name */
data/ckermit-305~alpha02/ckutio.c:5085:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lklockf[LFNAML];		/* Name for link to lock file  */
data/ckermit-305~alpha02/ckutio.c:5088:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char symlock[LFNAML];		/* Name for symlink lockfile name */
data/ckermit-305~alpha02/ckutio.c:5090:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpnam[LFNAML+30];		/* Temporary lockfile name. */
data/ckermit-305~alpha02/ckutio.c:5164:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(lockfil,"LCK..%d.%d",	/* SAFE */
data/ckermit-305~alpha02/ckutio.c:5170:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(lockfil,"LK.%03u.%03u.%03u", /* SAFE */
data/ckermit-305~alpha02/ckutio.c:5423:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lockfil[LFNAML];		/* Lockfile name (no path) */
data/ckermit-305~alpha02/ckutio.c:5424:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpnam[LFNAML];		/* Temporary lockfile name. */
data/ckermit-305~alpha02/ckutio.c:5736:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char x[DEVNAMLEN+32], *device, *devname;
data/ckermit-305~alpha02/ckutio.c:6525:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tchbuf[100];
data/ckermit-305~alpha02/ckutio.c:6527:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tchbuf,
data/ckermit-305~alpha02/ckutio.c:8412:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pushbuf,mybuf,my_count);
data/ckermit-305~alpha02/ckutio.c:8415:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mybuf,s,n);
data/ckermit-305~alpha02/ckutio.c:9108:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[256];
data/ckermit-305~alpha02/ckutio.c:9696:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((m = open("/dev/kmem", 0)) < 0) err("kmem");
data/ckermit-305~alpha02/ckutio.c:9752:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[200];
data/ckermit-305~alpha02/ckutio.c:10413:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *)xpacket,(char *)s,n);
data/ckermit-305~alpha02/ckutio.c:11749:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (cp && (hertz = atoi(cp))) {
data/ckermit-305~alpha02/ckutio.c:11864:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fpbuf[64];
data/ckermit-305~alpha02/ckutio.c:11884:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fpbuf,"%f",s);
data/ckermit-305~alpha02/ckutio.c:11900:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char asctmbuf[64];
data/ckermit-305~alpha02/ckutio.c:12119:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(CTTNAM,2)) < 0) {	/* Open controlling terminal */
data/ckermit-305~alpha02/ckutio.c:12350:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if((kmem[CON] = open("/dev/kmem", 0)) < 0) {
data/ckermit-305~alpha02/ckutio.c:12679:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(xpacket,s,len);
data/ckermit-305~alpha02/ckutio.c:13116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[30];
data/ckermit-305~alpha02/ckutio.c:13127:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[30];
data/ckermit-305~alpha02/ckutio.c:14035:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    x = open(name, modes);		/* Try to open the device */
data/ckermit-305~alpha02/ckutio.c:15485:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char daynameresult[DAYNAMERESULT];
data/ckermit-305~alpha02/ckutio.c:15499:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/ckermit-305~alpha02/ckutio.c:15509:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char monthnameresult[MONTHNAMERESULT];
data/ckermit-305~alpha02/ckutio.c:15520:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/ckermit-305~alpha02/ckutio.c:15521:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mbuf[4];
data/ckermit-305~alpha02/ckutio.c:15637:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmd[20];
data/ckermit-305~alpha02/ckutio.c:15645:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      len = sprintf(cmd + 1, "%d", param) + 1;
data/ckermit-305~alpha02/ckutio.c:15678:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[100];
data/ckermit-305~alpha02/ckutio.c:15686:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ttyctlfd = open(name, 1);
data/ckermit-305~alpha02/ckutio.c:15716:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[20];
data/ckermit-305~alpha02/ckutio.c:15717:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	int i = sprintf(cmd, "k%d", msec);
data/ckermit-305~alpha02/ckutio.c:15783:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[1000];		/* not safe if on the stack */
data/ckermit-305~alpha02/ckutio.c:15810:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char str1[4096];
data/ckermit-305~alpha02/ckutio.c:15811:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char str2[4096];
data/ckermit-305~alpha02/ckuus3.c:34:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char pwbuf[PWBUFL+1]  = { NUL, NUL };
data/ckermit-305~alpha02/ckuus3.c:100:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char editor[CKMAXPATH + 1] = "edit";
data/ckermit-305~alpha02/ckuus3.c:102:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char editor[CKMAXPATH + 1] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus3.c:104:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char editopts[128] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus3.c:105:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char editfile[CKMAXPATH + 1] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus3.c:107:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char browser[CKMAXPATH + 1] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus3.c:108:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char browsopts[128] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus3.c:109:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char browsurl[4096] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus3.c:200:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char prmbuf[PWBUFL+1] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus3.c:700:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *netdir[MAXDDIR+2];
data/ckermit-305~alpha02/ckuus3.c:739:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *dialtocc[MAXTPCC] = { NULL, NULL };
data/ckermit-305~alpha02/ckuus3.c:741:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *dialpucc[MAXTPCC] = { NULL, NULL };
data/ckermit-305~alpha02/ckuus3.c:744:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *dialtfc[MAXTOLLFREE] = {
data/ckermit-305~alpha02/ckuus3.c:749:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *dialpxx[MAXPBXEXCH] = {
data/ckermit-305~alpha02/ckuus3.c:754:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *diallcac[MAXLOCALAC] = {
data/ckermit-305~alpha02/ckuus3.c:1017:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char pipename[PIPENAML+1] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus3.c:2185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *pp[MAXGETPATH];               /* Temporary name pointers */
data/ckermit-305~alpha02/ckuus3.c:2190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dirpath[4096];
data/ckermit-305~alpha02/ckuus3.c:2192:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dirpath[1024];                 /* For fully qualified filenames */
data/ckermit-305~alpha02/ckuus3.c:2368:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char dirsep[2];
data/ckermit-305~alpha02/ckuus3.c:2400:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char username[LOGINLEN+1];
data/ckermit-305~alpha02/ckuus3.c:2401:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char password[LOGINLEN+1];
data/ckermit-305~alpha02/ckuus3.c:2402:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char account[LOGINLEN+1];
data/ckermit-305~alpha02/ckuus3.c:2906:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filebuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuus3.c:3478:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[64];
data/ckermit-305~alpha02/ckuus3.c:3487:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char sxroundbuf[32];		/* For ROUND result */
data/ckermit-305~alpha02/ckuus3.c:3496:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * p[SEXPMAX+1], ** p2;         /* List items (must be on stack) */
data/ckermit-305~alpha02/ckuus3.c:3895:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf1[32], buf2[32];
data/ckermit-305~alpha02/ckuus3.c:3965:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char buf[32];
data/ckermit-305~alpha02/ckuus3.c:4837:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32], * p;
data/ckermit-305~alpha02/ckuus3.c:4873:10:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t1 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:4873:30:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t1 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:4873:49:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t1 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:4879:10:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t2 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:4879:30:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t2 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:4879:49:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t2 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:4936:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c, buf1[32], buf2[32], * info[32], * p, * s;
data/ckermit-305~alpha02/ckuus3.c:4937:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * xlogbuf, xbuf[CXLOGBUFL+1];
data/ckermit-305~alpha02/ckuus3.c:5008:10:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t1 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:5008:30:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t1 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:5008:49:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t1 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:5015:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        t2 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:5015:34:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        t2 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:5015:53:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        t2 = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:5781:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(dialtfc[0],"800"); /* 1970-something */
data/ckermit-305~alpha02/ckuus3.c:5784:29:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                            strcpy(dialtfc[1],"888"); /* 1996 */
data/ckermit-305~alpha02/ckuus3.c:5787:33:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                                strcpy(dialtfc[2],"877"); /* 5 April 1998 */
data/ckermit-305~alpha02/ckuus3.c:5790:37:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                                    strcpy(dialtfc[3],"866"); /* 2000? */
data/ckermit-305~alpha02/ckuus3.c:5816:23:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                      strcpy(dialixp,"00");
data/ckermit-305~alpha02/ckuus3.c:5891:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char * p[MAXTOLLFREE];        /* Temporary pointers */
data/ckermit-305~alpha02/ckuus3.c:5966:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char * p[MAXLOCALAC]; /* Temporary pointers */
data/ckermit-305~alpha02/ckuus3.c:6038:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char * p[MAXTPCC];
data/ckermit-305~alpha02/ckuus3.c:6477:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[6];
data/ckermit-305~alpha02/ckuus3.c:6480:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xbuf[20], * p;
data/ckermit-305~alpha02/ckuus3.c:6508:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%05ld",atol(alrm_time)); /* SAFE (20) */
data/ckermit-305~alpha02/ckuus3.c:6508:25:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    sprintf(buf,"%05ld",atol(alrm_time)); /* SAFE (20) */
data/ckermit-305~alpha02/ckuus3.c:6513:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if ((zz = atol(alrm_time) + xx) < 0L) {
data/ckermit-305~alpha02/ckuus3.c:6518:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char d[10];                     /* Local date buffer */
data/ckermit-305~alpha02/ckuus3.c:6525:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        dd = atoi((char *)(d+6));       /* Parse yyyymmdd */
data/ckermit-305~alpha02/ckuus3.c:6527:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        mm = atoi((char *)(d+4));
data/ckermit-305~alpha02/ckuus3.c:6529:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        yyyy = atoi((char *)d);
data/ckermit-305~alpha02/ckuus3.c:6560:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(alrm_date,"%04d%02d%02d",yyyy,mm,dd); /* SAFE (24) */
data/ckermit-305~alpha02/ckuus3.c:6563:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(alrm_time,"%ld",zz);        /* SAFE (24) */
data/ckermit-305~alpha02/ckuus3.c:6573:11:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    sec = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:6573:31:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    sec = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:6573:50:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    sec = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus3.c:6587:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(alrm_time,"%05ld",sec);     /* SAFE (24) */
data/ckermit-305~alpha02/ckuus3.c:6755:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        free((char *)macrotab[kc]);
data/ckermit-305~alpha02/ckuus3.c:6779:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          strcpy((char *) macrotab[kc], s); /* safe */
data/ckermit-305~alpha02/ckuus3.c:6889:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, tmpbuf[XPCMDLEN+1];
data/ckermit-305~alpha02/ckuus3.c:6914:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[XPCMDLEN+1], s2[XPCMDLEN+1], s3[XPCMDLEN+1];
data/ckermit-305~alpha02/ckuus3.c:6915:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s4[XPCMDLEN+1], s5[XPCMDLEN+1], s6[XPCMDLEN+1], s7[XPCMDLEN+1];
data/ckermit-305~alpha02/ckuus3.c:7176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char portbuf[64];
data/ckermit-305~alpha02/ckuus3.c:8095:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * ssh_idf[32] = {                  /* Identity file list */
data/ckermit-305~alpha02/ckuus3.c:8101:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * ssh_tmp[32] = {                  /* Temp identity file list */
data/ckermit-305~alpha02/ckuus3.c:9009:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char portbuf[64];
data/ckermit-305~alpha02/ckuus3.c:9238:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char tmpnbnam[NETBIOS_NAME_LEN+1];
data/ckermit-305~alpha02/ckuus3.c:9333:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  char dllname[256]="";
data/ckermit-305~alpha02/ckuus3.c:9410:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	      char ubuf[LOGINLEN+1], pbuf[LOGINLEN+1], abuf[256];
data/ckermit-305~alpha02/ckuus3.c:9486:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	      char ubuf[LOGINLEN+1], pbuf[LOGINLEN+1];
data/ckermit-305~alpha02/ckuus3.c:10497:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  extern char * tn_env_uservar[8][2];
data/ckermit-305~alpha02/ckuus3.c:11515:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              zz = atol(atmbuf);
data/ckermit-305~alpha02/ckuus3.c:12050:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      char now[32];     /* Current time */
data/ckermit-305~alpha02/ckuus3.c:12055:30:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                      tnow = atol(p+11) * 3600L +
data/ckermit-305~alpha02/ckuus3.c:12056:25:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus3.c:12056:44:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus3.c:12088:29:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return(setalarm(atol(s)));
data/ckermit-305~alpha02/ckuus3.c:12199:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char tmpname[MAXPATHLEN+1];
data/ckermit-305~alpha02/ckuus3.c:12631:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char * tmpaddrs[KRB5_NUM_OF_ADDRS];
data/ckermit-305~alpha02/ckuus3.c:13580:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char warning[256];
data/ckermit-305~alpha02/ckuus3.c:13719:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char rexxbuf[REXBUFL] = { '\0' };       /* Rexx's return value (string) */
data/ckermit-305~alpha02/ckuus4.c:145:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ndatbuf[10];
data/ckermit-305~alpha02/ckuus4.c:353:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char hexdigits[16] = {
data/ckermit-305~alpha02/ckuus4.c:500:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *m_arg[MACLEVEL][10]; /* You have to put in the dimensions */
data/ckermit-305~alpha02/ckuus4.c:501:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *g_var[GVARS];        /* for external 2-dimensional arrays. */
data/ckermit-305~alpha02/ckuus4.c:1213:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char vvbuf[VVBUFL+1];
data/ckermit-305~alpha02/ckuus4.c:1227:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fp_xbuf[128];
data/ckermit-305~alpha02/ckuus4.c:1257:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf,"%0.250f",(10.0 / 3.0));
data/ckermit-305~alpha02/ckuus4.c:1261:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf,"%0.250f",(4.0 / 9.0));
data/ckermit-305~alpha02/ckuus4.c:1270:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf,"%0.6f",(7.0 / 9.0));
data/ckermit-305~alpha02/ckuus4.c:1302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char takepath[4096];
data/ckermit-305~alpha02/ckuus4.c:1554:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        startflags = atoi(yp);
data/ckermit-305~alpha02/ckuus4.c:1654:53:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                hwndDialer = (HWND) atol(*yargv);
data/ckermit-305~alpha02/ckuus4.c:1657:50:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                KermitDialerID = atol(*yargv) ;
data/ckermit-305~alpha02/ckuus4.c:1666:47:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                startflags |= atol(*yargv);
data/ckermit-305~alpha02/ckuus4.c:1758:45:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        hwndDialer = (HWND) atol(*yargv);
data/ckermit-305~alpha02/ckuus4.c:1761:42:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        KermitDialerID = atol(*yargv) ;
data/ckermit-305~alpha02/ckuus4.c:1770:39:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        startflags |= atol(*yargv);
data/ckermit-305~alpha02/ckuus4.c:1853:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                      if (p && atoi(p) != 0) {
data/ckermit-305~alpha02/ckuus4.c:1884:45:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        hwndDialer = (HWND) atol(*yargv);
data/ckermit-305~alpha02/ckuus4.c:1887:42:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        KermitDialerID = atol(*yargv) ;
data/ckermit-305~alpha02/ckuus4.c:1900:35:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    startflags |= atol(*yargv);
data/ckermit-305~alpha02/ckuus4.c:2008:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            n = atoi(*yargv);
data/ckermit-305~alpha02/ckuus4.c:2875:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char xbuf[8];
data/ckermit-305~alpha02/ckuus4.c:2895:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(xbuf,"%04X",uc.x_short); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:3558:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char dirbuf[CKMAXPATH+4];
data/ckermit-305~alpha02/ckuus4.c:3640:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char hompthbuf[CKMAXPATH+1] = { NUL, NUL }; /* Home directory path */
data/ckermit-305~alpha02/ckuus4.c:3721:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char mypath[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuus4.c:4091:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char nowbuf[18];
data/ckermit-305~alpha02/ckuus4.c:4098:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbuf[32];
data/ckermit-305~alpha02/ckuus4.c:4120:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(nowbuf+4,"%02d",x);         /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:4901:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char * tn_env_uservar[8][2];
data/ckermit-305~alpha02/ckuus4.c:5322:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ipaddr[16];
data/ckermit-305~alpha02/ckuus4.c:6010:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(tmpbuf," Packet timeouts: dynamic %d:%d", /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:6014:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(tmpbuf," Packet timeouts: fixed"); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:6707:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char xbuf[100];
data/ckermit-305~alpha02/ckuus4.c:6716:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(xbuf,"doinput string %2d",y); /* SAFE (24) */
data/ckermit-305~alpha02/ckuus4.c:7409:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ipabuf[16] = { NUL };       /* IP address buffer */
data/ckermit-305~alpha02/ckuus4.c:7464:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char zjdbuf[12] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus4.c:7480:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char year[5];
data/ckermit-305~alpha02/ckuus4.c:7481:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char month[3];
data/ckermit-305~alpha02/ckuus4.c:7482:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char day[3];
data/ckermit-305~alpha02/ckuus4.c:7513:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    y = atoi(year);
data/ckermit-305~alpha02/ckuus4.c:7514:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m = atoi(month);
data/ckermit-305~alpha02/ckuus4.c:7515:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    d = atoi(day);
data/ckermit-305~alpha02/ckuus4.c:7529:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(zjdbuf,"%04d%03d",y,j);   /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:7533:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char jzdbuf[32];
data/ckermit-305~alpha02/ckuus4.c:7539:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char year[5];                       /* with optional time */
data/ckermit-305~alpha02/ckuus4.c:7540:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char day[4];
data/ckermit-305~alpha02/ckuus4.c:7574:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    j = atoi(day);
data/ckermit-305~alpha02/ckuus4.c:7579:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    y = atoi(year);
data/ckermit-305~alpha02/ckuus4.c:7604:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(jzdbuf,"%04d%02d%02d",y,m,d); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:7634:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char year[5];
data/ckermit-305~alpha02/ckuus4.c:7635:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char month[3];
data/ckermit-305~alpha02/ckuus4.c:7636:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char day[3];
data/ckermit-305~alpha02/ckuus4.c:7657:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m = atoi(month);
data/ckermit-305~alpha02/ckuus4.c:7662:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    d = atoi(day);
data/ckermit-305~alpha02/ckuus4.c:7665:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    y = atoi(year) + 4800 - a;
data/ckermit-305~alpha02/ckuus4.c:7674:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char mjd2dbuf[32];
data/ckermit-305~alpha02/ckuus4.c:7698:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(mjd2dbuf,"%04d%02d%02d",y,m,d); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:7718:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char fnval[FNVALL+2];                   /* Function return value  */
data/ckermit-305~alpha02/ckuus4.c:7731:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fpfmtbuf[FPFMTSIZ] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus4.c:7736:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fbuf[16];                      /* For creating printf format */
data/ckermit-305~alpha02/ckuus4.c:7772:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(fbuf,"%%0.%df",places); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:7776:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(fbuf,"%%0.%df",fp_digits); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:7954:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char datebuf[20];
data/ckermit-305~alpha02/ckuus4.c:7955:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[20];
data/ckermit-305~alpha02/ckuus4.c:8129:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *bp[FNARGS + 1];               /* Pointers to malloc'd strings */
data/ckermit-305~alpha02/ckuus4.c:8175:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(fnval,"<ERROR:NO_SUCH_FUNCTION>");
data/ckermit-305~alpha02/ckuus4.c:8181:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(fnval,"<ERROR:NAME_AMBIGUOUS>");
data/ckermit-305~alpha02/ckuus4.c:8184:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(fnval,"<ERROR:FUNCTION_NAME_MISSING:\\f()>");
data/ckermit-305~alpha02/ckuus4.c:8190:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(fnval,"<ERROR:LOOKUP_FAILURE>");
data/ckermit-305~alpha02/ckuus4.c:8246:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(fnval,"<ERROR:MISSING_ARG:\\fcontents()>");
data/ckermit-305~alpha02/ckuus4.c:8258:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(fnval,"<ERROR:ARG_BAD_VARIABLE:\\fcontents()>");
data/ckermit-305~alpha02/ckuus4.c:8283:23:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                      sprintf(fnval,"<ERROR:OVERFLOW:\\fcontents()>");
data/ckermit-305~alpha02/ckuus4.c:8299:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(fnval,"<ERROR:ARG_BAD_ARRAY:\\fcontents()>");
data/ckermit-305~alpha02/ckuus4.c:8322:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(fnval,"<ERROR:ARG_NOT_VARIABLE:\\fcontents()>");
data/ckermit-305~alpha02/ckuus4.c:8613:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char abuf[16], *s;
data/ckermit-305~alpha02/ckuus4.c:8646:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(fnval,"%d",k);    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:8672:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(fnval,"%d",k);    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:8677:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char tmp[16];
data/ckermit-305~alpha02/ckuus4.c:8699:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              int i; char tmp[16];
data/ckermit-305~alpha02/ckuus4.c:8779:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    if (chknum(val2)) desired = atoi(val2);
data/ckermit-305~alpha02/ckuus4.c:8784:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    t = atoi(val1);
data/ckermit-305~alpha02/ckuus4.c:8876:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(fnval,"%d",i);      /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:8906:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    occur = atoi(bp[3]);
data/ckermit-305~alpha02/ckuus4.c:8922:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    context = atoi(bp[4]);
data/ckermit-305~alpha02/ckuus4.c:9032:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            i = atoi(val1);
data/ckermit-305~alpha02/ckuus4.c:9062:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(p,"%d",(i & 0xff)); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:9069:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(p,"%d",(int)strlen(bp[0])); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:9107:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                i = atoi(val1);
data/ckermit-305~alpha02/ckuus4.c:9108:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                j = atoi(val2);
data/ckermit-305~alpha02/ckuus4.c:9129:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(p,"%d",j);      /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:9179:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                k = (argn > 2) ? atoi(val2) : MAXARGLEN; /* length */
data/ckermit-305~alpha02/ckuus4.c:9180:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                j = (argn > 1) ? atoi(val1) : 1; /* start pos for substr */
data/ckermit-305~alpha02/ckuus4.c:9182:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                k = (argn > 1) ? atoi(val1) : lx;
data/ckermit-305~alpha02/ckuus4.c:9185:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                k = (argn > 1) ? atoi(val1) : lx; /* length */
data/ckermit-305~alpha02/ckuus4.c:9220:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            n = atoi(val1);
data/ckermit-305~alpha02/ckuus4.c:9282:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            n = atoi(val1);
data/ckermit-305~alpha02/ckuus4.c:9373:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    start = atoi(val1) /* - 1 */;
data/ckermit-305~alpha02/ckuus4.c:9398:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(fnval,"%d",i+1); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:9412:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    start = atoi(bp[1]) - 1;
data/ckermit-305~alpha02/ckuus4.c:9439:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          p = (char *) ck_oox(bp[0], (argn > 1) ? bp[1] : "");
data/ckermit-305~alpha02/ckuus4.c:9523:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  start = atoi(s);
data/ckermit-305~alpha02/ckuus4.c:9568:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  start = atoi(s);
data/ckermit-305~alpha02/ckuus4.c:9693:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(fnval,"%ld",tod2sec(bp[0])); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:9706:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(fnval,"%lu",chk);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:9714:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(fnval,"%u",           /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:9729:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(p,"%d",(int)VscrnGetCurPos(VTERM)->x); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:9734:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(p,"%d",(int)VscrnGetCurPos(VTERM)->y); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:9751:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  row = atoi(bp[0]);
data/ckermit-305~alpha02/ckuus4.c:9768:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                      col = atoi(bp[1]);
data/ckermit-305~alpha02/ckuus4.c:9789:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  len = atoi(bp[2]);
data/ckermit-305~alpha02/ckuus4.c:9886:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		n = atoi(bp[2]);
data/ckermit-305~alpha02/ckuus4.c:9935:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        n = atoi(val1);
data/ckermit-305~alpha02/ckuus4.c:9962:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                      k = atoi(bp[1]);
data/ckermit-305~alpha02/ckuus4.c:10020:55:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sprintf(fnval, cx == FN_2HEX ? "%lx" : "%lo", atol(val1)); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10022:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(fnval,"0%lx",atol(val1)); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10022:32:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          sprintf(fnval,"0%lx",atol(val1)); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10055:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            x = atoi(bp[0]);
data/ckermit-305~alpha02/ckuus4.c:10058:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(fnval,"%d", (x > 0 && k > 0) || (x < 0 && k < 0) ? k % x : 
data/ckermit-305~alpha02/ckuus4.c:10076:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(fnval,"%d", x);         /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10096:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char   abuf[16];
data/ckermit-305~alpha02/ckuus4.c:10121:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              x = atoi(bp[5]);
data/ckermit-305~alpha02/ckuus4.c:10135:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              n = atoi(val1);
data/ckermit-305~alpha02/ckuus4.c:10174:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  grouping = atoi(bp4);
data/ckermit-305~alpha02/ckuus4.c:10244:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              kv = atoi(bp[0]);
data/ckermit-305~alpha02/ckuus4.c:10272:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(fnval, "%d", (n >= 0) ? n : 0); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10277:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(fnval, "%d", (n >= 0) ? n : 0); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10282:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(fnval,"%d",0);    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10299:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(fnval,"k%d next-ticket-string",kv); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10309:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(fnval, "%d", n > 0 ? 1 : 0); /* SAVE */
data/ckermit-305~alpha02/ckuus4.c:10314:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(fnval,"%d", n > 0 ? 1 : 0); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10319:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(fnval,"%d",0);    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10328:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(fnval,"%d", n >= 0 ? n : 0); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10333:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(fnval,"%d", n >= 0 ? n : 0); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10367:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            k = atoi(bp[0]);
data/ckermit-305~alpha02/ckuus4.c:10388:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char abuf[16], *s;
data/ckermit-305~alpha02/ckuus4.c:10413:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(fnval,"%d",max);      /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10425:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char abuf[16], *s;
data/ckermit-305~alpha02/ckuus4.c:10427:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char workbuf[MAXPATHLEN];
data/ckermit-305~alpha02/ckuus4.c:10494:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(fnval,"%d",k);	/* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10673:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp1 = fopen(s1, "r");		/* Open it first file*/
data/ckermit-305~alpha02/ckuus4.c:10674:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp2 = fopen(s2, "r");		/* Open it first file*/
data/ckermit-305~alpha02/ckuus4.c:10785:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            x = atoi(s);
data/ckermit-305~alpha02/ckuus4.c:10794:19:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sec = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus4.c:10794:39:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sec = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus4.c:10794:58:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sec = atol(p+9) * 3600L + atol(p+12) * 60L + atol(p+15);
data/ckermit-305~alpha02/ckuus4.c:10795:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(fnval,"%ld",sec);   /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10813:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(fnval,"%ld",mjd(p));    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10831:19:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              k = atol(p);
data/ckermit-305~alpha02/ckuus4.c:10880:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(fnval,"%d",k);        /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10903:19:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              k = atol(p);
data/ckermit-305~alpha02/ckuus4.c:10918:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(fnval,"%02d:%02d:%02d",hh,mm,ss); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:10955:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char abuf[16], *s, *pat;
data/ckermit-305~alpha02/ckuus4.c:10956:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char kwbuf[256];
data/ckermit-305~alpha02/ckuus4.c:10992:23:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                      sprintf(fnval,"%d",i); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11013:23:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                      sprintf(fnval,"%d",i); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11025:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(fnval,"%d",hi); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11079:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char abuf[16], *s = NULL, **ap = NULL, **vp = NULL;
data/ckermit-305~alpha02/ckuus4.c:11080:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char pattern[VNAML];
data/ckermit-305~alpha02/ckuus4.c:11175:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(fnval,"%d",k);        /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11212:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char fpbuf[64], * bp0;
data/ckermit-305~alpha02/ckuus4.c:11296:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(fpbuf,"farg[%d]=%f",i,farg[i]); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11312:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            places = atoi(s);
data/ckermit-305~alpha02/ckuus4.c:11414:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char fbuf[16];              /* For creating printf format */
data/ckermit-305~alpha02/ckuus4.c:11421:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(fbuf,"%%0.%df",places); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11434:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(fnval,"%f",fpresult);
data/ckermit-305~alpha02/ckuus4.c:11445:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(fbuf,"%%%d.%df",fp_digits+sign+1,d);
data/ckermit-305~alpha02/ckuus4.c:11447:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(fbuf,"%%0.%df",fp_digits);
data/ckermit-305~alpha02/ckuus4.c:11452:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(fbuf,"%%0.%df",fp_digits); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11522:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                x = atoi(bp[0]);
data/ckermit-305~alpha02/ckuus4.c:11542:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            channel = atoi(bp[0]);
data/ckermit-305~alpha02/ckuus4.c:11563:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(fnval,"%d",x);      /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11574:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(fnval,"%ld",z);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11579:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(fnval,"%ld",z);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11585:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(fnval,"%d",t);      /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11590:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(fnval,"%d",x);      /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11602:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                t = atoi(bp[1]);
data/ckermit-305~alpha02/ckuus4.c:11636:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(fnval,"%d",t);    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11729:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(p,"%d.%d.%d.%d",ip[0],ip[1],ip[2],ip[3]); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11745:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                ip[i] = atoi(s);
data/ckermit-305~alpha02/ckuus4.c:11755:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ip[3] = atoi(s);
data/ckermit-305~alpha02/ckuus4.c:11756:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(p,"%02x%02x%02x%02x",ip[0],ip[1],ip[2],ip[3]); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:11773:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p = ckradix(bp[0],atoi(bp[1]),atoi(bp[2]));
data/ckermit-305~alpha02/ckuus4.c:11773:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p = ckradix(bp[0],atoi(bp[1]),atoi(bp[2]));
data/ckermit-305~alpha02/ckuus4.c:11787:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char abuf[16], c, *s, *q, *sep = NULL;
data/ckermit-305~alpha02/ckuus4.c:11790:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char lb[2], rb[2];              /* Selected left and right brackets */
data/ckermit-305~alpha02/ckuus4.c:11862:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                grouping = atoi(bp2);
data/ckermit-305~alpha02/ckuus4.c:11888:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(bp[3]) > 0)
data/ckermit-305~alpha02/ckuus4.c:12112:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        i = atoi(val1);                 /* Level */
data/ckermit-305~alpha02/ckuus4.c:12113:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        j = atoi(val2);                 /* Flags */
data/ckermit-305~alpha02/ckuus4.c:12160:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char d1[18], d2[18], * dp;
data/ckermit-305~alpha02/ckuus4.c:12183:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(fnval,"%d",x);
data/ckermit-305~alpha02/ckuus4.c:12189:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char datebuf[32];
data/ckermit-305~alpha02/ckuus4.c:12190:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char d2[32];
data/ckermit-305~alpha02/ckuus4.c:12228:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(p,"%ld",secs);
data/ckermit-305~alpha02/ckuus4.c:12273:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            x = atoi(bp[0]);
data/ckermit-305~alpha02/ckuus4.c:12461:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[1024];
data/ckermit-305~alpha02/ckuus4.c:12462:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char abuf[16], * p, * s;
data/ckermit-305~alpha02/ckuus4.c:12511:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(s, "r");		/* Open it */
data/ckermit-305~alpha02/ckuus4.c:12618:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    pid = atoi(bp[0]);		/* Convert to int */
data/ckermit-305~alpha02/ckuus4.c:12633:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fnval,"%d",x);		/* SAFE */
data/ckermit-305~alpha02/ckuus4.c:12727:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[3];
data/ckermit-305~alpha02/ckuus4.c:12814:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    if (chknum(s)) docase = atoi(s);
data/ckermit-305~alpha02/ckuus4.c:12817:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (chknum(s)) start = atoi(s);
data/ckermit-305~alpha02/ckuus4.c:12820:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    if (chknum(s)) len = atoi(s);
data/ckermit-305~alpha02/ckuus4.c:12849:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[3];
data/ckermit-305~alpha02/ckuus4.c:12861:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    day = atoi(s1);
data/ckermit-305~alpha02/ckuus4.c:12876:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    fc = atoi(s2);
data/ckermit-305~alpha02/ckuus4.c:12900:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[3];
data/ckermit-305~alpha02/ckuus4.c:12912:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    month = atoi(s1);
data/ckermit-305~alpha02/ckuus4.c:12924:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char mn[3];
data/ckermit-305~alpha02/ckuus4.c:12928:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    month = atoi((char *)mn) - 1;
data/ckermit-305~alpha02/ckuus4.c:12934:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    fc = atoi(s2);
data/ckermit-305~alpha02/ckuus4.c:12987:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ckpidbuf[32] = "????";
data/ckermit-305~alpha02/ckuus4.c:13007:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(ckpidbuf,"%ld",zz);         /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13015:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char embuf[EMBUFLEN+1];
data/ckermit-305~alpha02/ckuus4.c:13037:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(embuf,"<ERROR:NO_SUCH_VARIABLE>"); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13057:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",maclvl < 0 ? topargc : macargc[maclvl]); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13061:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",xargs);      /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13065:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",count[cmdlvl]); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13196:13:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        z = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus4.c:13196:34:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        z = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus4.c:13196:53:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        z = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus4.c:13197:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%ld",z);         /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13202:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",             /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13213:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%ld",vernum);    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13217:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%ld",xvernum);   /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13231:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",incount);    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13238:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vvbuf,"unknown");   /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13240:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vvbuf,"%ld",t);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13246:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",(success == 0) ? 1 : 0); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13346:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf, "%d", cmdlvl);   /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13361:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%ld",k);       /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13432:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",xitsta);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13453:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",             /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13488:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%ld",tfcps);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13556:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",             /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13561:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vvbuf,"%d",         /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13589:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf, "%d", m_found);  /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13678:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vvbuf,"-1");
data/ckermit-305~alpha02/ckuus4.c:13680:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vvbuf,"%lu",space); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13695:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"cp%d",os2getcp()); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13867:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf, "%d", instatus); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13983:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vvbuf, "%d", vms_lasterr); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13986:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf, "%d", errno);    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:13996:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",urpsiz);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14000:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",wslotr);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14006:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vvbuf, "%d", tfline[tlevel]); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14026:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf, "%d",            /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14038:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf, "%d", keymac); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14064:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",crc16);      /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14112:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%ld",filcnt);    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14119:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",pexitstat); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14257:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",x);          /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14266:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",filesinlist); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14282:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",MouseCurX); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14287:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",MouseCurY); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14316:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",escape);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14320:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%ld",inetime);   /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14324:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",inwait);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14453:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",krb4_errno); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14458:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",krb5_errno); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14632:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",dialtype); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14646:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",bctr);       /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14680:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vvbuf," 8%c%d",c,sb); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14682:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vvbuf," 7%c%d",c,sb); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14684:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vvbuf," 8N%d",sb);  /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14728:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",typ_lines); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14733:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",typ_mtchs); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14737:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",maclvl);     /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14750:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",crunched);   /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14754:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",timeouts);   /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14758:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",retrans);    /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14788:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",z);        /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14818:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",fp_digits);  /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14823:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",CMDBL);      /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14829:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",z_error);  /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14834:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",z_maxchan); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14839:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",z_filcount); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14847:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%d",dialcount); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14855:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%ld",dologshow(0)); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14861:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",byteorder);  /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:14910:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          z = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus4.c:14910:36:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          z = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus4.c:14910:55:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          z = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus4.c:14912:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(vvbuf,"%f",f);        /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:15147:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",get_gui_window_pos_x());  /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:15150:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",get_gui_window_pos_y());  /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:15153:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",GetSystemMetrics(SM_CXSCREEN));  /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:15156:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vvbuf,"%d",GetSystemMetrics(SM_CYSCREEN));  /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:15270:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vnambuf[VNAML];                /* Buffer for variable/function name */
data/ckermit-305~alpha02/ckuus4.c:15272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *argp[FNARGS];                 /* Pointers to function args */
data/ckermit-305~alpha02/ckuus4.c:15582:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[24];
data/ckermit-305~alpha02/ckuus4.c:15586:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(buf,"arg %2d ",y);
data/ckermit-305~alpha02/ckuus4.c:15593:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[64]; char * p = buf; int n = 64; 
data/ckermit-305~alpha02/ckuus4.c:15816:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char kbuf[K_BUFLEN + 1];    /* Key verb name buffer */
data/ckermit-305~alpha02/ckuus5.c:35:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char line[LINBUFSIZ+1];
data/ckermit-305~alpha02/ckuus5.c:36:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char tmpbuf[TMPBUFSIZ+1];               /* Temporary buffer */
data/ckermit-305~alpha02/ckuus5.c:38:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char lasttakeline[TMPBUFSIZ+1];        /* Last TAKE-file line */
data/ckermit-305~alpha02/ckuus5.c:278:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char inidir[CCHMAXPATH] = { NUL, NUL }; /* Directory INI file executed from */
data/ckermit-305~alpha02/ckuus5.c:489:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *tfnam[MAXTAKE];                   /* Name of TAKE file */
data/ckermit-305~alpha02/ckuus5.c:500:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char kermrcb[KERMRCL];
data/ckermit-305~alpha02/ckuus5.c:552:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * prstring[CMDSTKL];
data/ckermit-305~alpha02/ckuus5.c:762:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *m_line[MACLEVEL] = { NULL, NULL }; /* Stack of macro invocation lines */
data/ckermit-305~alpha02/ckuus5.c:765:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char **m_xarg[MACLEVEL];                /* Pointers to arg vector arrays */
data/ckermit-305~alpha02/ckuus5.c:767:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *m_arg[MACLEVEL][NARGS];           /* Args of each level */
data/ckermit-305~alpha02/ckuus5.c:769:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *macp[MACLEVEL];                   /* Current position in each macro */
data/ckermit-305~alpha02/ckuus5.c:770:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *macx[MACLEVEL];                   /* Beginning of each macro def */
data/ckermit-305~alpha02/ckuus5.c:771:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *mrval[MACLEVEL];                  /* RETURN value at each level */
data/ckermit-305~alpha02/ckuus5.c:775:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *toparg[MAXARGLIST+2];
data/ckermit-305~alpha02/ckuus5.c:779:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *g_var[GVARS+1];                   /* Global \%a..z pointers */
data/ckermit-305~alpha02/ckuus5.c:785:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char **a_ptr[32];                       /* Array pointers, for arrays a-z */
data/ckermit-305~alpha02/ckuus5.c:789:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char **aa_ptr[CMDSTKL][32];             /* Array stack for automatic arrays */
data/ckermit-305~alpha02/ckuus5.c:796:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char inchar[2] = { NUL, NUL };          /* Last character that was INPUT */
data/ckermit-305~alpha02/ckuus5.c:803:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char lblbuf[LBLSIZ];                    /* Buffer for labels */
data/ckermit-305~alpha02/ckuus5.c:824:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char apcbuf[APCBUFLEN];
data/ckermit-305~alpha02/ckuus5.c:963:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * lucmd[LUCACHE];
data/ckermit-305~alpha02/ckuus5.c:1108:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vnambuf[VNAML];                /* Buffer for variable names */
data/ckermit-305~alpha02/ckuus5.c:1137:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char xbuf[CKMAXPATH+32], *s = "";
data/ckermit-305~alpha02/ckuus5.c:1146:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char xbuf[CKMAXPATH+32];
data/ckermit-305~alpha02/ckuus5.c:1174:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char xbuf[CKMAXPATH+32];
data/ckermit-305~alpha02/ckuus5.c:1183:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char xdir[CKMAXPATH+8], *s = "";
data/ckermit-305~alpha02/ckuus5.c:1198:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[16];
data/ckermit-305~alpha02/ckuus5.c:1205:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(buf,"%ld",ss[i]);  /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:1371:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(vnambuf,"\\&@[%d]",xargs);  /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:1385:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(vnambuf,"\\&_[%d]",z);  /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:1392:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(vnambuf,"\\&@[%d]",i); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:1638:21:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                    strcpy(line + (lp - pgmptr), "/k95.ini");
data/ckermit-305~alpha02/ckuus5.c:1640:21:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                    strcpy(line + (lp - pgmptr), "/k2.ini");
data/ckermit-305~alpha02/ckuus5.c:1646:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(line + (lp - pgmptr), ".ini");
data/ckermit-305~alpha02/ckuus5.c:1661:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((tfile[0] = fopen(line,"r")) != NULL) {
data/ckermit-305~alpha02/ckuus5.c:1797:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((tfile[0] = fopen(line,"r")) != NULL) { /* Try to open init file. */
data/ckermit-305~alpha02/ckuus5.c:1833:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((tfile[0] = fopen(line,"r")) != NULL) {
data/ckermit-305~alpha02/ckuus5.c:1918:21:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                    strcpy(line + (lp - pgmptr), ".ksc");
data/ckermit-305~alpha02/ckuus5.c:1924:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    tfile[0] = fopen(line,"r");
data/ckermit-305~alpha02/ckuus5.c:1926:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    tfile[0] = fopen(iksdconf,"r");
data/ckermit-305~alpha02/ckuus5.c:2536:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[80];
data/ckermit-305~alpha02/ckuus5.c:2538:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf,"%.64s...",s);	/* SAFE */
data/ckermit-305~alpha02/ckuus5.c:3394:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char obuf[OBSIZE+1];             /* OUTPUT buffer. */
data/ckermit-305~alpha02/ckuus5.c:3616:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * list[MAXLOCALVAR+2];         /* Up to 64 variables per line */
data/ckermit-305~alpha02/ckuus5.c:3729:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               char kbuf[K_BUFLEN + 1]; /* Key verb name buffer */
data/ckermit-305~alpha02/ckuus5.c:3730:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               char osendbuf[SEND_BUFLEN +1];
data/ckermit-305~alpha02/ckuus5.c:4372:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char evalmacrobuf[TMPBUFSIZ];
data/ckermit-305~alpha02/ckuus5.c:5845:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char font[64] = "(unknown)";
data/ckermit-305~alpha02/ckuus5.c:6044:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char * colors[16] = {
data/ckermit-305~alpha02/ckuus5.c:6619:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnbuf[100];
data/ckermit-305~alpha02/ckuus5.c:6744:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char * p, *q[64];
data/ckermit-305~alpha02/ckuus5.c:7170:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char buf[10];
data/ckermit-305~alpha02/ckuus5.c:7177:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			    sprintf(buf,"\\{%d}",*s); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:7207:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(line," \\%%%c",y); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:7526:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char cpbuf[128];
data/ckermit-305~alpha02/ckuus5.c:8412:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tbuf[80] /* ,*tp */ ;          /* Buffer to accumulate number */
data/ckermit-305~alpha02/ckuus5.c:8851:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        free((char *)a_ptr[a]);         /* Then the element list */
data/ckermit-305~alpha02/ckuus5.c:8886:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8];
data/ckermit-305~alpha02/ckuus5.c:9038:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	range[i] = atoi(buf);
data/ckermit-305~alpha02/ckuus5.c:9062:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char zz, buf[256], * p, * q;
data/ckermit-305~alpha02/ckuus5.c:9106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vnbuf[ARRAYREFLEN+1];          /* Entire array reference */
data/ckermit-305~alpha02/ckuus5.c:9107:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ssbuf[ARRAYREFLEN+1];          /* Subscript in "plain text" */
data/ckermit-305~alpha02/ckuus5.c:9108:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sxbuf[16];                     /* Evaluated subscript */
data/ckermit-305~alpha02/ckuus5.c:9191:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if ((y = atoi(sxbuf)) < 0) {
data/ckermit-305~alpha02/ckuus5.c:9345:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char valbuf[VALN+1];                /* s is pointer to variable name */
data/ckermit-305~alpha02/ckuus5.c:9346:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[256];
data/ckermit-305~alpha02/ckuus5.c:9925:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[34];
data/ckermit-305~alpha02/ckuus5.c:10161:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * optlist[NOPTLIST+1];
data/ckermit-305~alpha02/ckuus5.c:10273:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"INPBUFSIZ=%d",INPBUFSIZ); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10277:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"LINBUFSIZ=%d",LINBUFSIZ); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10281:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"INBUFSIZE=%d",INBUFSIZE); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10285:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"OBUFSIZE=%d",OBUFSIZE); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10289:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"FD_SETSIZE=%d",FD_SETSIZE); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10341:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"CMDDEP=%d",CMDDEP);   /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10346:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAXPATHLEN=%d",MAXPATHLEN); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10351:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"DEVNAMLEN=%d",DEVNAMLEN); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10363:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"CKMAXPATH=%d",CKMAXPATH); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10366:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"CKMAXOPEN=%d",CKMAXOPEN); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10374:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"Z_MAXCHAN=%d",Z_MAXCHAN); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10378:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"OPEN_MAX=%d",OPEN_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10383:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"_POSIX_OPEN_MAX=%d",_POSIX_OPEN_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10393:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(line,"ckmaxfiles=%d",ckmaxfiles); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10396:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(line,"z_maxchan=%d",z_maxchan); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10402:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"FOPEN_MAX=%d",FOPEN_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10407:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAXGETPATH=%d",MAXGETPATH); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10412:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"CMDBL=%d",CMDBL);     /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10417:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"VNAML=%d",VNAML);     /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10422:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"ARRAYREFLEN=%d",ARRAYREFLEN); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10427:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"UIDBUFLEN=%d",UIDBUFLEN); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10432:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"FORDEPTH=%d",FORDEPTH); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10437:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAXTAKE=%d",MAXTAKE); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10442:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MACLEVEL=%d",MACLEVEL); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10447:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAC_MAX=%d",MAC_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10456:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"_FILE_OFFSET_BITS=%d",_FILE_OFFSET_BITS); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10470:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"CHAR_MAX=%llx",CHAR_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10474:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"UCHAR_MAX=%llx",UCHAR_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10478:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"SHRT_MAX=%llx",SHRT_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10482:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"USHRT_MAX=%llx",USHRT_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10486:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"INT_MAX=%llx",INT_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10490:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"UINT_MAX=%llx",UINT_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10494:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAX_LONG=%llx",MAX_LONG); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10498:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"LONG_MAX=%llx",LONG_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10502:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"ULONG_MAX=%llx",ULONG_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10506:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAXINT=%llx",MAXINT); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10510:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAXLONG=%llx",MAXLONG); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10515:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"LLONG_MAX=%I64x",LLONG_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10519:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"ULLONG_MAX=%I64x",ULLONG_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10523:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAXLONGLONG=%I64x",MAXLONGLONG);  /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10528:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"LLONG_MAX=%llx",LLONG_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10532:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"ULLONG_MAX=%llx",ULLONG_MAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10536:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAXLONGLONG=%llx",MAXLONGLONG);  /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10541:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"_INTEGRAL_MAX_BITS=%d",_INTEGRAL_MAX_BITS);  /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10547:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MINPUTMAX=%d",MINPUTMAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10552:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAXWLD=%d",MAXWLD); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10561:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MSENDMAX=%d",MSENDMAX); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10566:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAXDDIR=%d",MAXDDIR); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10571:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"MAXDNUMS=%d",MAXDNUMS); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:10582:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"__VMS_VER=%d",__VMS_VER); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:11662:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"__DECC_VER=%d",__DECC_VER); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:11667:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"__CRTL_VER=%d",__CRTL_VER); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:11875:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"SYSLOGLEVEL=%d",SYSLOGLEVEL); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12637:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(line,"sizeofs: int=%d",size); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12641:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(line,"long=%d",size); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12647:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(line,"off_t=%d",size); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12652:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(line,"CK_OFF_T=%d",size); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12657:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(line,"size_t=%d",size); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12662:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(line,"short=%d",size); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12666:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(line,"char=%d",size); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12670:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(line,"char*=%d",size); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12674:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(line,"float=%d",size); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12678:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(line,"double=%d",size); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12685:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"precision=%d",fp_digits); /* SAFE */
data/ckermit-305~alpha02/ckuus5.c:12687:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(line,"rounding=%d",fp_rounding); /* SAFE */
data/ckermit-305~alpha02/ckuus6.c:169:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char chgsourcedir[MAXPATHLEN+1] = { 0,0 }; /* Source directory for CHANGE */
data/ckermit-305~alpha02/ckuus6.c:170:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char chgdestdir[MAXPATHLEN+1] = { 0,0 }; /* Destination directory for CHANGE */
data/ckermit-305~alpha02/ckuus6.c:171:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char chgbackupdir[MAXPATHLEN+1] = { 0,0 }; /* Backup directory for CHANGE */
data/ckermit-305~alpha02/ckuus6.c:759:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ifcond[IFCONDLEN];                 /* IF condition text */
data/ckermit-305~alpha02/ckuus6.c:814:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *m_arg[MACLEVEL][NARGS];    /* Stack of macro arguments */
data/ckermit-305~alpha02/ckuus6.c:923:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dfbuf[1024];			/* Buffer for default answer */
data/ckermit-305~alpha02/ckuus6.c:926:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vnambuf[VNAML+1];              /* Buffer for variable names */
data/ckermit-305~alpha02/ckuus6.c:1371:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmp[16];
data/ckermit-305~alpha02/ckuus6.c:1395:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(tmp,"%d",x);    /* SAFE */
data/ckermit-305~alpha02/ckuus6.c:1479:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vnambuf[VNAML+1];              /* Buffer for variable names */
data/ckermit-305~alpha02/ckuus6.c:1560:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *vnp, vnbuf[4];
data/ckermit-305~alpha02/ckuus6.c:1729:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vnambuf[VNAML+1];              /* Buffer for variable names */
data/ckermit-305~alpha02/ckuus6.c:1867:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *dn_p[MAXDNUMS + 1];        /* Dial Number pointers */
data/ckermit-305~alpha02/ckuus6.c:1868:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *dn_p2[MAXDNUMS + 1];       /* Converted dial number pointers */
data/ckermit-305~alpha02/ckuus6.c:1942:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char pdsfx[64] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus6.c:1977:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ccbuf[128];
data/ckermit-305~alpha02/ckuus6.c:1979:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char acbuf[24];
data/ckermit-305~alpha02/ckuus6.c:1981:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outbuf[256];
data/ckermit-305~alpha02/ckuus6.c:2069:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    cc = atoi(ccbuf);                   /* Numeric version of country code */
data/ckermit-305~alpha02/ckuus6.c:2097:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    i = atoi(ccbuf);
data/ckermit-305~alpha02/ckuus6.c:2215:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char * icp, buf[32];
data/ckermit-305~alpha02/ckuus6.c:2279:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char xbuf[256];                 /* Comparison based only on length */
data/ckermit-305~alpha02/ckuus6.c:2280:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ybuf[256];
data/ckermit-305~alpha02/ckuus6.c:2327:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char * icp, buf[32];
data/ckermit-305~alpha02/ckuus6.c:2431:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char linebuf[1024], *s2;            /* Buffers and pointers */
data/ckermit-305~alpha02/ckuus6.c:2435:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *info[8];                      /* Pointers to words from entry */
data/ckermit-305~alpha02/ckuus6.c:2467:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((f = fopen(s2,"r")) == NULL) {  /* Reopen old file with wierd name */
data/ckermit-305~alpha02/ckuus6.c:2476:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((f2 = fopen(s,"w")) == NULL) {  /* Create new file with old name */
data/ckermit-305~alpha02/ckuus6.c:2536:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *info[7];                      /* Pointers to words from entry */
data/ckermit-305~alpha02/ckuus6.c:2586:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((f = fopen(dialdir[dd],"r")) == NULL) { /* Open it */
data/ckermit-305~alpha02/ckuus6.c:2826:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char pnbuf[128];
data/ckermit-305~alpha02/ckuus6.c:2868:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        xlcc = atoi(diallcc);           /* local country code. */
data/ckermit-305~alpha02/ckuus6.c:3157:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            extern char *nh_px[4][MAXDNUMS+1];
data/ckermit-305~alpha02/ckuus6.c:3295:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char msgbuf[128];
data/ckermit-305~alpha02/ckuus6.c:3431:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char * p, name[72];         /* in window list. */
data/ckermit-305~alpha02/ckuus6.c:3790:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf,mbuf,xn);
data/ckermit-305~alpha02/ckuus6.c:3888:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[TYPBUFL+2];
data/ckermit-305~alpha02/ckuus6.c:3932:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        ofp = fopen(outfile,"w");       /* Open output file */
data/ckermit-305~alpha02/ckuus6.c:4112:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char pbuf[64];
data/ckermit-305~alpha02/ckuus6.c:4130:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy((char *)line+pfxlen,(char *)buf,len);
data/ckermit-305~alpha02/ckuus6.c:4134:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy((char *)buf,(char *)line,len);
data/ckermit-305~alpha02/ckuus6.c:4138:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(line,"%4d. ",typ_lines);
data/ckermit-305~alpha02/ckuus6.c:4142:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy((char *)&line[x],(char *)buf,len);
data/ckermit-305~alpha02/ckuus6.c:4143:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy((char *)buf,(char *)line,len);
data/ckermit-305~alpha02/ckuus6.c:4181:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char *)buf,(char *)obuf,i); /* Copy it back */
data/ckermit-305~alpha02/ckuus6.c:4194:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(tail[k],buf,len);
data/ckermit-305~alpha02/ckuus6.c:4381:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c, name[CKMAXPATH+1], outfile[CKMAXPATH+1], *p, *s, *cv = NULL;
data/ckermit-305~alpha02/ckuus6.c:4545:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        ofp = fopen(outfile,"w");       /* Open output file */
data/ckermit-305~alpha02/ckuus6.c:4660:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fp = fopen(name,"r");           /* Open */
data/ckermit-305~alpha02/ckuus6.c:4700:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char nbuf[32];
data/ckermit-305~alpha02/ckuus6.c:5158:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[CKMAXPATH+1], outfile[CKMAXPATH+1], *p = NULL, c = NUL;
data/ckermit-305~alpha02/ckuus6.c:5159:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char linebuf[CKMAXPATH+CKMAXPATH+256];
data/ckermit-305~alpha02/ckuus6.c:5160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char string1[1024], string2[1024]; 	/* For CHANGE */
data/ckermit-305~alpha02/ckuus6.c:5161:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char modtime[100];
data/ckermit-305~alpha02/ckuus6.c:5184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbuf[256], xbuf[32];
data/ckermit-305~alpha02/ckuus6.c:5201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * xlist[16];
data/ckermit-305~alpha02/ckuus6.c:5707:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    fp = fopen(s,"w");	/* Create it */
data/ckermit-305~alpha02/ckuus6.c:5759:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        ofp = fopen(outfile,"w");       /* open it */
data/ckermit-305~alpha02/ckuus6.c:5775:15:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
              strcat(s, "./*");
data/ckermit-305~alpha02/ckuus6.c:5777:15:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
              strcat(s, "/*");
data/ckermit-305~alpha02/ckuus6.c:5787:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuus6.c:5796:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(s, "*.*");
data/ckermit-305~alpha02/ckuus6.c:5802:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(s, ":+");
data/ckermit-305~alpha02/ckuus6.c:5808:11:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
          strcat(s, ">*");
data/ckermit-305~alpha02/ckuus6.c:5960:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char dbuf[MAXPATHLEN+1];
data/ckermit-305~alpha02/ckuus6.c:5961:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char bbuf[MAXPATHLEN+1];
data/ckermit-305~alpha02/ckuus6.c:6037:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char backupfile[MAXPATHLEN+1]; /* Backup file */
data/ckermit-305~alpha02/ckuus6.c:6038:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmpfile[MAXPATHLEN];	/* Buffer for filename */
data/ckermit-305~alpha02/ckuus6.c:6038:11:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	    char tmpfile[MAXPATHLEN];	/* Buffer for filename */
data/ckermit-305~alpha02/ckuus6.c:6039:19:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	    char * tdp = tmpfile;	/* Temporary directory path */
data/ckermit-305~alpha02/ckuus6.c:6088:27:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                ckstrncpy(tmpfile,tempdir,MAXPATHLEN); /* Temp directory */
data/ckermit-305~alpha02/ckuus6.c:6089:27:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                ckstrncat(tmpfile,"__x",MAXPATHLEN); /* Temp filespec */
data/ckermit-305~alpha02/ckuus6.c:6094:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    ofp = fopen(tmpfile,"w"); /* Open temporary file */
data/ckermit-305~alpha02/ckuus6.c:6094:33:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                    ofp = fopen(tmpfile,"w"); /* Open temporary file */
data/ckermit-305~alpha02/ckuus6.c:6095:58:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                    debug(F110,"CHANGE in place tmpfile",tmpfile,0);
data/ckermit-305~alpha02/ckuus6.c:6098:32:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                               tmpfile,ck_errstr());
data/ckermit-305~alpha02/ckuus6.c:6106:27:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                ckstrncpy(tmpfile,chgdestdir,MAXPATHLEN);
data/ckermit-305~alpha02/ckuus6.c:6107:45:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                debug(F110,"CHANGE tmpfile",tmpfile,0);
data/ckermit-305~alpha02/ckuus6.c:6111:31:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                    ckstrncat(tmpfile,STRDIRSEP,MAXPATHLEN);
data/ckermit-305~alpha02/ckuus6.c:6114:27:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                ckstrncat(tmpfile,p2,MAXPATHLEN);
data/ckermit-305~alpha02/ckuus6.c:6115:51:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                debug(F110,"CHANGE final tmpfile",tmpfile,0);
data/ckermit-305~alpha02/ckuus6.c:6117:57:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                    printf("Would create new file %s\n",tmpfile);
data/ckermit-305~alpha02/ckuus6.c:6119:55:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                    debug(F110,"CHANGE /dest tmpfile",tmpfile,0);
data/ckermit-305~alpha02/ckuus6.c:6120:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    ofp = fopen(tmpfile,"w"); /* Open temporary file */
data/ckermit-305~alpha02/ckuus6.c:6120:33:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                    ofp = fopen(tmpfile,"w"); /* Open temporary file */
data/ckermit-305~alpha02/ckuus6.c:6123:32:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                               tmpfile,ck_errstr());
data/ckermit-305~alpha02/ckuus6.c:6145:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    bfp = fopen(backupfile,"w"); /* Open temporary file */
data/ckermit-305~alpha02/ckuus6.c:6154:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((ifp = fopen(name,"r")) == NULL) { /* Open input file */
data/ckermit-305~alpha02/ckuus6.c:6211:36:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                                   tmpfile,ck_errstr());
data/ckermit-305~alpha02/ckuus6.c:6232:59:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                        printf("?%s: Write failed - %s\n",tmpfile,ck_errstr());
data/ckermit-305~alpha02/ckuus6.c:6241:40:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                                       tmpfile,ck_errstr());
data/ckermit-305~alpha02/ckuus6.c:6248:44:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                                           tmpfile,ck_errstr());
data/ckermit-305~alpha02/ckuus6.c:6274:24:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                zdelet(tmpfile);
data/ckermit-305~alpha02/ckuus6.c:6279:37:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                        x = zrename(tmpfile,name); /* Replace original file */
data/ckermit-305~alpha02/ckuus6.c:6282:36:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                                   tmpfile, name);
data/ckermit-305~alpha02/ckuus6.c:6283:36:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                            zdelet(tmpfile); /* delete temporary file */
data/ckermit-305~alpha02/ckuus6.c:6288:34:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                        result = tmpfile; 
data/ckermit-305~alpha02/ckuus6.c:6316:28:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
                    zdelet(tmpfile);	/* Delete temporary file */
data/ckermit-305~alpha02/ckuus6.c:6465:15:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
              strcpy(linebuf+n, " -> "); /* safe (checked) */
data/ckermit-305~alpha02/ckuus6.c:6994:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char safebuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuus6.c:7007:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * dxlist[8];
data/ckermit-305~alpha02/ckuus6.c:7736:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char brbuf[3];
data/ckermit-305~alpha02/ckuus6.c:7836:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loopvar[8], loopvar2[8];       /* \%x-style loop variable */
data/ckermit-305~alpha02/ckuus6.c:7886:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmpbuf,"%d",fx);            /* (SAFE) Substitute actual value */
data/ckermit-305~alpha02/ckuus6.c:7904:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmpbuf,"%d",fy);            /* SAFE */
data/ckermit-305~alpha02/ckuus6.c:7926:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                fz = atoi(s);
data/ckermit-305~alpha02/ckuus6.c:7940:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmpbuf,"%d",fz);            /* (SAFE) Same deal */
data/ckermit-305~alpha02/ckuus6.c:8142:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char now[32];           /* Current time */
data/ckermit-305~alpha02/ckuus6.c:8147:24:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus6.c:8147:45:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus6.c:8147:64:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus6.c:8247:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filedate[32];
data/ckermit-305~alpha02/ckuus6.c:8295:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char now[32];               /* Current time */
data/ckermit-305~alpha02/ckuus6.c:8300:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus6.c:8300:41:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus6.c:8300:60:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuus6.c:8560:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[CKMAXPATH];            /* (too much) */
data/ckermit-305~alpha02/ckuus6.c:8620:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newname[CKMAXPATH], * nm;
data/ckermit-305~alpha02/ckuus6.c:8843:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char d1[20], * d2;
data/ckermit-305~alpha02/ckuus6.c:8975:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ibuf[100];
data/ckermit-305~alpha02/ckuus6.c:8976:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char obuf[200];
data/ckermit-305~alpha02/ckuus6.c:8980:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((in = fopen(line,"r")) == NULL) { /* Open input file */
data/ckermit-305~alpha02/ckuus6.c:9005:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((out = fopen(p, (appending ? "a" : "w"))) == NULL) {
data/ckermit-305~alpha02/ckuus6.c:9064:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                if ((out = fopen(p,appending ? "a" : "w")) == NULL) {
data/ckermit-305~alpha02/ckuus6.c:9183:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cvtbufin[CKMAXPATH+8] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus6.c:9184:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cvtbufout[CKMAXPATH+8] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus6.c:9247:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * ren_sub[4] = { NULL,NULL,NULL,NULL }; /* For RENAME /REPLACE */
data/ckermit-305~alpha02/ckuus6.c:9342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[CKMAXPATH];		/* Temporary filename buffer */
data/ckermit-305~alpha02/ckuus6.c:9343:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[CKMAXPATH];		/* Buffer for new name */
data/ckermit-305~alpha02/ckuus6.c:9344:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dir[CKMAXPATH];		/* Destination directory */
data/ckermit-305~alpha02/ckuus6.c:9345:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pat[CKMAXPATH];		/* Path segment on old filename */
data/ckermit-305~alpha02/ckuus6.c:9452:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char c, *p, *s, *bp[3];
data/ckermit-305~alpha02/ckuus6.c:9603:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[CKMAXPATH];
data/ckermit-305~alpha02/ckuus6.c:9974:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[CKMAXPATH];            /* (too much) */
data/ckermit-305~alpha02/ckuus6.c:10001:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[CKMAXPATH+2];
data/ckermit-305~alpha02/ckuus6.c:10028:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[CKMAXPATH+2];
data/ckermit-305~alpha02/ckuus6.c:11174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c, *p,  mbuf[4];
data/ckermit-305~alpha02/ckuus6.c:11276:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmplbl[LBLSIZ+1], *lp;	        /* Current label from command stream */
data/ckermit-305~alpha02/ckuus6.c:11277:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp2[LBLSIZ+1];		/* SWITCH label conversion buffer */
data/ckermit-305~alpha02/ckuus6.c:11278:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp3[LBLSIZ+1];		/* Target label */
data/ckermit-305~alpha02/ckuus6.c:11596:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char boolval[BOOLLEN];
data/ckermit-305~alpha02/ckuus6.c:11612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char varnam[VNAML+1];
data/ckermit-305~alpha02/ckuus6.c:11727:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    cmresult.nresult = atoi(s);
data/ckermit-305~alpha02/ckuus6.c:11824:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char line[256];
data/ckermit-305~alpha02/ckuus6.c:11881:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char line[32];
data/ckermit-305~alpha02/ckuus6.c:12230:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char d1[20], * d2;              /* Buffers for 2 dates */
data/ckermit-305~alpha02/ckuus6.c:12279:39:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            z = (tod2sec(tmpbuf+9) >= atol(alrm_time)) ? 1 : -1;
data/ckermit-305~alpha02/ckuus6.c:12630:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    z = atoi(evalx(boolval));
data/ckermit-305~alpha02/ckuus6.c:12699:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char e[5];
data/ckermit-305~alpha02/ckuus6.c:12851:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((tfile[++tlevel] = fopen(s,"r")) == NULL) {
data/ckermit-305~alpha02/ckuus7.c:220:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char sl_uidbuf[UIDBUFLEN] = { NUL, NUL };
data/ckermit-305~alpha02/ckuus7.c:387:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *nh_p[MAXDNUMS + 1];               /* Network directory entry pointers */
data/ckermit-305~alpha02/ckuus7.c:388:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *nh_p2[MAXDNUMS + 1];              /* Network directory entry nettype */
data/ckermit-305~alpha02/ckuus7.c:389:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *nh_px[4][MAXDNUMS + 1];           /* Network-specific stuff... */
data/ckermit-305~alpha02/ckuus7.c:557:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char slat_pwd[18];
data/ckermit-305~alpha02/ckuus7.c:841:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char xmitbuf[XMBUFL+1] = { NUL };       /* TRANSMIT eof string */
data/ckermit-305~alpha02/ckuus7.c:2338:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[32];
data/ckermit-305~alpha02/ckuus7.c:2339:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf2[16];
data/ckermit-305~alpha02/ckuus7.c:2366:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    range[i] = atoi(buf2);
data/ckermit-305~alpha02/ckuus7.c:2538:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return(atoi(p));
data/ckermit-305~alpha02/ckuus7.c:2707:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[CKMAXPATH+4];
data/ckermit-305~alpha02/ckuus7.c:2708:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char basebuf[CKMAXPATH+4];
data/ckermit-305~alpha02/ckuus7.c:2715:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * pxlist[8];                   /* Exception list */
data/ckermit-305~alpha02/ckuus7.c:3486:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char temp[34];
data/ckermit-305~alpha02/ckuus7.c:3644:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char * tmp[FTPATTERNS];
data/ckermit-305~alpha02/ckuus7.c:3822:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * putenvs[NPUTENVS];	/* Array of environment var strings */
data/ckermit-305~alpha02/ckuus7.c:3946:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char iactbuf[132];
data/ckermit-305~alpha02/ckuus7.c:3983:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(q,"\\{%d}",c);
data/ckermit-305~alpha02/ckuus7.c:6057:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        free((char *)macrotab[kc]);
data/ckermit-305~alpha02/ckuus7.c:6488:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         strcpy((char *) mousemap[button][event].macro.string, s); /* safe */
data/ckermit-305~alpha02/ckuus7.c:7543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *s, sbuf[50], *s2;
data/ckermit-305~alpha02/ckuus7.c:7820:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char buf[2];
data/ckermit-305~alpha02/ckuus7.c:7846:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char buf[VNAML];
data/ckermit-305~alpha02/ckuus7.c:7879:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char buf[TMPBUFSIZ];
data/ckermit-305~alpha02/ckuus7.c:7905:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char buf[TMPBUFSIZ];
data/ckermit-305~alpha02/ckuus7.c:8525:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *info[8];
data/ckermit-305~alpha02/ckuus7.c:8551:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((f = fopen(netdir[dd],"r")) == NULL) { /* Open it */
data/ckermit-305~alpha02/ckuus7.c:8843:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char srvbuf[SRVBUFSIZ+1];		/* Service */
data/ckermit-305~alpha02/ckuus7.c:8844:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hostbuf[HOSTNAMLEN];		/* Host buffer to manipulate */
data/ckermit-305~alpha02/ckuus7.c:8845:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hostname[HOSTNAMLEN];		/* Copy of host parameter */
data/ckermit-305~alpha02/ckuus7.c:9080:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			  closgr = atoi(nh_px[k][i]+4);
data/ckermit-305~alpha02/ckuus7.c:9097:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				  x3par = atoi(s1);
data/ckermit-305~alpha02/ckuus7.c:9102:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				  x3val = atoi(s1);
data/ckermit-305~alpha02/ckuus7.c:9507:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tgt[256];
data/ckermit-305~alpha02/ckuus7.c:9534:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tgt[256];
data/ckermit-305~alpha02/ckuus7.c:9609:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char uid[UIDBUFLEN];
data/ckermit-305~alpha02/ckuus7.c:9610:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char pwd[256];
data/ckermit-305~alpha02/ckuus7.c:10250:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char srvbuf[SRVBUFSIZ+1];
data/ckermit-305~alpha02/ckuus7.c:11448:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char z_name[CKMAXPATH+2];           /* and the file's name. */
data/ckermit-305~alpha02/ckuus7.c:11668:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    t = fopen(name, mode);              /* Try to open the file. */
data/ckermit-305~alpha02/ckuus7.c:12006:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[256];
data/ckermit-305~alpha02/ckuus7.c:12106:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    return((char *)(z_file[channel]->z_name));
data/ckermit-305~alpha02/ckuus7.c:12331:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vnambuf[VNAML];                /* Buffer for variable names */
data/ckermit-305~alpha02/ckuus7.c:12333:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char zfilnam[CKMAXPATH+2];
data/ckermit-305~alpha02/ckuus7.c:13108:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  char m[8];
data/ckermit-305~alpha02/ckuus7.c:13228:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/ckermit-305~alpha02/ckuus7.c:13278:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                int len = strlen((char *)macrotab[i]);
data/ckermit-305~alpha02/ckuus7.c:13382:23:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                      sprintf(buf, "set key \\%d \\{%d}", i, keymap[i]);
data/ckermit-305~alpha02/ckuus7.c:14526:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmphlp[256];                   /* For building help message */
data/ckermit-305~alpha02/ckuus7.c:14533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * tmpaddrs[KRB5_NUM_OF_ADDRS];
data/ckermit-305~alpha02/ckuus7.c:14802:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(tmpbuf,"%d",    /* SAFE */
data/ckermit-305~alpha02/ckuus7.c:14934:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char prmpt[80];
data/ckermit-305~alpha02/ckuus7.c:14945:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char passwd[80]="";
data/ckermit-305~alpha02/ckuus7.c:15254:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char prmpt[80];
data/ckermit-305~alpha02/ckuusr.c:381:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ftpapp[CKMAXPATH+1] = { NUL, NUL }; /* ftp executable */
data/ckermit-305~alpha02/ckuusr.c:382:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ftpopts[128] = { NUL, NUL };	/* ftp command-line options */
data/ckermit-305~alpha02/ckuusr.c:388:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char savdir[TMPDIRLEN];			/* For saving current directory */
data/ckermit-305~alpha02/ckuusr.c:499:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char evalbuf[33];			/* EVALUATE result */
data/ckermit-305~alpha02/ckuusr.c:504:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *ms[MINPMAX];			/* Pointers to MINPUT strings */
data/ckermit-305~alpha02/ckuusr.c:515:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char psave[PROMPTL] = { NUL };		/* For saving & restoring prompt */
data/ckermit-305~alpha02/ckuusr.c:539:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char varnam[6];				/* For variable names */
data/ckermit-305~alpha02/ckuusr.c:542:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *m_arg[MACLEVEL][NARGS];	/* Stack of macro arguments */
data/ckermit-305~alpha02/ckuusr.c:556:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char alrm_date[24] = { ' ',' ',' ',' ',' ',' ',' ',' ',' ' };
data/ckermit-305~alpha02/ckuusr.c:557:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char alrm_time[24] = { ' ',' ',' ',' ',' ',' ',' ' };
data/ckermit-305~alpha02/ckuusr.c:3531:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char locmsg[300];
data/ckermit-305~alpha02/ckuusr.c:5336:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *g_tt_trigger[TRIGGERS];
data/ckermit-305~alpha02/ckuusr.c:5537:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      if (tt_idlesnd_str = (char *)malloc((int)strlen(pv[CONN_IS].sval)+1))
data/ckermit-305~alpha02/ckuusr.c:5604:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * tmp[FTPATTERNS];
data/ckermit-305~alpha02/ckuusr.c:5877:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * hdrlist[HTTP_MAXHDR];
data/ckermit-305~alpha02/ckuusr.c:5878:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rfile[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuusr.c:6034:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[64];
data/ckermit-305~alpha02/ckuusr.c:6036:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[64];			/* Local temporary string buffer */
data/ckermit-305~alpha02/ckuusr.c:6218:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    free((char *)a_ptr[x]);		/* Free original array list */
data/ckermit-305~alpha02/ckuusr.c:6373:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char **aa_ptr[CMDSTKL][28];
data/ckermit-305~alpha02/ckuusr.c:6705:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vnambuf[VNAML], * vnp = NULL;	/* These must be on the stack */
data/ckermit-305~alpha02/ckuusr.c:7172:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rdns[128];
data/ckermit-305~alpha02/ckuusr.c:7437:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char buf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuusr.c:7816:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/ckermit-305~alpha02/ckuusr.c:7907:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        printf((char *)s[i],s2);	/* Print a line. */
data/ckermit-305~alpha02/ckuusr.c:7983:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char errmsgbuf[ERRMSGBUFSIZ] = { '\0' };
data/ckermit-305~alpha02/ckuusr.c:7986:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * tmperrbuf[ERRMSGBUFSIZ];
data/ckermit-305~alpha02/ckuusr.c:7995:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nbuf[20];
data/ckermit-305~alpha02/ckuusr.c:8251:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mnamebuf[16];		/* (buffer for controlled temp name) */
data/ckermit-305~alpha02/ckuusr.c:8385:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(mnamebuf," ..tmp:%03d",cmdlvl);	/* safe (16) */
data/ckermit-305~alpha02/ckuusr.c:9355:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char updstr[2048];
data/ckermit-305~alpha02/ckuusr.c:9523:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char now[32];	/* Current time */
data/ckermit-305~alpha02/ckuusr.c:9528:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuusr.c:9528:35:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuusr.c:9528:54:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuusr.c:10012:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char now[32];	/* Current time */
data/ckermit-305~alpha02/ckuusr.c:10017:14:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuusr.c:10017:35:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuusr.c:10017:54:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    tnow = atol(p+11) * 3600L + atol(p+14) * 60L + atol(p+17);
data/ckermit-305~alpha02/ckuusr.c:10094:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char * args[256];
data/ckermit-305~alpha02/ckuusr.c:10381:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char takepath[TAKEPATHLEN];
data/ckermit-305~alpha02/ckuusr.c:12266:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pfxbuf[64], * prefix = NULL;
data/ckermit-305~alpha02/ckuusr.c:12267:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outfile[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuusr.c:12276:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char guibuf[128], * gui_title = NULL;
data/ckermit-305~alpha02/ckuusr.c:12897:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char * list[65];
data/ckermit-305~alpha02/ckuusr.c:13387:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		learnfp = fopen(learnfile,modes);
data/ckermit-305~alpha02/ckuusr.c:13445:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char * s, *p, vbuf[32];
data/ckermit-305~alpha02/ckuusr.c:13446:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char * vars[16];       char * legend[16];
data/ckermit-305~alpha02/ckuusr.c:13446:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char * vars[16];       char * legend[16];
data/ckermit-305~alpha02/ckuusx.c:228:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char debfil[CKMAXPATH+1];               /* Debugging log file name */
data/ckermit-305~alpha02/ckuusx.c:232:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char trafil[CKMAXPATH+1];               /* Transaction log file name */
data/ckermit-305~alpha02/ckuusx.c:235:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char sesfil[CKMAXPATH+1];               /* Session log file name */
data/ckermit-305~alpha02/ckuusx.c:238:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char diafil[CKMAXPATH+1];               /* Connection log file name */
data/ckermit-305~alpha02/ckuusx.c:239:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char cxlogbuf[CXLOGBUFL+1];             /* Connection log record buffer */
data/ckermit-305~alpha02/ckuusx.c:248:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cmdstr[256];
data/ckermit-305~alpha02/ckuusx.c:250:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cmdstr[4096];
data/ckermit-305~alpha02/ckuusx.c:255:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char fspec[CMDBL+4];                    /* Filename string for \v(filespec) */
data/ckermit-305~alpha02/ckuusx.c:258:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char fspec[CKMAXPATH+4];
data/ckermit-305~alpha02/ckuusx.c:355:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char xtrmbuf[TRMBUFL];           /* tgetent() buffer */
data/ckermit-305~alpha02/ckuusx.c:393:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char pktfil[CKMAXPATH+1];               /* Packet log file name */
data/ckermit-305~alpha02/ckuusx.c:396:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *msfiles[MSENDMAX];
data/ckermit-305~alpha02/ckuusx.c:458:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char dbrec[DB_RECL];                    /* Database record buffer */
data/ckermit-305~alpha02/ckuusx.c:462:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char myhexip[33] = { NUL, NUL };        /* My IP address in hex */
data/ckermit-305~alpha02/ckuusx.c:463:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char peerhexip[33] = { NUL, NUL };      /* Client's IP address in hex */
data/ckermit-305~alpha02/ckuusx.c:1005:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      return((char *) sys_errlist[errno]);
data/ckermit-305~alpha02/ckuusx.c:1020:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      return((char *) sys_errlist[errno]);
data/ckermit-305~alpha02/ckuusx.c:1035:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      return((char *) sys_errlist[errno]);
data/ckermit-305~alpha02/ckuusx.c:1055:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         (char *) sys_errlist[errno]
data/ckermit-305~alpha02/ckuusx.c:1083:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *txtpatterns[FTPATTERNS+1] = { NULL, NULL };
data/ckermit-305~alpha02/ckuusx.c:1084:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *binpatterns[FTPATTERNS+1] = { NULL, NULL };
data/ckermit-305~alpha02/ckuusx.c:1097:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *txtp[SYS_MAX][FTPATTERNS] = {
data/ckermit-305~alpha02/ckuusx.c:1165:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *binp[SYS_MAX][FTPATTERNS] = {
data/ckermit-305~alpha02/ckuusx.c:1321:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuusx.c:1457:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[SCANFILEBUF];	/* File data buffer for analysis */
data/ckermit-305~alpha02/ckuusx.c:1538:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(name, "rb");		/* Open the file in binary mode */
data/ckermit-305~alpha02/ckuusx.c:1540:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(name, "r");
data/ckermit-305~alpha02/ckuusx.c:2789:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char s[8];
data/ckermit-305~alpha02/ckuusx.c:3249:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        f = fopen(dftty, "w");          /* open the controlling terminal */
data/ckermit-305~alpha02/ckuusx.c:3396:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tbuf[10];
data/ckermit-305~alpha02/ckuusx.c:3501:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char s[TBUFL];
data/ckermit-305~alpha02/ckuusx.c:3512:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(sp,"?T-Log string too long");
data/ckermit-305~alpha02/ckuusx.c:3525:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(sp,"?String too long");
data/ckermit-305~alpha02/ckuusx.c:3533:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(sp,"?String too long");
data/ckermit-305~alpha02/ckuusx.c:3542:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(sp,"?String too long");
data/ckermit-305~alpha02/ckuusx.c:3550:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(sp,"?String too long");
data/ckermit-305~alpha02/ckuusx.c:3559:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(sp,"?String too long");
data/ckermit-305~alpha02/ckuusx.c:3565:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(sp,"?Invalid format for tlog() - %d",f);
data/ckermit-305~alpha02/ckuusx.c:3596:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sep[2];
data/ckermit-305~alpha02/ckuusx.c:3597:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[CKMAXPATH+256], * bufp;
data/ckermit-305~alpha02/ckuusx.c:3598:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[32];
data/ckermit-305~alpha02/ckuusx.c:3942:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[80];
data/ckermit-305~alpha02/ckuusx.c:3992:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fbuf[80];                   /* Filename buffer */
data/ckermit-305~alpha02/ckuusx.c:3993:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char abuf[80];                   /* As-name buffer */
data/ckermit-305~alpha02/ckuusx.c:3994:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char a2buf[80];                  /* Second As-name buffer */
data/ckermit-305~alpha02/ckuusx.c:4207:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[128];
data/ckermit-305~alpha02/ckuusx.c:4259:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[80];
data/ckermit-305~alpha02/ckuusx.c:4918:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char envstr[64];
data/ckermit-305~alpha02/ckuusx.c:5059:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(envstr,"%d", exitstat | code); /* SAFE */
data/ckermit-305~alpha02/ckuusx.c:5229:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *tb, tsbuf[48];
data/ckermit-305~alpha02/ckuusx.c:5233:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tsbuf+19,".%03ld ",ztmsec); /* SAFE */
data/ckermit-305~alpha02/ckuusx.c:5267:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(dbptr,"DEBUG: Buffer expanded to %d\n", x + 18);
data/ckermit-305~alpha02/ckuusx.c:5277:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(sp,"%.100s%.2000s:%c\n",s1,s2,(CHAR) n);
data/ckermit-305~alpha02/ckuusx.c:5279:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(sp,"%.100s%.2000s:^%c\n",s1,s2,(CHAR) ((n+64) & 0x7F));
data/ckermit-305~alpha02/ckuusx.c:5281:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(sp,"%.100s%.2000s:~^%c\n",s1,s2,(CHAR)((n-64) & 0x7F));
data/ckermit-305~alpha02/ckuusx.c:5283:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(sp,"%.100s%.2000s:~%c\n",s1,s2,(CHAR) (n & 0x7F));
data/ckermit-305~alpha02/ckuusx.c:5284:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        else sprintf(sp,"%.100s%.2000s:%ld\n",s1,s2,n);
data/ckermit-305~alpha02/ckuusx.c:5513:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(sp,"\n?Invalid format for debug() - %d\n",f);
data/ckermit-305~alpha02/ckuusx.c:5543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[8];
data/ckermit-305~alpha02/ckuusx.c:5701:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char ts[48];		/* timestamp buffer */
data/ckermit-305~alpha02/ckuusx.c:5705:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(&ts[19],".%03ld: ",ztmsec); /* SAFE */
data/ckermit-305~alpha02/ckuusx.c:6222:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[255];
data/ckermit-305~alpha02/ckuusx.c:6240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[255];
data/ckermit-305~alpha02/ckuusx.c:6450:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cur_cls[32] = { NUL, NUL };
data/ckermit-305~alpha02/ckuusx.c:6451:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cur_cleol[32] = { NUL, NUL };
data/ckermit-305~alpha02/ckuusx.c:6452:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char cur_cm[64] = { NUL, NUL };
data/ckermit-305~alpha02/ckuusx.c:6453:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tgsbuf[128] = { NUL, NUL };
data/ckermit-305~alpha02/ckuusx.c:6965:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xferstr[256];
data/ckermit-305~alpha02/ckuusx.c:7390:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[30];
data/ckermit-305~alpha02/ckuusx.c:7436:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char speedbuf[64] ;
data/ckermit-305~alpha02/ckuusx.c:7437:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(speedbuf, "%ld", speed);
data/ckermit-305~alpha02/ckuusx.c:7867:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ws[16];
data/ckermit-305~alpha02/ckuusx.c:7873:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(ws,"STREAMING");
data/ckermit-305~alpha02/ckuusx.c:7880:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(ws, "%d of %d", wcur < 1 ? 1 : wcur, wslotn);
data/ckermit-305~alpha02/ckuusx.c:7909:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char type[2];
data/ckermit-305~alpha02/ckuusx.c:7910:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(type, "%c",c);
data/ckermit-305~alpha02/ckuusx.c:8244:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char errbuf[64] ;
data/ckermit-305~alpha02/ckuusx.c:8304:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char msgbuf[128];
data/ckermit-305~alpha02/ckuusx.c:8608:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[30];
data/ckermit-305~alpha02/ckuusx.c:8636:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char speedbuf[64] ;
data/ckermit-305~alpha02/ckuusx.c:8637:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(speedbuf, "%ld", speed);
data/ckermit-305~alpha02/ckuusx.c:8731:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char msgbuf[128];
data/ckermit-305~alpha02/ckuusx.c:8767:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char msgbuf[64];
data/ckermit-305~alpha02/ckuusx.c:8768:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(msgbuf,"00 / 00");
data/ckermit-305~alpha02/ckuusx.c:8776:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char msgbuf[64];
data/ckermit-305~alpha02/ckuusx.c:8777:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(msgbuf,"%02ld / %02d", xx, rcvtimo);
data/ckermit-305~alpha02/ckuusx.c:8800:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ws[16];
data/ckermit-305~alpha02/ckuusx.c:8806:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(ws,"STREAMING");
data/ckermit-305~alpha02/ckuusx.c:8813:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf(ws, "%d of %d", wcur < 1 ? 1 : wcur, wslotn);
data/ckermit-305~alpha02/ckuusx.c:8828:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char type[2];
data/ckermit-305~alpha02/ckuusx.c:8829:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(type, "%c",c);
data/ckermit-305~alpha02/ckuusx.c:9010:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char errbuf[64] ;
data/ckermit-305~alpha02/ckuusx.c:9014:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf( errbuf, "File skipped" ) ;
data/ckermit-305~alpha02/ckuusx.c:9034:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char errbuf[64] ;
data/ckermit-305~alpha02/ckuusx.c:9063:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char msgbuf[128];
data/ckermit-305~alpha02/ckuusx.c:9193:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char lcknam[CKMAXPATH+1];        /* Lockfile pathname */
data/ckermit-305~alpha02/ckuusx.c:9194:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tmplck[CKMAXPATH+1];        /* Temporary lockfile name */
data/ckermit-305~alpha02/ckuusx.c:9271:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(myhexip,"%08lx",myip); /* (Needs fixing for IPv6) */
data/ckermit-305~alpha02/ckuusx.c:9282:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(peerhexip,"%08lx",peerip); /* (Needs fixing for IPv6) */
data/ckermit-305~alpha02/ckuusx.c:9318:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        dbfp = fopen(dbfile,updmode);   /* In update no-truncate mode */
data/ckermit-305~alpha02/ckuusx.c:9449:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/ckermit-305~alpha02/ckuusx.c:9509:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idstring[64];                  /* PID string buffer (decimal) */
data/ckermit-305~alpha02/ckuusx.c:9510:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pidbuf[64], * s;
data/ckermit-305~alpha02/ckuusx.c:9520:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(idstring,"%08lx:%010ld\n",myip,mypid);
data/ckermit-305~alpha02/ckuusx.c:9547:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    rfp = fopen(lcknam,"r");            /* See if lockfile exists */
data/ckermit-305~alpha02/ckuusx.c:9562:35:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        lockpid = atol(s+1); /* Yes, now get PID */
data/ckermit-305~alpha02/ckuusx.c:9611:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    dbfp = fopen(dbfile,updmode);       /* Open it in update mode */
data/ckermit-305~alpha02/ckuusy.c:83:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *nh_px[4][MAXDNUMS + 1];
data/ckermit-305~alpha02/ckuusy.c:219:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char urlbuf[URLBUFLEN];
data/ckermit-305~alpha02/ckuusy.c:491:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * opthlp[128];                     /* Option help */
data/ckermit-305~alpha02/ckuusy.c:492:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * arghlp[128];                     /* Argument for option */
data/ckermit-305~alpha02/ckuusy.c:497:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/ckermit-305~alpha02/ckuusy.c:723:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rdns[128];
data/ckermit-305~alpha02/ckuusy.c:748:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char asname[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuusy.c:898:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				    ssl_verify_flag = atoi(q);
data/ckermit-305~alpha02/ckuusy.c:1538:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char xbuf[32];
data/ckermit-305~alpha02/ckuusy.c:1539:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[128];
data/ckermit-305~alpha02/ckuusy.c:1820:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * xopthlp[XA_MAX+1];               /* Extended option help */
data/ckermit-305~alpha02/ckuusy.c:1821:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * xarghlp[XA_MAX+1];               /* Extended argument for option */
data/ckermit-305~alpha02/ckuusy.c:2382:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuusy.c:2385:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[XARGBUFL], c, * p;
data/ckermit-305~alpha02/ckuusy.c:2605:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        logintimo = atoi(p);
data/ckermit-305~alpha02/ckuusy.c:2693:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	kui_init.pos_x = atoi(p);
data/ckermit-305~alpha02/ckuusy.c:2700:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	kui_init.pos_y = atoi(p);
data/ckermit-305~alpha02/ckuusy.c:2740:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  if (!*q || atoi(q) == 0)
data/ckermit-305~alpha02/ckuusy.c:2743:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  if (atoi(q) != 5)
data/ckermit-305~alpha02/ckuusy.c:2750:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  tt_font_size = kui_init.font_size = 2 * atoi(p) + halfpoint;
data/ckermit-305~alpha02/ckuusy.c:2848:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  if (!os2_settermheight(atoi(p)))
data/ckermit-305~alpha02/ckuusy.c:2852:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  tt_rows = atoi(p);
data/ckermit-305~alpha02/ckuusy.c:2865:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  if (!os2_settermwidth(atoi(p)))
data/ckermit-305~alpha02/ckuusy.c:2869:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  tt_cols = atoi(p);
data/ckermit-305~alpha02/ckuusy.c:3033:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[CKMAXPATH+1];
data/ckermit-305~alpha02/ckuusy.c:3436:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    z = atoi(*xargv);		/* Convert to number */
data/ckermit-305~alpha02/ckuusy.c:3483:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      if (!(p && atoi(p) != 0)) {
data/ckermit-305~alpha02/ckuusy.c:4006:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    z = atoi(*xargv);		/* Convert to number */
data/ckermit-305~alpha02/ckuusy.c:4028:11:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    zz = atol(*xargv);		/* Convert to long int */
data/ckermit-305~alpha02/ckuusy.c:4071:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    z = atoi(*xargv);		/* Convert to number */
data/ckermit-305~alpha02/ckuusy.c:4088:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    z = atoi(*xargv);		/* Convert to number */
data/ckermit-305~alpha02/ckuusy.c:4252:4:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		(atoi(*xargv) < 0) &&
data/ckermit-305~alpha02/ckuusy.c:4253:4:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		(atoi(*xargv) > 9)) {
data/ckermit-305~alpha02/ckwart.c:174:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tokval[MAXWORD];
data/ckermit-305~alpha02/ckwart.c:269:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char wordbuf[MAXWORD];
data/ckermit-305~alpha02/ckwart.c:319:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char wordbuf[MAXWORD];
data/ckermit-305~alpha02/ckwart.c:512:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((infile = fopen(argv[1],"r")) == NULL) {
data/ckermit-305~alpha02/ckwart.c:519:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((outfile = fopen(argv[2],"w")) == NULL) {
data/ckermit-305~alpha02/ck_crp.c:264:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return(strlen(buf));
data/ckermit-305~alpha02/ck_crp.c:5615:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(str) + 1;
data/ckermit-305~alpha02/ck_ssl.c:1175:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return(ok > 0 ? strlen(buf) : 0);
data/ckermit-305~alpha02/ck_ssl.c:2521:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen((char *)gen->d.ia5->data) != gen->d.ia5->length) {
data/ckermit-305~alpha02/ck_ssl.c:2558:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (strlen(name) != name_text_len) {
data/ckermit-305~alpha02/ck_ssl.c:2846:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen((char *)gen->d.ia5->data) != gen->d.ia5->length) {
data/ckermit-305~alpha02/ck_ssl.c:2913:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p1 += strlen(p1) + 1;
data/ckermit-305~alpha02/ck_ssl.c:2914:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p2 += strlen(p2) + 1;
data/ckermit-305~alpha02/ck_ssl.c:4338:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(gen->d.ia5->data) != gen->d.ia5->length) {
data/ckermit-305~alpha02/ck_ssl.c:4418:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pwd->pw_dir) > 500)
data/ckermit-305~alpha02/ckcdeb.h:1351:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef getchar
data/ckermit-305~alpha02/ckcdeb.h:1352:9:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define getchar()   mac_getchar()
data/ckermit-305~alpha02/ckcfn2.c:538:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			rln = (int)strlen((char *) rdatap);
data/ckermit-305~alpha02/ckcfn2.c:1716:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = spack('Y',n,(int)strlen((char *)s),s); /* Now send it. */
data/ckermit-305~alpha02/ckcfn2.c:1897:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   x = spack('Y',0,(int)strlen((char *)myinit),(CHAR *)myinit);
data/ckermit-305~alpha02/ckcfn2.c:1906:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   x = spack('Y',0,(int)strlen((char *)myinit),(CHAR *)myinit);
data/ckermit-305~alpha02/ckcfn2.c:2206:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      strlen((char *)(o->opktitem)));
data/ckermit-305~alpha02/ckcfn2.c:2281:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    x = (int) strlen(buf+2);
data/ckermit-305~alpha02/ckcfn2.c:2303:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    x = (int) strlen(buf+2);
data/ckermit-305~alpha02/ckcfn2.c:2322:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = strlen(cmarg);		/* Now do filename */
data/ckermit-305~alpha02/ckcfn2.c:2700:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (crc != chk3((CHAR *)(buf+1),strlen(buf+1)))
data/ckermit-305~alpha02/ckcfn2.c:3179:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (zsoutx(ZPFILE,plog,(int)strlen(plog)) < 0) {
data/ckermit-305~alpha02/ckcfn2.c:3184:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      len = strlen((char *)s);
data/ckermit-305~alpha02/ckcfn2.c:3189:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		x = strlen(dbchr(*s));
data/ckermit-305~alpha02/ckcfn3.c:106:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    x = strlen(s);
data/ckermit-305~alpha02/ckcfn3.c:125:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(s);
data/ckermit-305~alpha02/ckcfn3.c:135:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(s);
data/ckermit-305~alpha02/ckcfn3.c:863:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    x = (int)strlen((char *) s_pkt[j].pk_adr);
data/ckermit-305~alpha02/ckcfn3.c:919:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = (int)strlen((char *)r_pkt[j].bf_adr);
data/ckermit-305~alpha02/ckcfn3.c:1005:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    x.systemid.len = (int)strlen(cksysid);
data/ckermit-305~alpha02/ckcfn3.c:1158:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    aln = strlen(tp);
data/ckermit-305~alpha02/ckcfn3.c:1194:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	aln = (int)strlen((char *)(data+i+2));
data/ckermit-305~alpha02/ckcfn3.c:1213:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	aln = (int)strlen((char *)(data+i+2));
data/ckermit-305~alpha02/ckcfn3.c:1254:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	aln = (int)strlen((char *)(data+i+2));
data/ckermit-305~alpha02/ckcfn3.c:1269:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	aln = (int) strlen(optbuf) + 1;	/* Options, if any */
data/ckermit-305~alpha02/ckcfn3.c:1321:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	aln = (int)strlen((char *)data); /* Get overall length of attributes */
data/ckermit-305~alpha02/ckcfn3.c:1919:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    rpbuf[1] = tochar((int)strlen(rpbuf+2)); /* Length of length */
data/ckermit-305~alpha02/ckcfn3.c:1929:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    yy->reply.len = (int)strlen(rpbuf);
data/ckermit-305~alpha02/ckcfn3.c:1974:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    yy->lprotect.len = 0 - strlen(ofperms); /* <-- NOTE! */
data/ckermit-305~alpha02/ckcfns.c:437:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slen = strlen((char *)s);		/* Length of source string. */
data/ckermit-305~alpha02/ckcfns.c:3343:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = spack(c,pktnum,(int)strlen((char *)rp),rp); /* Send them. */
data/ckermit-305~alpha02/ckcfns.c:3577:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen((char *)srvcmd) > CKMAXPATH) /* Watch out for overflow */
data/ckermit-305~alpha02/ckcfns.c:3738:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    iattr.longname.len = strlen(zs); /* Store in attribute structure */
data/ckermit-305~alpha02/ckcfns.c:3830:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(longname)) {
data/ckermit-305~alpha02/ckcfns.c:3835:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      (char *) malloc(strlen(longname) + strlen(tmp) + 1);
data/ckermit-305~alpha02/ckcfns.c:3835:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      (char *) malloc(strlen(longname) + strlen(tmp) + 1);
data/ckermit-305~alpha02/ckcfns.c:3875:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  (char *) malloc(iattr.longname.len + strlen(tmp) + 1);
data/ckermit-305~alpha02/ckcfns.c:3884:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    iattr.longname.len = strlen(newlongname);
data/ckermit-305~alpha02/ckcfns.c:3968:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = strlen(ofn1);
data/ckermit-305~alpha02/ckcfns.c:4594:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		debug(F111,"sfile calling zfnqfp",filnam,strlen(filnam));
data/ckermit-305~alpha02/ckcfns.c:4596:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    debug(F111,"sfile zfnqfp ok",p,strlen(p));
data/ckermit-305~alpha02/ckcfns.c:4606:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    debug(F111,"sfile q",q,strlen(q));
data/ckermit-305~alpha02/ckcfns.c:5039:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(p);
data/ckermit-305~alpha02/ckcfns.c:5066:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	rdebu(dada,(int)strlen((char *)dada));
data/ckermit-305~alpha02/ckcfns.c:5377:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(whoareu,(char *)s+z+10,x); /* Other Kermit's system ID */
data/ckermit-305~alpha02/ckcfns.c:6085:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    funclen = strlen((char *)funcbuf);
data/ckermit-305~alpha02/ckcfns.c:6099:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    funclen = strlen((char *)funcbuf);
data/ckermit-305~alpha02/ckcfns.c:6104:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	funclen = strlen((char *)funcbuf);
data/ckermit-305~alpha02/ckcfns.c:6162:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    funclen = strlen((char *)funcbuf);
data/ckermit-305~alpha02/ckcfns.c:6352:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        funclen = strlen((char *)funcbuf);
data/ckermit-305~alpha02/ckcfns.c:6395:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        funclen = strlen((char *)funcbuf);
data/ckermit-305~alpha02/ckcfns.c:6448:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(name, "*");
data/ckermit-305~alpha02/ckcfns.c:6457:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(name, "+");
data/ckermit-305~alpha02/ckcfns.c:6474:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = name + strlen(name);		/* Move it to end of list */
data/ckermit-305~alpha02/ckcfns.c:6481:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	funclen = strlen((char *)funcbuf);
data/ckermit-305~alpha02/ckcfns.c:6552:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(name) < CMDSTRL - 11) /* Data for X packet. */
data/ckermit-305~alpha02/ckcfns.c:6595:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for (p = name + strlen(name); p != name && *p != '/' ; p--) ;
data/ckermit-305~alpha02/ckcfns.c:6611:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        funclen = strlen((char *)funcbuf);
data/ckermit-305~alpha02/ckcfns.c:6628:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  funclen = strlen((char *)funcbuf);
data/ckermit-305~alpha02/ckcfns.c:6671:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    funclen = strlen((char *)funcbuf);
data/ckermit-305~alpha02/ckcftp.c:2224:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int)strlen(*xargv) > 63) {
data/ckermit-305~alpha02/ckcftp.c:3088:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  if (ckstrcmp(nh_p2[i],"tcp/ip",strlen(nh_p2[i]),0))
data/ckermit-305~alpha02/ckcftp.c:3192:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(tmpbuf);
data/ckermit-305~alpha02/ckcftp.c:4505:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(s);
data/ckermit-305~alpha02/ckcftp.c:5253:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            y = strlen(s);
data/ckermit-305~alpha02/ckcftp.c:5511:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(p);
data/ckermit-305~alpha02/ckcftp.c:5608:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lp = line + (int)strlen(line) + 1; /* Point past it */
data/ckermit-305~alpha02/ckcftp.c:5691:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (((int)strlen(fspec) + (int)strlen(p) + 1) < fspeclen) {
data/ckermit-305~alpha02/ckcftp.c:5691:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (((int)strlen(fspec) + (int)strlen(p) + 1) < fspeclen) {
data/ckermit-305~alpha02/ckcftp.c:5693:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(fspec," ");  /* safe */
data/ckermit-305~alpha02/ckcftp.c:5970:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sndfilter = (char *) malloc((int) strlen(pv[SND_FLT].sval) + 1);
data/ckermit-305~alpha02/ckcftp.c:6828:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                y = strlen(s);
data/ckermit-305~alpha02/ckcftp.c:7069:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(p);
data/ckermit-305~alpha02/ckcftp.c:7473:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (src) srclen = strlen(src);
data/ckermit-305~alpha02/ckcftp.c:7474:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (s) srvlen = strlen(s);
data/ckermit-305~alpha02/ckcftp.c:7479:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(tmpsrc,src,srclen);
data/ckermit-305~alpha02/ckcftp.c:9776:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cmdlen = (int)strlen(cmd);
data/ckermit-305~alpha02/ckcftp.c:9777:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = cmdlen + (int)strlen(arg) + 1;
data/ckermit-305~alpha02/ckcftp.c:9831:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(rfnbuf) > (RFNBUFSIZ - (cmdlen+1))) {
data/ckermit-305~alpha02/ckcftp.c:10102:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy(bytename, "8");
data/ckermit-305~alpha02/ckcftp.c:10525:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        length = strlen(s) + 2;
data/ckermit-305~alpha02/ckcftp.c:10556:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   strlen(s))) < 0) {
data/ckermit-305~alpha02/ckcftp.c:10567:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              strlen(s), ftp_sched,
data/ckermit-305~alpha02/ckcftp.c:10578:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              strlen(s),
data/ckermit-305~alpha02/ckcftp.c:10600:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            in_buf.length = strlen(s) + 1;
data/ckermit-305~alpha02/ckcftp.c:11373:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                reply_parse = reply_ptr + strlen(reply_parse);
data/ckermit-305~alpha02/ckcftp.c:13600:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(ip->name, ftp_host, MAXHOSTNAMELEN - 1);
data/ckermit-305~alpha02/ckcftp.c:13602:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ip->name[strlen(ip->name)] = '\0';
data/ckermit-305~alpha02/ckcftp.c:13626:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ip->nti, ntin, 16);
data/ckermit-305~alpha02/ckcftp.c:13627:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (ip->nti)[strlen(ip->nti)] = '\0';
data/ckermit-305~alpha02/ckcftp.c:13629:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ip->nto, ntout, 16);
data/ckermit-305~alpha02/ckcftp.c:13630:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (ip->nto)[strlen(ip->nto)] = '\0';
data/ckermit-305~alpha02/ckcftp.c:13634:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ip->mi, mapin, CKMAXPATH - 1);
data/ckermit-305~alpha02/ckcftp.c:13635:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (ip->mi)[strlen(ip->mi)] = '\0';
data/ckermit-305~alpha02/ckcftp.c:13637:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ip->mo, mapout, CKMAXPATH - 1);
data/ckermit-305~alpha02/ckcftp.c:13638:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (ip->mo)[strlen(ip->mo)] = '\0';
data/ckermit-305~alpha02/ckcftp.c:13919:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    send_tok.length = strlen(stbuf);
data/ckermit-305~alpha02/ckcftp.c:15213:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pass, 0, strlen(pass));
data/ckermit-305~alpha02/ckcftp.c:15326:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pass, 0, strlen(pass));
data/ckermit-305~alpha02/ckcftp.c:15502:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int len = strlen(p);
data/ckermit-305~alpha02/ckcftp.c:15772:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((p2 = (char *)malloc((int)strlen(p) + 2))) {
data/ckermit-305~alpha02/ckcftp.c:15774:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(p2,"/");	/* SAFE */
data/ckermit-305~alpha02/ckcftp.c:16598:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((c = getc(cfile)) != EOF &&
data/ckermit-305~alpha02/ckcftp.c:16605:21:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        while ((c = getc(cfile)) != EOF && c != '"') {
data/ckermit-305~alpha02/ckcftp.c:16607:19:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
              c = getc(cfile);
data/ckermit-305~alpha02/ckcftp.c:16612:21:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        while ((c = getc(cfile)) != EOF
data/ckermit-305~alpha02/ckcftp.c:16615:19:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
              c = getc(cfile);
data/ckermit-305~alpha02/ckcftp.c:16694:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *aname = malloc((unsigned) strlen(tokval) + 1);
data/ckermit-305~alpha02/ckcftp.c:16710:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                *apass = malloc((unsigned) strlen(tokval) + 1);
data/ckermit-305~alpha02/ckcftp.c:16722:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                *aacct = malloc((unsigned) strlen(tokval) + 1);
data/ckermit-305~alpha02/ckcftp.c:16914:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for (i = 0; i < strlen (list); i++)
data/ckermit-305~alpha02/ckcftp.c:16935:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for (i = 0; i < strlen (list); i++)
data/ckermit-305~alpha02/ckcftp.c:17050:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        srp_put (srp_user, &bp, strlen (srp_user), &blen);
data/ckermit-305~alpha02/ckcftp.c:17102:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset (srp_pass, 0, strlen (srp_pass));
data/ckermit-305~alpha02/ckcftp.c:17158:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (i = 0; i < strlen (loclist); i++)
data/ckermit-305~alpha02/ckcftp.c:17178:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (i = 0; i < strlen (loclist); i++)
data/ckermit-305~alpha02/ckclib.c:146:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(src);
data/ckermit-305~alpha02/ckclib.c:148:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(dest,src,i);
data/ckermit-305~alpha02/ckclib.c:185:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0, j = strlen(dest); src[i] && (i < len-j-1); i++)
data/ckermit-305~alpha02/ckclib.c:204:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dest[j],src,i);
data/ckermit-305~alpha02/ckclib.c:540:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    k = strlen(bp);
data/ckermit-305~alpha02/ckclib.c:786:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = (int)strlen(p) - 1;
data/ckermit-305~alpha02/ckclib.c:804:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = (int)strlen(p) - 1;
data/ckermit-305~alpha02/ckclib.c:832:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(p);
data/ckermit-305~alpha02/ckclib.c:860:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(p);
data/ckermit-305~alpha02/ckclib.c:944:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    k = strlen(fn);
data/ckermit-305~alpha02/ckclib.c:980:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(s1);
data/ckermit-305~alpha02/ckclib.c:1020:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(s);
data/ckermit-305~alpha02/ckclib.c:1030:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(s);			/* Get length */
data/ckermit-305~alpha02/ckclib.c:1454:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	plen = strlen(pattern);		/* Length of pattern */
data/ckermit-305~alpha02/ckclib.c:1681:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = *p ? strlen(p+1) : 0; /* Length of rest of pattern */
data/ckermit-305~alpha02/ckclib.c:2136:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int)strlen(number);		/* Length of non-bogus number */
data/ckermit-305~alpha02/ckclib.c:2190:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    if (obuf) strncpy(obuf,number,obuflen); /* Set string result */
data/ckermit-305~alpha02/ckclib.c:2250:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((int)strlen(t2) < k) /* If key too big */
data/ckermit-305~alpha02/ckclib.c:2260:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if ((int)strlen(t1) < k)
data/ckermit-305~alpha02/ckclib.c:2446:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (n < 0) n = strlen(s);
data/ckermit-305~alpha02/ckclib.c:2510:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = (n < 0) ? strlen(s) : n;	/* Source length */
data/ckermit-305~alpha02/ckclib.c:2645:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(s);
data/ckermit-305~alpha02/ckclib.c:2668:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(s);
data/ckermit-305~alpha02/ckclib.c:2733:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buf,s,n);
data/ckermit-305~alpha02/ckclib.c:3064:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    setword(1,s,strlen(s));
data/ckermit-305~alpha02/ckclib.c:3284:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    setword(1,s,strlen(s));
data/ckermit-305~alpha02/ckclib.c:3293:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    setword(1,s,strlen(s));
data/ckermit-305~alpha02/ckclib.c:3336:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(s) != 2) return(-1);
data/ckermit-305~alpha02/ckcmai.c:1722:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = (int) strlen(path);
data/ckermit-305~alpha02/ckcmai.c:2673:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(ck_s_name);
data/ckermit-305~alpha02/ckcmai.c:2674:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = strlen(ck_s_xver);
data/ckermit-305~alpha02/ckcmai.c:2684:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = strlen(s);
data/ckermit-305~alpha02/ckcmai.c:2691:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        y = strlen(ck_s_who);
data/ckermit-305~alpha02/ckcmai.c:2698:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = strlen(ck_s_test);
data/ckermit-305~alpha02/ckcmai.c:2703:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        y = strlen(ck_s_tver);
data/ckermit-305~alpha02/ckcmai.c:2710:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = strlen(ck_s_date);
data/ckermit-305~alpha02/ckcmai.c:2832:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int len = strlen(g_url.pth);
data/ckermit-305~alpha02/ckcmai.c:2984:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (!s) n = 0; else n = (int)strlen(s);
data/ckermit-305~alpha02/ckcnet.c:627:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ckhexdump(p,s,(int)strlen((char *)s));
data/ckermit-305~alpha02/ckcnet.c:793:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(krb5_init.password,0xFF,strlen(krb5_init.password));
data/ckermit-305~alpha02/ckcnet.c:826:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(krb4_init.password,0xFF,strlen(krb4_init.password));
data/ckermit-305~alpha02/ckcnet.c:2981:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                ckstrncat(name,":",80-strlen(name));
data/ckermit-305~alpha02/ckcnet.c:2982:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                ckstrncat(name,p,80-strlen(name));
data/ckermit-305~alpha02/ckcnet.c:3309:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ckstrncat(namebuf,&name[i-1],256-strlen(namebuf)-strlen(&name[i-1]));
data/ckermit-305~alpha02/ckcnet.c:3309:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ckstrncat(namebuf,&name[i-1],256-strlen(namebuf)-strlen(&name[i-1]));
data/ckermit-305~alpha02/ckcnet.c:3627:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ckstrncpy((char *)x25host.data+X29PIDLEN,udata,(int)strlen(udata));
data/ckermit-305~alpha02/ckcnet.c:3628:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            x25host.datalen += (int)strlen(udata);
data/ckermit-305~alpha02/ckcnet.c:3776:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            (int)strlen( udata ),
data/ckermit-305~alpha02/ckcnet.c:3880:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(p);                  /* Length of remainder */
data/ckermit-305~alpha02/ckcnet.c:3957:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                x = strlen(namecopy);
data/ckermit-305~alpha02/ckcnet.c:3990:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    x = strlen(namecopy);
data/ckermit-305~alpha02/ckcnet.c:4206:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ((XXNAMELEN - (int)strlen(name)) > ((int)strlen(svcbuf)+1)){
data/ckermit-305~alpha02/ckcnet.c:4206:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ((XXNAMELEN - (int)strlen(name)) > ((int)strlen(svcbuf)+1)){
data/ckermit-305~alpha02/ckcnet.c:4207:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    ckstrncat(xxname,":",XXNAMELEN - (int)strlen(xxname));
data/ckermit-305~alpha02/ckcnet.c:4208:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    ckstrncat(xxname,svcbuf,XXNAMELEN - (int)strlen(xxname));
data/ckermit-305~alpha02/ckcnet.c:4214:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ( (80-strlen(name)) > (strlen(svcbuf)+1) ) {
data/ckermit-305~alpha02/ckcnet.c:4214:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ( (80-strlen(name)) > (strlen(svcbuf)+1) ) {
data/ckermit-305~alpha02/ckcnet.c:4215:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    ckstrncat(name,":",80-strlen(name));
data/ckermit-305~alpha02/ckcnet.c:4216:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    ckstrncat(name,svcbuf,80-strlen(name));
data/ckermit-305~alpha02/ckcnet.c:4938:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ( (80-strlen(name)) > (strlen(svcbuf)+1) ) {
data/ckermit-305~alpha02/ckcnet.c:4938:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ( (80-strlen(name)) > (strlen(svcbuf)+1) ) {
data/ckermit-305~alpha02/ckcnet.c:4939:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    ckstrncat(name,":",80-strlen(name));
data/ckermit-305~alpha02/ckcnet.c:4940:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    ckstrncat(name,svcbuf,80-strlen(name));
data/ckermit-305~alpha02/ckcnet.c:4974:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for (i=strlen(proxycopy); i >= 0 ; i--)
data/ckermit-305~alpha02/ckcnet.c:5384:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        x = read(ttyfd,&dummy,0);       /* Try to read nothing */
data/ckermit-305~alpha02/ckcnet.c:5746:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            x = read(ttyfd,&dummy,0);   /* Try to read nothing */
data/ckermit-305~alpha02/ckcnet.c:6916:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        cc = read(fd,buf,len);
data/ckermit-305~alpha02/ckcnet.c:7255:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        userlen = strlen(user);
data/ckermit-305~alpha02/ckcnet.c:7314:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen((char *)term_speed);
data/ckermit-305~alpha02/ckcnet.c:7385:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        outbytes += strlen((char *)localuser) + 1;
data/ckermit-305~alpha02/ckcnet.c:7387:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        outbytes += strlen((char *)remoteuser) + 1;
data/ckermit-305~alpha02/ckcnet.c:7389:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        outbytes += strlen((char *)term_speed) + 1;
data/ckermit-305~alpha02/ckcnet.c:7394:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        rc = ttol(localuser,strlen((char *)localuser)+1);
data/ckermit-305~alpha02/ckcnet.c:7396:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          rc = ttol(remoteuser,strlen((char *)remoteuser)+1);
data/ckermit-305~alpha02/ckcnet.c:7398:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          rc = ttol(term_speed,strlen((char *)term_speed)+1);
data/ckermit-305~alpha02/ckcnet.c:7681:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int)strlen((char *)x29err) > 2) {
data/ckermit-305~alpha02/ckcnet.c:7682:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                ttol(x29err,(int)strlen((char *)x29err));
data/ckermit-305~alpha02/ckcnet.c:7690:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int)strlen((char *)x29err) > 2) {
data/ckermit-305~alpha02/ckcnet.c:7691:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                ttol(x29err,(int)strlen((char *)x29err));
data/ckermit-305~alpha02/ckcnet.c:7701:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int)strlen((char *)x29err) > 2) {
data/ckermit-305~alpha02/ckcnet.c:7702:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                ttol (x29err,(int)strlen((char *)x29err));
data/ckermit-305~alpha02/ckcnet.c:7943:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        x = read(ttyfd,buf,n);
data/ckermit-305~alpha02/ckcnet.c:7996:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        n = read(ttyfd,pdest,rest);
data/ckermit-305~alpha02/ckcnet.c:8554:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    addr_len = strlen(addr);
data/ckermit-305~alpha02/ckcnet.c:8708:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    addr_len = strlen( remote_nua );
data/ckermit-305~alpha02/ckcnet.c:8736:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(cud)
data/ckermit-305~alpha02/ckcnet.c:8738:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        connreq_data_len += strlen( cud );
data/ckermit-305~alpha02/ckcnet.c:8967:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    addr_len = strlen( local_nua );
data/ckermit-305~alpha02/ckcnet.c:9398:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            rc = strlen( buf );
data/ckermit-305~alpha02/ckcnet.c:11481:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    x = read(httpfd,http_inbuf,x);
data/ckermit-305~alpha02/ckcnet.c:11494:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        x = read(httpfd,&c,1);
data/ckermit-305~alpha02/ckcnet.c:11605:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:11606:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(remote);
data/ckermit-305~alpha02/ckcnet.c:11611:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len += strlen(hdrlist[i]) + 2;
data/ckermit-305~alpha02/ckcnet.c:11613:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += (int) strlen(http_host_port) + 8;
data/ckermit-305~alpha02/ckcnet.c:11616:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += 13 + strlen(agent);
data/ckermit-305~alpha02/ckcnet.c:11623:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = b8tob64(b64in,strlen(b64in),b64out,256);
data/ckermit-305~alpha02/ckcnet.c:11624:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pwd,0,strlen(pwd));      /* NOT PORTABLE */
data/ckermit-305~alpha02/ckcnet.c:11665:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (http_tol((CHAR *)request,strlen(request)) < 0)
data/ckermit-305~alpha02/ckcnet.c:11884:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:11885:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(remote);
data/ckermit-305~alpha02/ckcnet.c:11890:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len += strlen(hdrlist[i]) + 2;
data/ckermit-305~alpha02/ckcnet.c:11892:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(http_host_port) + 8;
data/ckermit-305~alpha02/ckcnet.c:11895:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += 13 + strlen(agent);
data/ckermit-305~alpha02/ckcnet.c:11902:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = b8tob64(b64in,strlen(b64in),b64out,256);
data/ckermit-305~alpha02/ckcnet.c:11903:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pwd,0,strlen(pwd));      /* NOT PORTABLE */
data/ckermit-305~alpha02/ckcnet.c:11951:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (http_tol((CHAR *)request,strlen(request)) < 0)
data/ckermit-305~alpha02/ckcnet.c:12076:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:12077:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(remote);
data/ckermit-305~alpha02/ckcnet.c:12082:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len += strlen(hdrlist[i]) + 2;
data/ckermit-305~alpha02/ckcnet.c:12084:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(http_host_port) + 8;
data/ckermit-305~alpha02/ckcnet.c:12087:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len += 13 + strlen(agent);
data/ckermit-305~alpha02/ckcnet.c:12094:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = b8tob64(b64in,strlen(b64in),b64out,256);
data/ckermit-305~alpha02/ckcnet.c:12095:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pwd,0,strlen(pwd));
data/ckermit-305~alpha02/ckcnet.c:12135:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (http_tol((CHAR *)request,strlen(request)) < 0)
data/ckermit-305~alpha02/ckcnet.c:12334:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:12335:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(remote);
data/ckermit-305~alpha02/ckcnet.c:12340:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len += strlen(hdrlist[i]) + 2;
data/ckermit-305~alpha02/ckcnet.c:12342:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(http_host_port) + 8;
data/ckermit-305~alpha02/ckcnet.c:12345:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += 13 + strlen(agent);
data/ckermit-305~alpha02/ckcnet.c:12352:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = b8tob64(b64in,strlen(b64in),b64out,256);
data/ckermit-305~alpha02/ckcnet.c:12353:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pwd,0,strlen(pwd));
data/ckermit-305~alpha02/ckcnet.c:12359:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += 16 + strlen(mime);           /* Content-type: */
data/ckermit-305~alpha02/ckcnet.c:12412:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (http_tol((CHAR *)request,strlen(request)) <= 0) {
data/ckermit-305~alpha02/ckcnet.c:12630:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:12631:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(remote);
data/ckermit-305~alpha02/ckcnet.c:12636:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len += strlen(hdrlist[i]) + 2;
data/ckermit-305~alpha02/ckcnet.c:12638:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(http_host_port) + 8;
data/ckermit-305~alpha02/ckcnet.c:12641:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += 13 + strlen(agent);
data/ckermit-305~alpha02/ckcnet.c:12648:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = b8tob64(b64in,strlen(b64in),b64out,256);
data/ckermit-305~alpha02/ckcnet.c:12649:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pwd,0,strlen(pwd));
data/ckermit-305~alpha02/ckcnet.c:12697:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (http_tol((CHAR *)request,strlen(request)) < 0)
data/ckermit-305~alpha02/ckcnet.c:12875:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:12876:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(remote);
data/ckermit-305~alpha02/ckcnet.c:12881:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len += strlen(hdrlist[i]) + 2;
data/ckermit-305~alpha02/ckcnet.c:12883:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(http_host_port) + 8;
data/ckermit-305~alpha02/ckcnet.c:12886:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += 13 + strlen(agent);
data/ckermit-305~alpha02/ckcnet.c:12893:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = b8tob64(b64in,strlen(b64in),b64out,256);
data/ckermit-305~alpha02/ckcnet.c:12894:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pwd,0,strlen(pwd));
data/ckermit-305~alpha02/ckcnet.c:12900:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += 16 + strlen(mime);           /* Content-type: */
data/ckermit-305~alpha02/ckcnet.c:12956:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (http_tol((CHAR *)request,strlen(request)) < 0)
data/ckermit-305~alpha02/ckcnet.c:13158:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(HTTP_VERSION);
data/ckermit-305~alpha02/ckcnet.c:13159:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen(host_port);
data/ckermit-305~alpha02/ckcnet.c:13160:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += (int) strlen(http_host_port) + 8;
data/ckermit-305~alpha02/ckcnet.c:13162:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += strlen("Proxy-Connection: Keep-Alive\r\n");
data/ckermit-305~alpha02/ckcnet.c:13165:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len += strlen(hdrlist[i]) + 2;
data/ckermit-305~alpha02/ckcnet.c:13168:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += 13 + strlen(agent);
data/ckermit-305~alpha02/ckcnet.c:13175:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = b8tob64(b64in,strlen(b64in),b64out,256);
data/ckermit-305~alpha02/ckcnet.c:13176:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pwd,0,strlen(pwd));
data/ckermit-305~alpha02/ckcnet.c:13219:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(request);
data/ckermit-305~alpha02/ckcnet.c:13223:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (socket_write(socket,(CHAR *)request,strlen(request)) < 0) {
data/ckermit-305~alpha02/ckcnet.c:13228:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (write(socket,(CHAR *)request,strlen(request)) < 0) { /* Send request */
data/ckermit-305~alpha02/ckcnet.c:13242:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
           (read(socket,&ch,1) == 1) &&
data/ckermit-305~alpha02/ckcnet.c:13387:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(service) + strlen(protocol) + strlen(host) + 5)
data/ckermit-305~alpha02/ckcnet.c:13387:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(service) + strlen(protocol) + strlen(host) + 5)
data/ckermit-305~alpha02/ckcnet.c:13387:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(service) + strlen(protocol) + strlen(host) + 5)
data/ckermit-305~alpha02/ckcnet.c:13401:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    h = host + strlen (host);
data/ckermit-305~alpha02/ckcnet.c:13619:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( strlen(prefix) + strlen(name) + 3 > MAX_DNS_NAMELEN )
data/ckermit-305~alpha02/ckcnet.c:13619:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( strlen(prefix) + strlen(name) + 3 > MAX_DNS_NAMELEN )
data/ckermit-305~alpha02/ckcnet.c:13631:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        h = host + strlen (host);
data/ckermit-305~alpha02/ckcnet.c:13705:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(*retstr, (char *) p, len);
data/ckermit-305~alpha02/ckcnet.c:13735:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      + strlen ((ptr)->sun_path))
data/ckermit-305~alpha02/ckcnet.c:13876:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (host = malloc(strlen("localhost") + 1))
data/ckermit-305~alpha02/ckcnet.c:13890:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(saddr_un.sun_path, buf, sizeof(saddr_un.sun_path));
data/ckermit-305~alpha02/ckcnet.c:14010:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (host = malloc(strlen("localhost") + 1))
data/ckermit-305~alpha02/ckcnet.c:14025:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(saddr_un.sun_path, buf, sizeof(saddr_un.sun_path));
data/ckermit-305~alpha02/ckcnet.c:14292:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define socket_read(f,s,n)     read(f,s,n)
data/ckermit-305~alpha02/ckcnet.h:1045:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define socket_read     read
data/ckermit-305~alpha02/ckcpro.c:546:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ipktlen = strlen(ipktack);
data/ckermit-305~alpha02/ckcpro.c:1547:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(p); /* and it matches the filespec path */
data/ckermit-305~alpha02/ckcpro.c:1561:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = strlen(p);	/* and it matches the filespec path */
data/ckermit-305~alpha02/ckcpro.c:2392:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		n = (int)strlen(MAILCMD) +    /* Mail command */
data/ckermit-305~alpha02/ckcpro.c:2393:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  (int)strlen(s) +	      /* address */
data/ckermit-305~alpha02/ckcpro.c:2394:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  (int)strlen(ofilnam) + 32;  /* subject */
data/ckermit-305~alpha02/ckcpro.c:2399:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    debug(F111,"rcv_firsdata mail",tmp,(int)strlen(tmp));
data/ckermit-305~alpha02/ckcpro.c:2408:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		n = (int)strlen(PRINTCMD) + (int)strlen(iattr.disp.val+1) + 4;
data/ckermit-305~alpha02/ckcpro.c:2408:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		n = (int)strlen(PRINTCMD) + (int)strlen(iattr.disp.val+1) + 4;
data/ckermit-305~alpha02/ckcpro.c:2572:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    n = strlen((char *)srvcmd);	/* Position of end */
data/ckermit-305~alpha02/ckcpro.c:2581:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    k = (int) strlen(p);
data/ckermit-305~alpha02/ckcpro.c:2679:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(f1,(char *)(srvcmd+2),len1);
data/ckermit-305~alpha02/ckcpro.c:2681:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(f2,(char *)(srvcmd+3+len1),len2);
data/ckermit-305~alpha02/ckcpro.c:2732:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(f1,(char *)(srvcmd+2),len1);
data/ckermit-305~alpha02/ckcpro.c:2734:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(f2,(char *)(srvcmd+3+len1),len2);
data/ckermit-305~alpha02/ckcpro.c:2737:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(f1,(char *)(srvcmd+2),len1);
data/ckermit-305~alpha02/ckcpro.c:2739:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(f2,(char *)(srvcmd+3+len1),len2);
data/ckermit-305~alpha02/ckcpro.c:3398:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if ((int)strlen(s) + (int)strlen(s2) + 4 < 356)
data/ckermit-305~alpha02/ckcpro.c:3398:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if ((int)strlen(s) + (int)strlen(s2) + 4 < 356)
data/ckermit-305~alpha02/ckcpro.c:3451:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(tmpbuf);
data/ckermit-305~alpha02/ckcpro.c:3514:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((int)strlen(s) + (int)strlen(fspec) < tmpbufsiz) {
data/ckermit-305~alpha02/ckcpro.c:3514:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((int)strlen(s) + (int)strlen(fspec) < tmpbufsiz) {
data/ckermit-305~alpha02/ckcpro.c:3519:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((int)strlen(s) + (int)strlen(cmarg2) < tmpbufsiz) {
data/ckermit-305~alpha02/ckcpro.c:3519:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((int)strlen(s) + (int)strlen(cmarg2) < tmpbufsiz) {
data/ckermit-305~alpha02/ckcpro.c:3791:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((n = strlen(fs)) > 1) {
data/ckermit-305~alpha02/ckctel.c:1039:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen (name.nodename);
data/ckermit-305~alpha02/ckctel.c:1041:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy (buf, name.nodename, len);
data/ckermit-305~alpha02/ckctel.c:1047:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(buf);
data/ckermit-305~alpha02/ckctel.c:1066:18:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        if (src) strncpy (cp, src, len);
data/ckermit-305~alpha02/ckctel.c:1093:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            copystring (buf, strlen (buf)) : NULL);
data/ckermit-305~alpha02/ckctel.c:1214:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen (ptr);
data/ckermit-305~alpha02/ckctel.c:1445:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                              strlen(address),
data/ckermit-305~alpha02/ckctel.c:1447:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                              strlen(disp_no),
data/ckermit-305~alpha02/ckctel.c:1455:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                  hi->h_addr, strlen(disp_no),
data/ckermit-305~alpha02/ckctel.c:2005:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                          strlen(address),
data/ckermit-305~alpha02/ckctel.c:2007:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                          strlen(disp_no),
data/ckermit-305~alpha02/ckctel.c:2017:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                              strlen(disp_no),
data/ckermit-305~alpha02/ckctel.c:2033:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   strlen("MIT-MAGIC-COOKIE-1"), 16);
data/ckermit-305~alpha02/ckctel.c:2122:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    xauth.address_length = strlen(myhost);
data/ckermit-305~alpha02/ckctel.c:2131:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    xauth.number_length = strlen(xauth.number);
data/ckermit-305~alpha02/ckctel.c:3403:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return(strlen((char *)buf));
data/ckermit-305~alpha02/ckctel.c:4280:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          len = strlen(tn_msg);
data/ckermit-305~alpha02/ckctel.c:4282:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            param_len = strlen(s[param]);
data/ckermit-305~alpha02/ckctel.c:4667:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(request));
data/ckermit-305~alpha02/ckctel.c:5750:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            len1 = strlen(value);
data/ckermit-305~alpha02/ckctel.c:5759:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                len2 = strlen(uidbuf);
data/ckermit-305~alpha02/ckctel.c:5902:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen(uu) + 4 + 2;
data/ckermit-305~alpha02/ckctel.c:5904:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen(tn_env_job) + 3 + 2;
data/ckermit-305~alpha02/ckctel.c:5906:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen(tn_env_acct) + 4 + 2;
data/ckermit-305~alpha02/ckctel.c:5908:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen(tn_env_prnt) + 7 + 2;
data/ckermit-305~alpha02/ckctel.c:5910:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen(tn_env_sys) + 10 + 2;
data/ckermit-305~alpha02/ckctel.c:5912:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen(disp) + 7 + 2;
data/ckermit-305~alpha02/ckctel.c:5914:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  n += strlen(uu) + 4 + 2;
data/ckermit-305~alpha02/ckctel.c:5916:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  n += strlen(tn_env_job) + 3 + 2;
data/ckermit-305~alpha02/ckctel.c:5918:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  n += strlen(tn_env_acct) + 4 + 2;
data/ckermit-305~alpha02/ckctel.c:5920:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  n += strlen(tn_env_prnt) + 7 + 2;
data/ckermit-305~alpha02/ckctel.c:5922:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  n += strlen(tn_env_sys) + 10 + 2;
data/ckermit-305~alpha02/ckctel.c:5924:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  n += strlen(disp) + 7 + 2;
data/ckermit-305~alpha02/ckctel.c:5936:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            n += strlen(tn_env_uservar[x][0])
data/ckermit-305~alpha02/ckctel.c:5937:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                + strlen(tn_env_uservar[x][1]) + 2;
data/ckermit-305~alpha02/ckctel.c:5941:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen(SFUTLNTVER) + strlen(SFUTLNTVER_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:5941:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen(SFUTLNTVER) + strlen(SFUTLNTVER_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:5942:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen(SFUTLNTMODE) +
data/ckermit-305~alpha02/ckctel.c:5943:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          strlen(SFUTLNTMODE_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:5947:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen("LOCATION") + strlen(tn_loc) + 2;
data/ckermit-305~alpha02/ckctel.c:5947:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen("LOCATION") + strlen(tn_loc) + 2;
data/ckermit-305~alpha02/ckctel.c:5951:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen(SFUTLNTVER) + strlen(SFUTLNTVER_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:5951:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen(SFUTLNTVER) + strlen(SFUTLNTVER_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:5953:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen(SFUTLNTMODE) + strlen(SFUTLNTMODE_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:5953:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen(SFUTLNTMODE) + strlen(SFUTLNTMODE_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:5956:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen("LOCATION") + strlen(tn_loc) + 2;
data/ckermit-305~alpha02/ckctel.c:5956:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen("LOCATION") + strlen(tn_loc) + 2;
data/ckermit-305~alpha02/ckctel.c:5964:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            n += strlen(tn_env_uservar[x][0])
data/ckermit-305~alpha02/ckctel.c:5965:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                + strlen(tn_env_uservar[x][1]) + 2;
data/ckermit-305~alpha02/ckctel.c:6031:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen(uu) + 4 + 2;
data/ckermit-305~alpha02/ckctel.c:6038:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen(tn_env_job) + 3 + 2;
data/ckermit-305~alpha02/ckctel.c:6045:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen(tn_env_acct) + 4 + 2;
data/ckermit-305~alpha02/ckctel.c:6052:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen(tn_env_prnt) + 7 + 2;
data/ckermit-305~alpha02/ckctel.c:6059:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen(tn_env_sys) + 10 + 2;
data/ckermit-305~alpha02/ckctel.c:6066:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n += strlen(disp) + 7 + 2;
data/ckermit-305~alpha02/ckctel.c:6073:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen(uu) + 4 + 2;
data/ckermit-305~alpha02/ckctel.c:6079:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen(tn_env_job) + 3 + 2;
data/ckermit-305~alpha02/ckctel.c:6085:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen(tn_env_acct) + 4 + 2;
data/ckermit-305~alpha02/ckctel.c:6091:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen(tn_env_prnt) + 7 + 2;
data/ckermit-305~alpha02/ckctel.c:6097:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen(tn_env_sys) + 10 + 2;
data/ckermit-305~alpha02/ckctel.c:6103:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += strlen(disp) + 7 + 2;
data/ckermit-305~alpha02/ckctel.c:6118:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              y = strlen(tn_env_uservar[x][0]);
data/ckermit-305~alpha02/ckctel.c:6122:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              n += y+strlen(tn_env_uservar[x][1])+2;
data/ckermit-305~alpha02/ckctel.c:6131:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          n += strlen(SFUTLNTVER)+strlen(SFUTLNTVER_VALUE)+2;
data/ckermit-305~alpha02/ckctel.c:6131:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          n += strlen(SFUTLNTVER)+strlen(SFUTLNTVER_VALUE)+2;
data/ckermit-305~alpha02/ckctel.c:6137:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          n += strlen(SFUTLNTMODE)+strlen(SFUTLNTMODE_VALUE)+2;
data/ckermit-305~alpha02/ckctel.c:6137:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          n += strlen(SFUTLNTMODE)+strlen(SFUTLNTMODE_VALUE)+2;
data/ckermit-305~alpha02/ckctel.c:6144:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          n += strlen("LOCATION") + strlen(tn_loc) + 2;
data/ckermit-305~alpha02/ckctel.c:6144:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          n += strlen("LOCATION") + strlen(tn_loc) + 2;
data/ckermit-305~alpha02/ckctel.c:6151:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen(SFUTLNTVER) + strlen(SFUTLNTVER_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:6151:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen(SFUTLNTVER) + strlen(SFUTLNTVER_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:6157:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen(SFUTLNTMODE) + strlen(SFUTLNTMODE_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:6157:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen(SFUTLNTMODE) + strlen(SFUTLNTMODE_VALUE) + 2;
data/ckermit-305~alpha02/ckctel.c:6165:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen("LOCATION") + strlen(tn_loc) + 2;
data/ckermit-305~alpha02/ckctel.c:6165:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      n += strlen("LOCATION") + strlen(tn_loc) + 2;
data/ckermit-305~alpha02/ckctel.c:6175:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              y = strlen(tn_env_uservar[x][0]);
data/ckermit-305~alpha02/ckctel.c:6179:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              n += y+strlen(tn_env_uservar[x][1])+2;
data/ckermit-305~alpha02/ckctel.c:6285:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((ttn == ((char *)0)) || ((int)strlen(ttn) >= TSBUFSIZ))
data/ckermit-305~alpha02/ckuath.c:1670:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen((char *)cd);
data/ckermit-305~alpha02/ckuath.c:1801:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen((char *)cd);
data/ckermit-305~alpha02/ckuath.c:1898:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen((char *)cd);
data/ckermit-305~alpha02/ckuath.c:2146:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen((char *)cd);
data/ckermit-305~alpha02/ckuath.c:2939:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        plen = strlen(szUserName);
data/ckermit-305~alpha02/ckuath.c:3733:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(k4pwprompt) + strlen(krb4_init.principal) +
data/ckermit-305~alpha02/ckuath.c:3733:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(k4pwprompt) + strlen(krb4_init.principal) +
data/ckermit-305~alpha02/ckuath.c:3734:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(krb4_init.realm) - 4) < sizeof(prompt)) {
data/ckermit-305~alpha02/ckuath.c:4400:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(k5pwprompt) + strlen(krb5_init.principal) +
data/ckermit-305~alpha02/ckuath.c:4400:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(k5pwprompt) + strlen(krb5_init.principal) +
data/ckermit-305~alpha02/ckuath.c:4401:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(krb5_init.realm) - 4) < sizeof(prompt)) {
data/ckermit-305~alpha02/ckuath.c:4687:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( len == strlen(szUserName) ) {
data/ckermit-305~alpha02/ckuath.c:4888:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:4890:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                s = strTmp + strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:4966:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:4968:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                s = strTmp + strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:5100:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                s = strTmp + strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:5678:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(client->realm),
data/ckermit-305~alpha02/ckuath.c:5882:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    gss_send_tok.length = strlen(gss_stbuf);
data/ckermit-305~alpha02/ckuath.c:5950:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:5952:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                s = strTmp + strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:5968:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:5970:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                s = strTmp + strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:6094:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(localname, hp->h_name, sizeof(localname) - 1);
data/ckermit-305~alpha02/ckuath.c:6099:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        name_buf.length = strlen(name_buf.value) + 1;
data/ckermit-305~alpha02/ckuath.c:6338:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:6340:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                str = strTmp + strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:6462:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(strlen(srppwprompt) + strlen(szUserName) - 2) <
data/ckermit-305~alpha02/ckuath.c:6462:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(strlen(srppwprompt) + strlen(szUserName) - 2) <
data/ckermit-305~alpha02/ckuath.c:6637:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen(ptr);
data/ckermit-305~alpha02/ckuath.c:6918:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(strlen(srppwprompt) + strlen(szUserName) - 2) <
data/ckermit-305~alpha02/ckuath.c:6918:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(strlen(srppwprompt) + strlen(szUserName) - 2) <
data/ckermit-305~alpha02/ckuath.c:7036:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:7038:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                str = strTmp + strlen(strTmp);
data/ckermit-305~alpha02/ckuath.c:7351:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nlen = strlen(name)+2;
data/ckermit-305~alpha02/ckuath.c:7354:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        blen = strlen(banner)+2;
data/ckermit-305~alpha02/ckuath.c:7372:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                prompts[i].reply->length = strlen(prompts[i].reply->data);
data/ckermit-305~alpha02/ckuath.c:7380:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( prompt && len < (nlen + blen + strlen(prompts[i].prompt)+2) ) {
data/ckermit-305~alpha02/ckuath.c:7385:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            prompt = (char *)malloc(nlen + blen + strlen(prompts[i].prompt)+2);
data/ckermit-305~alpha02/ckuath.c:7390:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = nlen + blen + strlen(prompts[i].prompt)+2;
data/ckermit-305~alpha02/ckuath.c:7407:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        prompts[i].reply->length = strlen(prompts[i].reply->data);
data/ckermit-305~alpha02/ckuath.c:7796:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(name);
data/ckermit-305~alpha02/ckuath.c:7813:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if ( (strlen(pw->pw_name) + strlen(realm) + 1) > 255 )
data/ckermit-305~alpha02/ckuath.c:7813:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if ( (strlen(pw->pw_name) + strlen(realm) + 1) > 255 )
data/ckermit-305~alpha02/ckuath.c:7853:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( (strlen(init->principal) +
data/ckermit-305~alpha02/ckuath.c:7854:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (init->instance ? strlen(init->instance)+1 : 0) +
data/ckermit-305~alpha02/ckuath.c:7855:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(realm)
data/ckermit-305~alpha02/ckuath.c:7889:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      strlen(realm),realm,
data/ckermit-305~alpha02/ckuath.c:7891:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      strlen(realm),realm,
data/ckermit-305~alpha02/ckuath.c:8049:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pwsize = strlen(init->password);
data/ckermit-305~alpha02/ckuath.c:8062:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 (strlen(k5pwprompt) + strlen(principal) +
data/ckermit-305~alpha02/ckuath.c:8062:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 (strlen(k5pwprompt) + strlen(principal) +
data/ckermit-305~alpha02/ckuath.c:8063:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(realm) - 4) < sizeof(prmpt)) {
data/ckermit-305~alpha02/ckuath.c:8544:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            timestamp_width = (int) strlen(tmp);
data/ckermit-305~alpha02/ckuath.c:9613:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((err = read(fd, s, 1)) > 0 && --count)
data/ckermit-305~alpha02/ckuath.c:9656:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (((count = read(stab,(char *) &vno,1)) != 1) ||
data/ckermit-305~alpha02/ckuath.c:9657:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
             ((count = read(stab,(char *) key,8)) != 8)) {
data/ckermit-305~alpha02/ckuath.c:11338:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buflen = strlen((char *)term_speed) + strlen((char *)remoteuser) + 64;
data/ckermit-305~alpha02/ckuath.c:11338:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buflen = strlen((char *)term_speed) + strlen((char *)remoteuser) + 64;
data/ckermit-305~alpha02/ckuath.c:11346:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cksumdat.length = strlen(cksumbuf);
data/ckermit-305~alpha02/ckuath.c:11512:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (void) ttol(remoteuser, strlen((char *)remoteuser)+1);
data/ckermit-305~alpha02/ckuath.c:11513:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (void) ttol(term_speed, strlen((char *)term_speed)+1);
data/ckermit-305~alpha02/ckuath.c:11514:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (void) ttol(localuser, strlen((char *)localuser)+1);
data/ckermit-305~alpha02/ckuath.c:11658:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ttol(remoteuser,strlen(remoteuser)+1);
data/ckermit-305~alpha02/ckuath.c:11659:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ttol(term_speed,strlen(term_speed)+1);
data/ckermit-305~alpha02/ckuath.c:12335:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(princ) + 1;
data/ckermit-305~alpha02/ckuath.c:12405:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    msgtext.length = strlen(msgtext.data)+1;
data/ckermit-305~alpha02/ckuath.c:12530:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    msgtext.length = strlen(msgtext.data)+1;
data/ckermit-305~alpha02/ckuath.c:12738:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    namelen = strlen (name);
data/ckermit-305~alpha02/ckuath.c:12739:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size = namelen + strlen(slashDotXauthority) + 1;
data/ckermit-305~alpha02/ckucmd.c:414:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(s);
data/ckermit-305~alpha02/ckucmd.c:467:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cc = strlen(pat);
data/ckermit-305~alpha02/ckucmd.c:523:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    j = strlen(s[i].kwd);
data/ckermit-305~alpha02/ckucmd.c:547:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	width += (int)strlen(pre) + (int)strlen(post) + 2;
data/ckermit-305~alpha02/ckucmd.c:547:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	width += (int)strlen(pre) + (int)strlen(post) + 2;
data/ckermit-305~alpha02/ckucmd.c:680:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    j = strlen(filbuf);
data/ckermit-305~alpha02/ckucmd.c:713:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	width += (int)strlen(pre) + (int)strlen(post) + 2;
data/ckermit-305~alpha02/ckucmd.c:713:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	width += (int)strlen(pre) + (int)strlen(post) + 2;
data/ckermit-305~alpha02/ckucmd.c:1054:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(cmdbuf)+1);	/* 0: Command buffer */
data/ckermit-305~alpha02/ckucmd.c:1059:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(savbuf)+1);	/* 1: Save buffer */
data/ckermit-305~alpha02/ckucmd.c:1066:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(atmbuf)+1);	/* 3: Atom buffer */
data/ckermit-305~alpha02/ckucmd.c:1071:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(atxbuf)+1);	/* 4: Expansion buffer */
data/ckermit-305~alpha02/ckucmd.c:1076:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(atybuf)+1);	/* 5: Atom buffer copy */
data/ckermit-305~alpha02/ckucmd.c:1081:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(filbuf)+1);	/* 6: File name buffer */
data/ckermit-305~alpha02/ckucmd.c:1086:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(cmdbuf)+1);	/* 0: Command buffer */
data/ckermit-305~alpha02/ckucmd.c:1091:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(savbuf)+1);	/* 1: Save buffer */
data/ckermit-305~alpha02/ckucmd.c:1098:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(atmbuf)+1);	/* 3: Atom buffer */
data/ckermit-305~alpha02/ckucmd.c:1103:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(atxbuf)+1);	/* 4: Expansion buffer */
data/ckermit-305~alpha02/ckucmd.c:1108:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(atybuf)+1);	/* 5: Atom buffer copy */
data/ckermit-305~alpha02/ckucmd.c:1113:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = malloc((int)strlen(filbuf)+1);	/* 6: File name buffer */
data/ckermit-305~alpha02/ckucmd.c:1155:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(cmdbuf,cmp[cmddep].b[0],CMDBL); /* 0: Command buffer */
data/ckermit-305~alpha02/ckucmd.c:1160:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(savbuf,cmp[cmddep].b[1],CMDBL); /* 1: Save buffer */
data/ckermit-305~alpha02/ckucmd.c:1165:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(atmbuf,cmp[cmddep].b[3],ATMBL); /* 3: Atomic buffer! */
data/ckermit-305~alpha02/ckucmd.c:1170:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(atxbuf,cmp[cmddep].b[4],ATMBL); /* 4: eXpansion buffer */
data/ckermit-305~alpha02/ckucmd.c:1175:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(atybuf,cmp[cmddep].b[5],ATMBL); /* 5: Atom buffer copY */
data/ckermit-305~alpha02/ckucmd.c:1180:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(filbuf,cmp[cmddep].b[6],ATMBL); /* 6: Filename buffer */
data/ckermit-305~alpha02/ckucmd.c:1186:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(cmdbuf,cmp_b[cmddep][0],CMDBL); /* 0: Command buffer */
data/ckermit-305~alpha02/ckucmd.c:1191:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(savbuf,cmp_b[cmddep][1],CMDBL); /* 1: Save buffer */
data/ckermit-305~alpha02/ckucmd.c:1196:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(atmbuf,cmp_b[cmddep][3],ATMBL); /* 3: Atomic buffer! */
data/ckermit-305~alpha02/ckucmd.c:1201:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(atxbuf,cmp_b[cmddep][4],ATMBL); /* 4: eXpansion buffer */
data/ckermit-305~alpha02/ckucmd.c:1206:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(atybuf,cmp_b[cmddep][5],ATMBL); /* 5: Atom buffer copY */
data/ckermit-305~alpha02/ckucmd.c:1211:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(filbuf,cmp_b[cmddep][6],ATMBL); /* 6: Filename buffer */
data/ckermit-305~alpha02/ckucmd.c:1319:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = (int) strlen(atmbuf);
data/ckermit-305~alpha02/ckucmd.c:1774:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = strlen(path);
data/ckermit-305~alpha02/ckucmd.c:1893:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sv = malloc((int)strlen(*xp)+1); /* Make a safe copy */
data/ckermit-305~alpha02/ckucmd.c:1911:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		y = strlen(s);
data/ckermit-305~alpha02/ckucmd.c:2006:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			n = strlen(s);
data/ckermit-305~alpha02/ckucmd.c:2171:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				while (((n = strlen(atmbuf))  > 0) &&
data/ckermit-305~alpha02/ckucmd.c:2181:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
				    strncpy(atmbuf,p,ATMBL);
data/ckermit-305~alpha02/ckucmd.c:2212:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    xc = (int) strlen(atmbuf);
data/ckermit-305~alpha02/ckucmd.c:2376:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cc -= (strlen(*xp) - strlen(atxbuf));
data/ckermit-305~alpha02/ckucmd.c:2376:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cc -= (strlen(*xp) - strlen(atxbuf));
data/ckermit-305~alpha02/ckucmd.c:2381:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    cc = strlen(xdef);
data/ckermit-305~alpha02/ckucmd.c:2531:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    min = strlen(filbuf),
data/ckermit-305~alpha02/ckucmd.c:2541:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len2 = strlen(localfn);
data/ckermit-305~alpha02/ckucmd.c:2573:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = strlen(filbuf);
data/ckermit-305~alpha02/ckucmd.c:2655:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = strlen(filbuf);
data/ckermit-305~alpha02/ckucmd.c:2682:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(filbuf);
data/ckermit-305~alpha02/ckucmd.c:2775:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cc -= (strlen(*xp) - strlen(atxbuf));
data/ckermit-305~alpha02/ckucmd.c:2775:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			cc -= (strlen(*xp) - strlen(atxbuf));
data/ckermit-305~alpha02/ckucmd.c:3023:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        xc = (int)strlen(*xp);		/* get back the total text length, */
data/ckermit-305~alpha02/ckucmd.c:3094:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cc = (int)strlen(atxbuf);
data/ckermit-305~alpha02/ckucmd.c:3104:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    cc = strlen(xdef);
data/ckermit-305~alpha02/ckucmd.c:3124:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    for (i = (int)strlen(xx) - 1; i > 0; i--)
data/ckermit-305~alpha02/ckucmd.c:3145:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		x = strlen(atmbuf);
data/ckermit-305~alpha02/ckucmd.c:3148:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		} else if ((int)strlen(xdef) > x) { /* Yes */
data/ckermit-305~alpha02/ckucmd.c:3243:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tl = (int)strlen(tok);
data/ckermit-305~alpha02/ckucmd.c:3909:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(datebuf);
data/ckermit-305~alpha02/ckucmd.c:3937:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(s) > 63)
data/ckermit-305~alpha02/ckucmd.c:4112:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(s);
data/ckermit-305~alpha02/ckucmd.c:4196:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(yearbuf,s + len - 4,4);
data/ckermit-305~alpha02/ckucmd.c:4270:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(s);		/* Update length */
data/ckermit-305~alpha02/ckucmd.c:4375:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(ybuf,mjd2date(jd+1),8);
data/ckermit-305~alpha02/ckucmd.c:4377:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(ybuf,mjd2date(jd-1),8);
data/ckermit-305~alpha02/ckucmd.c:4379:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(ybuf,ckdate(),8);
data/ckermit-305~alpha02/ckucmd.c:4381:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
	    strncpy(ybuf+8," 00:00:00",DATEBUFLEN-8); /* Default time is 0 */
data/ckermit-305~alpha02/ckucmd.c:4386:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		    strncpy(ybuf+8,s+i,DATEBUFLEN-8);
data/ckermit-305~alpha02/ckucmd.c:4394:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(s);		/* Update length */
data/ckermit-305~alpha02/ckucmd.c:4556:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xx = strlen(fld[1]);
data/ckermit-305~alpha02/ckucmd.c:4596:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    f2len = strlen(fld[2]);		/* Length of 3rd field */
data/ckermit-305~alpha02/ckucmd.c:4601:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (((int)strlen(fld[0]) == 4)) { /* yyyy-xx-dd */
data/ckermit-305~alpha02/ckucmd.c:4652:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if ((f2len < 4) && (k < 0) && ((int)strlen(fld[0]) < 4)) {
data/ckermit-305~alpha02/ckucmd.c:5307:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(dp);
data/ckermit-305~alpha02/ckucmd.c:5326:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(d) != 17) return(0);
data/ckermit-305~alpha02/ckucmd.c:5463:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(p);
data/ckermit-305~alpha02/ckucmd.c:5763:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(s);
data/ckermit-305~alpha02/ckucmd.c:6635:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    debug(F111,"gtword too long #1",pp,strlen(pp));
data/ckermit-305~alpha02/ckucmd.c:6684:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			debug(F111,"gtword too long #1",pp,strlen(pp));
data/ckermit-305~alpha02/ckucmd.c:6756:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			debug(F111,"gtword too long #2",pp,strlen(pp));
data/ckermit-305~alpha02/ckucmd.c:6852:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    debug(F111,"gtword too long ?",pp,strlen(pp));
data/ckermit-305~alpha02/ckucmd.c:6864:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    debug(F111,"gtword too long Esc",pp,strlen(pp));
data/ckermit-305~alpha02/ckucmd.c:7196:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(xp,ap,ATMBL);		/* so we can copy it back, edited. */
data/ckermit-305~alpha02/ckucmd.c:7484:6:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	c = getchar();
data/ckermit-305~alpha02/ckucmd.c:7488:8:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef getc
data/ckermit-305~alpha02/ckucmd.c:7492:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    c = getc(stdin);
data/ckermit-305~alpha02/ckucmd.c:7500:6:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	c = getchar();			/* RTU doesn't discard the ^Z */
data/ckermit-305~alpha02/ckucmd.h:62:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#ifdef getchar				/* This is for VMS GCC */
data/ckermit-305~alpha02/ckucmd.h:63:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef getchar
data/ckermit-305~alpha02/ckucmd.h:65:9:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define getchar()   vms_getchar()
data/ckermit-305~alpha02/ckucmd.h:70:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef getchar
data/ckermit-305~alpha02/ckucmd.h:71:9:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define getchar()   coninc(0)
data/ckermit-305~alpha02/ckucmd.h:75:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef getchar
data/ckermit-305~alpha02/ckucmd.h:76:9:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define getchar() coninc(0)
data/ckermit-305~alpha02/ckucmd.h:80:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef getchar
data/ckermit-305~alpha02/ckucmd.h:81:9:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define getchar() coninc(0)
data/ckermit-305~alpha02/ckucns.c:868:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((kbc = read(0, kbuf, kbc)) < 1) { /* Now read it/them. */
data/ckermit-305~alpha02/ckucns.c:979:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	rc = read(fileno(stdin), &ch, 1); /* Read a character. */
data/ckermit-305~alpha02/ckucns.c:1604:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    int len = strlen(tt_idlestr);
data/ckermit-305~alpha02/ckucns.c:2142:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                int i, len = strlen((char *)ksbuf);
data/ckermit-305~alpha02/ckucns.c:2162:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    apclength = strlen(apcbuf);
data/ckermit-305~alpha02/ckucon.c:572:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    read(xpipe[0], &code, sizeof(code)); /* Get function code from pipe */
data/ckermit-305~alpha02/ckucon.c:592:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(xpipe[0], (char *)&i, sizeof(i)); /* Trigger index */
data/ckermit-305~alpha02/ckucon.c:596:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(xpipe[0], (char *)&ibc, sizeof(ibc)); /* Copy child's */
data/ckermit-305~alpha02/ckucon.c:599:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    read(xpipe[0], (char *)&ibp, sizeof(ibp));
data/ckermit-305~alpha02/ckucon.c:600:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    read(xpipe[0], ibp, ibc);
data/ckermit-305~alpha02/ckucon.c:678:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(xpipe[0], (char *)&duplex, sizeof(duplex));
data/ckermit-305~alpha02/ckucon.c:683:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(xpipe[0],
data/ckermit-305~alpha02/ckucon.c:690:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(xpipe[0],
data/ckermit-305~alpha02/ckucon.c:707:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(xpipe[0], (char *)&x, sizeof(x));
data/ckermit-305~alpha02/ckucon.c:710:4:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  read(xpipe[0], (char *)ksbuf, x+1);
data/ckermit-305~alpha02/ckucon.c:713:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(xpipe[0], (char *)&apclength, sizeof(apclength));
data/ckermit-305~alpha02/ckucon.c:714:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(xpipe[0], apcbuf, apclength+1); /* Include trailing zero byte */
data/ckermit-305~alpha02/ckucon.c:716:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(xpipe[0], (char *)&ibc, sizeof(ibc)); /* Copy child's */
data/ckermit-305~alpha02/ckucon.c:718:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    read(xpipe[0], (char *)&ibp, sizeof(ibp));
data/ckermit-305~alpha02/ckucon.c:719:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    read(xpipe[0], ibp, ibc);
data/ckermit-305~alpha02/ckucon.c:730:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(xpipe[0],padparms,MAXPADPARMS);
data/ckermit-305~alpha02/ckucon.c:897:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((kbc = read(0, kbuf, kbc)) < 1) { /* Now read it/them. */
data/ckermit-305~alpha02/ckucon.c:965:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((i = read(xpipe[0], &c, 1)) <= 0) {
data/ckermit-305~alpha02/ckucon.c:1292:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                int i, len = strlen((char*)ksbuf);
data/ckermit-305~alpha02/ckucon.c:1310:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    n = (int) strlen((char *)ksbuf);
data/ckermit-305~alpha02/ckucon.c:1324:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    apclength = strlen(apcbuf);
data/ckermit-305~alpha02/ckudia.c:172:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#ifdef getchar
data/ckermit-305~alpha02/ckudia.c:173:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef getchar
data/ckermit-305~alpha02/ckudia.c:175:9:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define getchar(x) coninc(0)
data/ckermit-305~alpha02/ckudia.c:4450:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((x = strlen(s)) > 0) {		/* Replace spaces by underscores */
data/ckermit-305~alpha02/ckudia.c:4469:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uidbuf)+strlen(myhost)+strlen(ttname)+strlen(s)+strlen(buf2)+32;
data/ckermit-305~alpha02/ckudia.c:4469:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uidbuf)+strlen(myhost)+strlen(ttname)+strlen(s)+strlen(buf2)+32;
data/ckermit-305~alpha02/ckudia.c:4469:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uidbuf)+strlen(myhost)+strlen(ttname)+strlen(s)+strlen(buf2)+32;
data/ckermit-305~alpha02/ckudia.c:4469:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uidbuf)+strlen(myhost)+strlen(ttname)+strlen(s)+strlen(buf2)+32;
data/ckermit-305~alpha02/ckudia.c:4469:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uidbuf)+strlen(myhost)+strlen(ttname)+strlen(s)+strlen(buf2)+32;
data/ckermit-305~alpha02/ckudia.c:4682:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int lr = (int)strlen(r);	/*  0 means not found, 1 means found it */
data/ckermit-305~alpha02/ckudia.c:4686:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = (int)strlen(s)-lr; i >= 0; i--)
data/ckermit-305~alpha02/ckudia.c:5071:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(dcmd) + (int)strlen(telnbr) > (LBUFL - 2)) {
data/ckermit-305~alpha02/ckudia.c:5071:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(dcmd) + (int)strlen(telnbr) > (LBUFL - 2)) {
data/ckermit-305~alpha02/ckudia.c:5110:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((int)strlen(telnbr) < 199) {
data/ckermit-305~alpha02/ckudia.c:5470:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (ws && (int)strlen(ws) > 0) {
data/ckermit-305~alpha02/ckudia.c:5474:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (mp->wake_prompt && (int)strlen(mp->wake_prompt) > 0) {
data/ckermit-305~alpha02/ckudia.c:5799:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((int)strlen(dcmd) + (int)strlen(xnum) > LBUFL)
data/ckermit-305~alpha02/ckudia.c:5799:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((int)strlen(dcmd) + (int)strlen(xnum) > LBUFL)
data/ckermit-305~alpha02/ckudia.c:5935:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    x = (int)strlen(modemmsg) - 1;
data/ckermit-305~alpha02/ckudia.c:6574:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((int)strlen(ttname) < (ERMSGL - 18)) /* safe, checked */
data/ckermit-305~alpha02/ckudia.c:6600:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((int)strlen(ttname) < (ERMSGL - 18)) /* safe, checked */
data/ckermit-305~alpha02/ckudia.c:6670:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = (int) strlen(telnbr);
data/ckermit-305~alpha02/ckudia.c:6691:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		waitct = 1 * (int)strlen(telnbr) ; /* Worst case dial time */
data/ckermit-305~alpha02/ckudia.c:6706:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		waitct = 1 * (int)strlen(telnbr) ;
data/ckermit-305~alpha02/ckudia.c:7219:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((int)strlen(nbuf) > 3)
data/ckermit-305~alpha02/ckudia.c:7869:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((int)strlen(cptr) < 9)   /* Just CONNECT, */
data/ckermit-305~alpha02/ckudia.c:8179:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (ttol((CHAR *)escbuf,(int)strlen((char *)escbuf)) < 0) {
data/ckermit-305~alpha02/ckufio.c:666:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        resp[i]->resp = (char *) malloc((int)strlen(message) + 1);
data/ckermit-305~alpha02/ckufio.c:1368:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(fullname);
data/ckermit-305~alpha02/ckufio.c:1737:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = 24 + 12 + (int)strlen(s) + 16
data/ckermit-305~alpha02/ckufio.c:1738:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  + (int)strlen(fullname) + 1 + 1 + 1 + 1
data/ckermit-305~alpha02/ckufio.c:1739:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    + (int)strlen(p) + 6 + 2 + 12;
data/ckermit-305~alpha02/ckufio.c:1772:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                dummy = write(xferlog, iksdmsg, (int)strlen(iksdmsg));
data/ckermit-305~alpha02/ckufio.c:1801:6:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	a = getc(fp[n]);
data/ckermit-305~alpha02/ckufio.c:2056:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return(ttol(s,((int)strlen(s)) < 0) ? -1 : 0);
data/ckermit-305~alpha02/ckufio.c:2065:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	k = strlen(s);
data/ckermit-305~alpha02/ckufio.c:2123:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((k = (int)strlen(s)) > x) x = k; /* Nothing else would make sense */
data/ckermit-305~alpha02/ckufio.c:2286:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(name);
data/ckermit-305~alpha02/ckufio.c:2427:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(name);
data/ckermit-305~alpha02/ckufio.c:2533:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = (int)strlen(name);              /* Get length of filename */
data/ckermit-305~alpha02/ckufio.c:2553:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = strlen(s);
data/ckermit-305~alpha02/ckufio.c:2654:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (i = (int)strlen(s); i > 0; i--) {
data/ckermit-305~alpha02/ckufio.c:2772:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(fullname,p,CKMAXPATH);
data/ckermit-305~alpha02/ckufio.c:2774:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(fullname,name,CKMAXPATH);
data/ckermit-305~alpha02/ckufio.c:3674:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = fn + (int)strlen(fn) - 1;
data/ckermit-305~alpha02/ckufio.c:3691:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((x = strlen(fn)) > 0) {
data/ckermit-305~alpha02/ckufio.c:3896:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = (int)strlen(fn) - 1; (!flag && (i > 0)); i--) {
data/ckermit-305~alpha02/ckufio.c:3958:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(fn);
data/ckermit-305~alpha02/ckufio.c:3994:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((fnlen = strlen(fn)) < 1) {	/* Get length */
data/ckermit-305~alpha02/ckufio.c:4007:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k = strlen(fn);                 /* Length of name part */
data/ckermit-305~alpha02/ckufio.c:4108:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(new);
data/ckermit-305~alpha02/ckufio.c:4109:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!(p = malloc(strlen(new) + strlen(old) + 2)))
data/ckermit-305~alpha02/ckufio.c:4109:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!(p = malloc(strlen(new) + strlen(old) + 2)))
data/ckermit-305~alpha02/ckufio.c:4113:11:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
          strcat(p,"/");		/* (safe) */
data/ckermit-305~alpha02/ckufio.c:4268:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(dst);
data/ckermit-305~alpha02/ckufio.c:4287:13:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    perms = umask(0);                   /* Get user's umask */
data/ckermit-305~alpha02/ckufio.c:4288:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(perms);			/* Put it back! */
data/ckermit-305~alpha02/ckufio.c:4305:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            while ((x = read(in,buf,1024)) > 0) { /* Copy in 1K blocks */
data/ckermit-305~alpha02/ckufio.c:4625:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        xx->date.len = (int)strlen(xx->date.val);
data/ckermit-305~alpha02/ckufio.c:4656:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        xx->lprotect.len = (int)strlen(lperms);
data/ckermit-305~alpha02/ckufio.c:4752:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    yy = (int)strlen(datbuf);
data/ckermit-305~alpha02/ckufio.c:5187:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(date);
data/ckermit-305~alpha02/ckufio.c:5498:20:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
            mask = umask(0);            /* Get umask */
data/ckermit-305~alpha02/ckufio.c:5500:13:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
            umask(mask);                /* Put it back */
data/ckermit-305~alpha02/ckufio.c:5696:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(f);
data/ckermit-305~alpha02/ckufio.c:5697:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = n + n + 15 + (int)strlen(p);
data/ckermit-305~alpha02/ckufio.c:5761:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = 8 + (int)strlen(f) + (int)strlen(printername);
data/ckermit-305~alpha02/ckufio.c:5761:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = 8 + (int)strlen(f) + (int)strlen(printername);
data/ckermit-305~alpha02/ckufio.c:5766:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = 8 + (int)strlen(f) + (int)strlen(printername);
data/ckermit-305~alpha02/ckufio.c:5766:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = 8 + (int)strlen(f) + (int)strlen(printername);
data/ckermit-305~alpha02/ckufio.c:5771:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = 4 + (int)strlen(PRINTCMD) + (int)strlen(p) + (int)strlen(f);
data/ckermit-305~alpha02/ckufio.c:5771:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = 4 + (int)strlen(PRINTCMD) + (int)strlen(p) + (int)strlen(f);
data/ckermit-305~alpha02/ckufio.c:5771:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = 4 + (int)strlen(PRINTCMD) + (int)strlen(p) + (int)strlen(f);
data/ckermit-305~alpha02/ckufio.c:5805:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = (int)strlen(pat) + (int)strlen(lscmd) + 3; /* Length of ls command */
data/ckermit-305~alpha02/ckufio.c:5805:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = (int)strlen(pat) + (int)strlen(lscmd) + 3; /* Length of ls command */
data/ckermit-305~alpha02/ckufio.c:5832:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            x = (int)strlen(p);         /* Keep - get length of name */
data/ckermit-305~alpha02/ckufio.c:6281:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        endcur += (int)strlen(pl -> npart); /* Advance end pointer */
data/ckermit-305~alpha02/ckufio.c:6343:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while (read(fd, (char *)dirbuf, sizeof dir_entry) > 0)
data/ckermit-305~alpha02/ckufio.c:6625:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int)strlen(str);		/* Space this will use */
data/ckermit-305~alpha02/ckufio.c:6824:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = (int)strlen(dirname);
data/ckermit-305~alpha02/ckufio.c:7308:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(path);
data/ckermit-305~alpha02/ckufio.c:7322:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (!(zp = malloc(strlen(xp) + 1))) { /* Make a place for it */
data/ckermit-305~alpha02/ckufio.c:7501:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(zfntmp);
data/ckermit-305~alpha02/ckufio.c:7546:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(buf);
data/ckermit-305~alpha02/ckufio.c:7556:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((y = (int)strlen(s)) > len) /* If enough room... */
data/ckermit-305~alpha02/ckufio.c:7808:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *new = malloc((unsigned) strlen(s) + 1);
data/ckermit-305~alpha02/ckufio.c:8144:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(name);
data/ckermit-305~alpha02/ckufio.c:8531:12:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    (VOID) umask(defumask);
data/ckermit-305~alpha02/ckufio.c:8562:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k = strlen(p2);
data/ckermit-305~alpha02/ckufio.c:8563:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(&dbrec[DB_ULEN],ulongtohex((unsigned long)k,4),4);
data/ckermit-305~alpha02/ckufio.c:8565:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(&dbrec[DB_FLAGS],ulongtohex(myflags,4),4);
data/ckermit-305~alpha02/ckufio.c:8568:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(&dbrec[DB_AMODE],ulongtohex(myamode,4),4);
data/ckermit-305~alpha02/ckufio.c:8570:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(&dbrec[DB_ATYPE],ulongtohex(myatype,4),4);
data/ckermit-305~alpha02/ckufio.c:8579:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(&dbrec[DB_DLEN],
data/ckermit-305~alpha02/ckufio.c:8580:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                ulongtohex((unsigned long)strlen(p2),4),
data/ckermit-305~alpha02/ckupty.c:680:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slave[strlen("/dev/")] = 'p';
data/ckermit-305~alpha02/ckupty.c:737:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(slaveret) > slavelength - 1) {
data/ckermit-305~alpha02/ckupty.c:801:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(p) > slavelength - 1) {
data/ckermit-305~alpha02/ckupty.c:815:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(slavebuf) > slavelength - 1) {
data/ckermit-305~alpha02/ckupty.c:841:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(slavebuf) > slavelength -1) {
data/ckermit-305~alpha02/ckupty.c:863:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tty_bank =  &master_name[strlen("/dev/ptym/pty")];
data/ckermit-305~alpha02/ckupty.c:864:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tty_num  =  &master_name[strlen("/dev/ptym/ptyX")];
data/ckermit-305~alpha02/ckupty.c:865:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slave_bank = &slave_name[strlen("/dev/pty/tty")];
data/ckermit-305~alpha02/ckupty.c:866:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slave_num  = &slave_name[strlen("/dev/pty/ttyX")];
data/ckermit-305~alpha02/ckupty.c:981:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ut.ut_host, host, sizeof(ut.ut_host));
data/ckermit-305~alpha02/ckupty.c:984:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ut.ut_line, tty, sizeof(ut.ut_line));
data/ckermit-305~alpha02/ckupty.c:989:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ut.ut_user, user, sizeof(ut.ut_user));
data/ckermit-305~alpha02/ckupty.c:991:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tmpx = tty + strlen(tty) - 2;
data/ckermit-305~alpha02/ckupty.c:993:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ut.ut_id, utmp_id, sizeof(ut.ut_id));
data/ckermit-305~alpha02/ckupty.c:997:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ut.ut_name, user, sizeof(ut.ut_name));
data/ckermit-305~alpha02/ckupty.c:1226:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ent.ut_line, line+sizeof("/dev/")-1, sizeof(ent.ut_line));
data/ckermit-305~alpha02/ckupty.c:1253:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(ent.ut_host, host, sizeof(ent.ut_host));
data/ckermit-305~alpha02/ckupty.c:1272:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(ent.ut_id, s, 4);
data/ckermit-305~alpha02/ckupty.c:1276:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tmpx = line + strlen(line)-1;
data/ckermit-305~alpha02/ckupty.c:1283:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(ent.ut_id, utmp_id, sizeof(ent.ut_id));
data/ckermit-305~alpha02/ckupty.c:1285:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ent.ut_user, username, sizeof(ent.ut_user));
data/ckermit-305~alpha02/ckupty.c:1289:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ent.ut_name, username, sizeof(ent.ut_name));
data/ckermit-305~alpha02/ckupty.c:1294:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(userbuf, username, sizeof(userbuf));
data/ckermit-305~alpha02/ckupty.c:1312:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(ut.ut_line, line, sizeof(ut.ut_line));
data/ckermit-305~alpha02/ckupty.c:1315:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	  strncpy(userbuf,utptr->ut_user,sizeof(ut.ut_user));
data/ckermit-305~alpha02/ckupty.c:1328:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(utx.ut_user, ent.ut_user, sizeof(ent.ut_user));
data/ckermit-305~alpha02/ckupty.c:1329:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(utx.ut_id, ent.ut_id, sizeof(ent.ut_id));
data/ckermit-305~alpha02/ckupty.c:1330:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(utx.ut_line, ent.ut_line, sizeof(ent.ut_line));
data/ckermit-305~alpha02/ckupty.c:1348:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(utx.ut_host, host, sizeof(utx.ut_host));
data/ckermit-305~alpha02/ckupty.c:1367:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    if (read(fd,
data/ckermit-305~alpha02/ckupty.c:1377:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		  strncpy(userbuf, ut.ut_user, sizeof(ut.ut_user));
data/ckermit-305~alpha02/ckupty.c:1446:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(utx.ut_host, host, sizeof(utx.ut_host) );
data/ckermit-305~alpha02/ckupty.c:1450:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(utx.ut_user, user, sizeof(utx.ut_user));
data/ckermit-305~alpha02/ckupty.c:1465:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(ut.ut_id, ent->ut_id, sizeof (ut.ut_id));
data/ckermit-305~alpha02/ckupty.c:1467:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(ut.ut_line, ent->ut_line, sizeof(ut.ut_line));
data/ckermit-305~alpha02/ckupty.c:1468:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(ut.ut_name, ent->ut_name, sizeof(ut.ut_name));
data/ckermit-305~alpha02/ckupty.c:1470:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(ut.ut_host, ent->ut_host, sizeof(ut.ut_host));
data/ckermit-305~alpha02/ckupty.c:1834:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (strlen(args[i]) == 0)
data/ckermit-305~alpha02/ckupty.c:1914:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read(syncpipe[0], &c, 1) == 0) { /* Slave side died */
data/ckermit-305~alpha02/ckuscr.c:327:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((int)strlen(rseqtrace) < SBUFL-2 )
data/ckermit-305~alpha02/ckuscr.c:370:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l = (int)strlen(e=seq_buf);		/* no more than 7 chars allowed */
data/ckermit-305~alpha02/ckuscr.c:435:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l = (int)strlen(seq_buf);
data/ckermit-305~alpha02/ckuscr.c:469:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      logstr(seq_buf,strlen(seq_buf));
data/ckermit-305~alpha02/ckutio.c:1607:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = (int)strlen(s); i > 0; i--)
data/ckermit-305~alpha02/ckutio.c:1780:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ckhexdump(p,s,(int)strlen((char *)s));
data/ckermit-305~alpha02/ckutio.c:2292:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (tn_loc = (char *)malloc((int)strlen(p)+1))
data/ckermit-305~alpha02/ckutio.c:2299:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(startupdir);
data/ckermit-305~alpha02/ckutio.c:2371:20:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
#define ctermid(x) strcpy(x,"")
data/ckermit-305~alpha02/ckutio.c:2379:20:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
#define ctermid(x) strcpy(x,"")
data/ckermit-305~alpha02/ckutio.c:2903:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    x = (int)strlen(flfnam) + (int)strlen(DIRCMD) + 2;
data/ckermit-305~alpha02/ckutio.c:2903:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    x = (int)strlen(flfnam) + (int)strlen(DIRCMD) + 2;
data/ckermit-305~alpha02/ckutio.c:2940:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((int)strlen(fullname) > 0)
data/ckermit-305~alpha02/ckutio.c:2971:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    x = (int)strlen(flfnam) + (int)strlen(DIRCMD) + 2;
data/ckermit-305~alpha02/ckutio.c:2971:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    x = (int)strlen(flfnam) + (int)strlen(DIRCMD) + 2;
data/ckermit-305~alpha02/ckutio.c:4784:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	x = read(fd,buf,(int)len);
data/ckermit-305~alpha02/ckutio.c:4794:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	x = read(fd, (char *)&pid, 4);	/* Read the bytes into an int */
data/ckermit-305~alpha02/ckutio.c:4799:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	x = read(fd, (char *)&spid, 2);	/* Read the bytes into a short */
data/ckermit-305~alpha02/ckutio.c:5178:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((int)strlen(device) + 8 < LFNAML)
data/ckermit-305~alpha02/ckutio.c:5184:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((int)strlen(device) + 5 < LFNAML)
data/ckermit-305~alpha02/ckutio.c:5220:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = (int)strlen(lockfil) - 1;	/* Get last letter of device name. */
data/ckermit-305~alpha02/ckutio.c:5528:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(lockdir)+12 < LFNAML)
data/ckermit-305~alpha02/ckutio.c:8550:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read(fd, mybuf, 255);
data/ckermit-305~alpha02/ckutio.c:8561:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  n = read(fd, mybuf, sizeof(mybuf));
data/ckermit-305~alpha02/ckutio.c:8660:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    n = read(fd, mybuf, sizeof(mybuf));
data/ckermit-305~alpha02/ckutio.c:8826:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    x = read(fd, mybuf, (int) avail);
data/ckermit-305~alpha02/ckutio.c:8916:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    x = read(fd, mybuf, 1);
data/ckermit-305~alpha02/ckutio.c:9703:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    read (m, &xproc, sizeof(xproc));
data/ckermit-305~alpha02/ckutio.c:9707:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            read(tty, &c, 1);
data/ckermit-305~alpha02/ckutio.c:9713:4:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  read(tty, &c, 1);
data/ckermit-305~alpha02/ckutio.c:9721:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(m, &pp, sizeof(pp)) != sizeof(pp))  err("no read of proc ptr");
data/ckermit-305~alpha02/ckutio.c:9724:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    read(m, &xproc, sizeof(xproc));
data/ckermit-305~alpha02/ckutio.c:9728:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(m,p,xproc * sizeof(struct proc)) != xproc*sizeof(struct proc))
data/ckermit-305~alpha02/ckutio.c:9787:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = (int)strlen(brnuls);
data/ckermit-305~alpha02/ckutio.c:9809:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = (int)strlen(brnuls);
data/ckermit-305~alpha02/ckutio.c:10004:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    x = read(kmem[TTY], &n, sizeof(int));
data/ckermit-305~alpha02/ckutio.c:10310:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    x = read(fd,buf,n);
data/ckermit-305~alpha02/ckutio.c:10884:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    if ((n = read(fd, &n, 1)) < 1)
data/ckermit-305~alpha02/ckutio.c:11228:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        while ((n = read(fd,&ch,1)) == 0) /* Wait for a character. */
data/ckermit-305~alpha02/ckutio.c:11274:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    n = read(fd,&ch,1);		/* Otherwise call the system. */
data/ckermit-305~alpha02/ckutio.c:11395:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = (int)strlen(brnuls);		/* Send the right number of nulls */
data/ckermit-305~alpha02/ckutio.c:11717:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep((unsigned int)(m * 1000));
data/ckermit-305~alpha02/ckutio.c:12182:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    x = read(0,conbufp,x);
data/ckermit-305~alpha02/ckutio.c:12655:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(s);
data/ckermit-305~alpha02/ckutio.c:12709:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  x = ttol((CHAR *)p,(int)strlen(p));
data/ckermit-305~alpha02/ckutio.c:12731:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (*s) ttol((CHAR *)s,(int)strlen(s));
data/ckermit-305~alpha02/ckutio.c:12845:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    n = read(0, &ch, 1);	/* Read a character. */
data/ckermit-305~alpha02/ckutio.c:12929:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      n = read(0, &ch, 1);
data/ckermit-305~alpha02/ckutio.c:14794:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((int)strlen(args[i]) == 0)
data/ckermit-305~alpha02/ckutio.c:15169:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		x = read(ptyfd,pbuf+pbuf_avail,n);
data/ckermit-305~alpha02/ckutio.c:15455:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(date) != 17 ||
data/ckermit-305~alpha02/ckutio.c:15838:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(str1);
data/ckermit-305~alpha02/ckutio.c:15962:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(str1);
data/ckermit-305~alpha02/ckuus2.c:5832:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!all && (int)strlen(s) > 1) {
data/ckermit-305~alpha02/ckuus2.c:7387:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        s = cmdbuf + (int)strlen(cmdbuf) -1;
data/ckermit-305~alpha02/ckuus2.c:7452:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        y = (int)strlen(s[i]);
data/ckermit-305~alpha02/ckuus3.c:2245:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(env) + 2*strlen(startupdir) + 2*strlen(inidir)
data/ckermit-305~alpha02/ckuus3.c:2245:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(env) + 2*strlen(startupdir) + 2*strlen(inidir)
data/ckermit-305~alpha02/ckuus3.c:2245:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(env) + 2*strlen(startupdir) + 2*strlen(inidir)
data/ckermit-305~alpha02/ckuus3.c:2246:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                + (appdata0?2*strlen(appdata0):0) 
data/ckermit-305~alpha02/ckuus3.c:2247:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                + (appdata1?2*strlen(appdata1):0)
data/ckermit-305~alpha02/ckuus3.c:2248:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                + 2*strlen(zhome()) + 2*strlen(exedir) + 8*strlen("PHONES/")
data/ckermit-305~alpha02/ckuus3.c:2248:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                + 2*strlen(zhome()) + 2*strlen(exedir) + 8*strlen("PHONES/")
data/ckermit-305~alpha02/ckuus3.c:2248:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                + 2*strlen(zhome()) + 2*strlen(exedir) + 8*strlen("PHONES/")
data/ckermit-305~alpha02/ckuus3.c:2255:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    (env[0] && env[strlen(env)-1] == ';') ? "" : ";",
data/ckermit-305~alpha02/ckuus3.c:2345:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      if ((int) strlen(fnp->fpath) > 0)
data/ckermit-305~alpha02/ckuus3.c:2352:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(s);
data/ckermit-305~alpha02/ckuus3.c:2356:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((pp[dd] = malloc(strlen(s)+2)) == NULL) {
data/ckermit-305~alpha02/ckuus3.c:2414:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s) > LOGINLEN) {
data/ckermit-305~alpha02/ckuus3.c:2423:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int)strlen(s) > LOGINLEN) {
data/ckermit-305~alpha02/ckuus3.c:2432:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ((int)strlen(s) > LOGINLEN) {
data/ckermit-305~alpha02/ckuus3.c:2648:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(preface) + strlen(prompt) + 4;
data/ckermit-305~alpha02/ckuus3.c:2648:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(preface) + strlen(prompt) + 4;
data/ckermit-305~alpha02/ckuus3.c:2677:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(preface) + strlen(prompt) + 4;
data/ckermit-305~alpha02/ckuus3.c:2677:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(preface) + strlen(prompt) + 4;
data/ckermit-305~alpha02/ckuus3.c:2938:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(fullpath);
data/ckermit-305~alpha02/ckuus3.c:2944:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = strlen(fprompt);
data/ckermit-305~alpha02/ckuus3.c:2987:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    z = strlen(s);
data/ckermit-305~alpha02/ckuus3.c:3615:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int x = (int) strlen(s);
data/ckermit-305~alpha02/ckuus3.c:3637:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int x = (int) strlen(s2);
data/ckermit-305~alpha02/ckuus3.c:3811:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p[1] = (char *)malloc((int)strlen(s2) + 1);
data/ckermit-305~alpha02/ckuus3.c:4101:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            xx = strlen(p[2]);
data/ckermit-305~alpha02/ckuus3.c:4111:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            xx = strlen(s2);
data/ckermit-305~alpha02/ckuus3.c:4138:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            xx = strlen(s2);
data/ckermit-305~alpha02/ckuus3.c:4151:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            xx = strlen(s2);
data/ckermit-305~alpha02/ckuus3.c:4776:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!ckstrcmp(line,"locale",(int)strlen(line),0)) {
data/ckermit-305~alpha02/ckuus3.c:4788:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!ckstrcmp(line,"push",(int)strlen(line),0)) {
data/ckermit-305~alpha02/ckuus3.c:4797:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!ckstrcmp(line,"pipes",(int)strlen(line),0)) {
data/ckermit-305~alpha02/ckuus3.c:4996:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buf1,xlogbuf,17);           /* Copy of just the timestamp */
data/ckermit-305~alpha02/ckuus3.c:5100:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uidbuf) + strlen(myhost) + strlen(ttname) + 32;
data/ckermit-305~alpha02/ckuus3.c:5100:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uidbuf) + strlen(myhost) + strlen(ttname) + 32;
data/ckermit-305~alpha02/ckuus3.c:5100:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uidbuf) + strlen(myhost) + strlen(ttname) + 32;
data/ckermit-305~alpha02/ckuus3.c:5181:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uu) + strlen(myhost) + strlen(ttname) + strlen(s) + 32;
data/ckermit-305~alpha02/ckuus3.c:5181:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uu) + strlen(myhost) + strlen(ttname) + strlen(s) + 32;
data/ckermit-305~alpha02/ckuus3.c:5181:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uu) + strlen(myhost) + strlen(ttname) + strlen(s) + 32;
data/ckermit-305~alpha02/ckuus3.c:5181:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = strlen(uu) + strlen(myhost) + strlen(ttname) + strlen(s) + 32;
data/ckermit-305~alpha02/ckuus3.c:5526:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        y = x = strlen(s);              /* Get length of text */
data/ckermit-305~alpha02/ckuus3.c:5812:23:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
                      strcpy(dialldp,"0");
data/ckermit-305~alpha02/ckuus3.c:5907:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  k = (int) strlen(s);
data/ckermit-305~alpha02/ckuus3.c:5974:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  k = (int) strlen(s);
data/ckermit-305~alpha02/ckuus3.c:6051:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  k = (int) strlen(s);
data/ckermit-305~alpha02/ckuus3.c:6619:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((y = strlen(atmbuf)) < 0) /* Check for SET KEY CLEAR */
data/ckermit-305~alpha02/ckuus3.c:6733:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = LINBUFSIZ - (int) strlen(line) - 1; /* Calculate remaining space */
data/ckermit-305~alpha02/ckuus3.c:6758:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    switch (strlen(s)) {                /* Action depends on length */
data/ckermit-305~alpha02/ckuus3.c:6777:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        macrotab[kc] = (MACRO) malloc(strlen(s)+1);
data/ckermit-305~alpha02/ckuus3.c:6899:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(s) > XPCMDLEN) {
data/ckermit-305~alpha02/ckuus3.c:7406:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((y = strlen(s)) > 0)    /* Anything left? */
data/ckermit-305~alpha02/ckuus3.c:7432:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ((y = strlen(s)) > 0)
data/ckermit-305~alpha02/ckuus3.c:7443:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ((y = strlen(s)) > 0)
data/ckermit-305~alpha02/ckuus3.c:7462:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((y = strlen(s)) > 0)
data/ckermit-305~alpha02/ckuus3.c:7489:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((y = strlen(s)) > 0)
data/ckermit-305~alpha02/ckuus3.c:7697:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = strlen(s);                      /* Length of name of new print file */
data/ckermit-305~alpha02/ckuus3.c:7755:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((y = strlen(s)) > 0) {
data/ckermit-305~alpha02/ckuus3.c:8375:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    len += strlen(ssh2aut[x].kwd) + 1;
data/ckermit-305~alpha02/ckuus3.c:8426:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    len += strlen(ssh2ciphers[x].kwd) + 1;
data/ckermit-305~alpha02/ckuus3.c:8475:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    len += strlen(ssh2macs[x].kwd) + 1;
data/ckermit-305~alpha02/ckuus3.c:8526:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    len += strlen(hkatab[x].kwd) + 1;
data/ckermit-305~alpha02/ckuus3.c:9270:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              if ((y = (int) strlen(s)) < 1) {
data/ckermit-305~alpha02/ckuus3.c:9569:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              } else if ((tcp_socks_ns = malloc(strlen(s)+1))) {
data/ckermit-305~alpha02/ckuus3.c:9592:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            } else if ((tcp_address = malloc(strlen(s)+1))) {
data/ckermit-305~alpha02/ckuus3.c:10193:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            } else if ((tn_term = malloc(strlen(s)+1))) {
data/ckermit-305~alpha02/ckuus3.c:10575:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              if ((int)strlen(s) > 63) {
data/ckermit-305~alpha02/ckuus3.c:10671:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              len = strlen(s);
data/ckermit-305~alpha02/ckuus3.c:12153:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s) > 63) {
data/ckermit-305~alpha02/ckuus3.c:12818:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          len = strlen(s);
data/ckermit-305~alpha02/ckuus3.c:12846:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          len = strlen(s);
data/ckermit-305~alpha02/ckuus3.c:12900:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          len = strlen(s);
data/ckermit-305~alpha02/ckuus3.c:13134:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              len = strlen(p);
data/ckermit-305~alpha02/ckuus4.c:225:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#ifdef getchar
data/ckermit-305~alpha02/ckuus4.c:226:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef getchar
data/ckermit-305~alpha02/ckuus4.c:228:9:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define getchar(x) coninc(0)
data/ckermit-305~alpha02/ckuus4.c:1334:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(scriptenv) + strlen(keymapenv) + 3*strlen(startupdir)
data/ckermit-305~alpha02/ckuus4.c:1334:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(scriptenv) + strlen(keymapenv) + 3*strlen(startupdir)
data/ckermit-305~alpha02/ckuus4.c:1334:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(scriptenv) + strlen(keymapenv) + 3*strlen(startupdir)
data/ckermit-305~alpha02/ckuus4.c:1335:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + 3*strlen(inidir) + 3*strlen(zhome()) + 3*strlen(exedir)
data/ckermit-305~alpha02/ckuus4.c:1335:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + 3*strlen(inidir) + 3*strlen(zhome()) + 3*strlen(exedir)
data/ckermit-305~alpha02/ckuus4.c:1335:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + 3*strlen(inidir) + 3*strlen(zhome()) + 3*strlen(exedir)
data/ckermit-305~alpha02/ckuus4.c:1336:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + (appdata0 ? 3*strlen(appdata0) : 0) 
data/ckermit-305~alpha02/ckuus4.c:1337:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + (appdata1 ? 3*strlen(appdata1) : 0)
data/ckermit-305~alpha02/ckuus4.c:1338:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + 6*strlen("SCRIPTS/") + 6*strlen("KEYMAPS/") + 16;
data/ckermit-305~alpha02/ckuus4.c:1338:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + 6*strlen("SCRIPTS/") + 6*strlen("KEYMAPS/") + 16;
data/ckermit-305~alpha02/ckuus4.c:1348:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (scriptenv[0] && scriptenv[strlen(scriptenv)-1]==';')?"":";",
data/ckermit-305~alpha02/ckuus4.c:1350:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (keymapenv[0] && keymapenv[strlen(keymapenv)-1]==';')?"":";",
data/ckermit-305~alpha02/ckuus4.c:1452:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                k = strlen(p);
data/ckermit-305~alpha02/ckuus4.c:1913:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if ((int)strlen(*yargv) > UIDBUFLEN) {
data/ckermit-305~alpha02/ckuus4.c:2005:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        if (strlen(*yargv) != 1 || (*yargv)[0] == 'X') {
data/ckermit-305~alpha02/ckuus4.c:3667:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(h) < CKMAXPATH)
data/ckermit-305~alpha02/ckuus4.c:3724:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          n = strlen(CXLOGFILE);
data/ckermit-305~alpha02/ckuus4.c:3742:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k = strlen(s);
data/ckermit-305~alpha02/ckuus4.c:3757:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int) strlen(fnp->fpath) > 0)
data/ckermit-305~alpha02/ckuus4.c:7283:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = (int)strlen(s);
data/ckermit-305~alpha02/ckuus4.c:7398:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((x = (int)strlen(s)) == 0) {    /* Recursion done. */
data/ckermit-305~alpha02/ckuus4.c:7488:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(date);
data/ckermit-305~alpha02/ckuus4.c:7547:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(date);
data/ckermit-305~alpha02/ckuus4.c:7641:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(date);
data/ckermit-305~alpha02/ckuus4.c:7804:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (j = (int)strlen(buf) - 1; j > i+1; j--) {
data/ckermit-305~alpha02/ckuus4.c:7815:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    j = strlen(buf);
data/ckermit-305~alpha02/ckuus4.c:7833:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fpfbufpos += (int)strlen(buf) + 1;
data/ckermit-305~alpha02/ckuus4.c:7868:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = (char *)malloc((int)strlen(s)+1);
data/ckermit-305~alpha02/ckuus4.c:8070:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(datebuf,tmpbuf,19);
data/ckermit-305~alpha02/ckuus4.c:8072:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(datebuf,tmpbuf,19);
data/ckermit-305~alpha02/ckuus4.c:8168:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            x = strlen(fn);
data/ckermit-305~alpha02/ckuus4.c:8348:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            x = strlen(p);
data/ckermit-305~alpha02/ckuus4.c:8354:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            x = strlen(p);
data/ckermit-305~alpha02/ckuus4.c:8531:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = (int)strlen(s = bp[0]);     /* Length of macro invocation */
data/ckermit-305~alpha02/ckuus4.c:8770:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len1 = (int)strlen(pat = bp[0]); /* length of string to look for */
data/ckermit-305~alpha02/ckuus4.c:8771:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len2 = (int)strlen(s = bp[1]); /* length of string to look in */
data/ckermit-305~alpha02/ckuus4.c:8898:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len1 = (int)strlen(bp[0]);  /* length of string to look in */
data/ckermit-305~alpha02/ckuus4.c:8899:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len2 = (int)strlen(bp[1]);  /* length of string to look for */
data/ckermit-305~alpha02/ckuus4.c:8900:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len3 = (argn < 3) ? 0 : (int)strlen(bp[2]); /* Len of replacemnt */
data/ckermit-305~alpha02/ckuus4.c:9057:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(bp[0]) < 1)     /* Empty argument */
data/ckermit-305~alpha02/ckuus4.c:9069:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(p,"%d",(int)strlen(bp[0])); /* SAFE */
data/ckermit-305~alpha02/ckuus4.c:9100:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bp[0] = malloc((int)strlen(val1)+1);
data/ckermit-305~alpha02/ckuus4.c:9150:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bp[1] = malloc((int)strlen(val1)+1);
data/ckermit-305~alpha02/ckuus4.c:9168:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ((argn > 1) && (int)strlen(val1) && !rdigits(val1)) ||
data/ckermit-305~alpha02/ckuus4.c:9170:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              ((argn > 2) && (int)strlen(val2) && !rdigits(val2)))
data/ckermit-305~alpha02/ckuus4.c:9177:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            lx = strlen(bp[0]);         /* length of arg1 */
data/ckermit-305~alpha02/ckuus4.c:9225:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                k = (int)strlen(bp[0]); /* Make sure string has some length */
data/ckermit-305~alpha02/ckuus4.c:9285:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                k = (int)strlen(bp[0]); /* Length of string to be padded */
data/ckermit-305~alpha02/ckuus4.c:9293:29:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                            strncpy(p,bp[0],k); /* (leave it like this) */
data/ckermit-305~alpha02/ckuus4.c:9302:29:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                            strncpy(p,bp[0],k); /* (leave it like this) */
data/ckermit-305~alpha02/ckuus4.c:9375:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (start > (int)strlen(bp[1]))
data/ckermit-305~alpha02/ckuus4.c:9446:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(bp[0]) < (FNVALL / 2)) {
data/ckermit-305~alpha02/ckuus4.c:9463:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((int)strlen(bp[0]) < (FNVALL * 2)) {
data/ckermit-305~alpha02/ckuus4.c:9479:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if ((int)strlen(bp[0]) < (FNVALL * 2)) {
data/ckermit-305~alpha02/ckuus4.c:9525:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  if (start > (int)strlen(bp[0]))
data/ckermit-305~alpha02/ckuus4.c:9580:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (int)strlen(bp[1]) > 0 &&
data/ckermit-305~alpha02/ckuus4.c:9581:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              start <= (int)strlen(bp[0])) {
data/ckermit-305~alpha02/ckuus4.c:9608:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((len1 = (int)strlen(bp[0])) > 0) {
data/ckermit-305~alpha02/ckuus4.c:9614:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len2 = (int)strlen(s);
data/ckermit-305~alpha02/ckuus4.c:9715:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  chk3((CHAR *)bp[0],(int)strlen(bp[0])));
data/ckermit-305~alpha02/ckuus4.c:9892:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      s += strlen(s) - 1;	/* We already know it's > 0 */
data/ckermit-305~alpha02/ckuus4.c:9937:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k = (int)strlen(s = bp[0]) - n;
data/ckermit-305~alpha02/ckuus4.c:9956:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if ((x = strlen(s)) < 1)
data/ckermit-305~alpha02/ckuus4.c:9995:27:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                          strncpy(fnval,s,x); /* Leave it like this */
data/ckermit-305~alpha02/ckuus4.c:10002:19:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                  strncpy(fnval,s+1,x-2); /* Leave it like this */
data/ckermit-305~alpha02/ckuus4.c:10007:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(fnval,s,x);
data/ckermit-305~alpha02/ckuus4.c:10021:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (cx == FN_2HEX && (int)(strlen(fnval)&1))
data/ckermit-305~alpha02/ckuus4.c:10499:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  n = strlen(s);
data/ckermit-305~alpha02/ckuus4.c:10513:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  n = strlen(s);
data/ckermit-305~alpha02/ckuus4.c:10560:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  s = zgfs_link ? ckitoa((int)strlen((char *)linkname)) : ckfstoa(z);
data/ckermit-305~alpha02/ckuus4.c:10686:8:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		c1 = getc(fp1);
data/ckermit-305~alpha02/ckuus4.c:10693:8:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		c2 = getc(fp2);
data/ckermit-305~alpha02/ckuus4.c:10962:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          cmdlen = strlen(pat);         /* Get pattern length */
data/ckermit-305~alpha02/ckuus4.c:11038:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            x = strlen(bp[0]);
data/ckermit-305~alpha02/ckuus4.c:11091:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          slen = strlen(s);
data/ckermit-305~alpha02/ckuus4.c:11160:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              j = strlen(s) - 1;
data/ckermit-305~alpha02/ckuus4.c:11481:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                for (j = (int)strlen(fnval) - 1; j > i+1; j--) {
data/ckermit-305~alpha02/ckuus4.c:11704:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s) != 8) {
data/ckermit-305~alpha02/ckuus4.c:11894:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      seplen = strlen(sep);
data/ckermit-305~alpha02/ckuus4.c:11913:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            y = strlen(s);              /* Get length of this element */
data/ckermit-305~alpha02/ckuus4.c:11935:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    y = strlen(s);
data/ckermit-305~alpha02/ckuus4.c:11971:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(bp[0]);            /* Length of source */
data/ckermit-305~alpha02/ckuus4.c:12319:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	k = strlen(s);			/* Strip junk from end */
data/ckermit-305~alpha02/ckuus4.c:12428:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	k = strlen(ap) - 1;
data/ckermit-305~alpha02/ckuus4.c:12434:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		k = strlen(ap);
data/ckermit-305~alpha02/ckuus4.c:12518:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	k = strlen(s);
data/ckermit-305~alpha02/ckuus4.c:12546:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		    c = getc(fp);
data/ckermit-305~alpha02/ckuus4.c:12553:8:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			c = getc(fp);
data/ckermit-305~alpha02/ckuus4.c:12736:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = (int)strlen(prefix);	/* Length of prefix */
data/ckermit-305~alpha02/ckuus4.c:12826:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = (int)strlen(s1);
data/ckermit-305~alpha02/ckuus4.c:12832:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = (int)strlen(s2);
data/ckermit-305~alpha02/ckuus4.c:12860:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (rdigits(s1) && (int)strlen(s1) < 8) {
data/ckermit-305~alpha02/ckuus4.c:12911:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (rdigits(s1) && (int)strlen(s1) < 8) {
data/ckermit-305~alpha02/ckuus4.c:12966:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            k = strlen(p);
data/ckermit-305~alpha02/ckuus4.c:13032:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(s);
data/ckermit-305~alpha02/ckuus4.c:13102:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(s);
data/ckermit-305~alpha02/ckuus4.c:13898:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int len = strlen(p);
data/ckermit-305~alpha02/ckuus4.c:14693:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          x = strlen(vvbuf);
data/ckermit-305~alpha02/ckuus4.c:15197:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = (int)strlen(s);
data/ckermit-305~alpha02/ckuus4.c:15693:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                k = strlen(vnambuf);
data/ckermit-305~alpha02/ckuus4.c:15727:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		debug(F111,"zzstring vp",vp,(vp==NULL)?0:strlen(vp));
data/ckermit-305~alpha02/ckuus4.c:15735:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            k = strlen(vp);
data/ckermit-305~alpha02/ckuus4.c:15781:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                k = strlen(vp);
data/ckermit-305~alpha02/ckuus5.c:101:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#ifdef getchar
data/ckermit-305~alpha02/ckuus5.c:102:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef getchar
data/ckermit-305~alpha02/ckuus5.c:104:9:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define getchar(x) coninc(0)
data/ckermit-305~alpha02/ckuus5.c:1127:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (p && *p && strlen(p) <= CKMAXPATH)
data/ckermit-305~alpha02/ckuus5.c:1131:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (p && *p && strlen(p) <= CKMAXPATH)
data/ckermit-305~alpha02/ckuus5.c:1188:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(s) + strlen(startupdir) + 5 < CKMAXPATH + 8 )
data/ckermit-305~alpha02/ckuus5.c:1188:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(s) + strlen(startupdir) + 5 < CKMAXPATH + 8 )
data/ckermit-305~alpha02/ckuus5.c:1210:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                n = strlen(buf);
data/ckermit-305~alpha02/ckuus5.c:1633:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (pgmptr && strlen(pgmptr) < LINBUFSIZ-8) {
data/ckermit-305~alpha02/ckuus5.c:1636:21:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                    strncpy(line, pgmptr, lp - pgmptr);
data/ckermit-305~alpha02/ckuus5.c:1645:25:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                        strncpy(line, pgmptr, lp - pgmptr);
data/ckermit-305~alpha02/ckuus5.c:1666:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (tfnam[tlevel] = malloc(strlen(line)+1))
data/ckermit-305~alpha02/ckuus5.c:1802:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((tfnam[tlevel] = malloc(strlen(line)+1)))
data/ckermit-305~alpha02/ckuus5.c:1838:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (tfnam[tlevel] = malloc(strlen(line)+1))
data/ckermit-305~alpha02/ckuus5.c:1872:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(inidir);
data/ckermit-305~alpha02/ckuus5.c:1908:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (pgmptr && strlen(pgmptr) < LINBUFSIZ-8) {
data/ckermit-305~alpha02/ckuus5.c:1911:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(line, pgmptr, lp - pgmptr);
data/ckermit-305~alpha02/ckuus5.c:1912:17:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
                strcpy(line + (lp - pgmptr), "\\");
data/ckermit-305~alpha02/ckuus5.c:1917:21:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                    strncpy(line, pgmptr, lp - pgmptr);
data/ckermit-305~alpha02/ckuus5.c:1933:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (tfnam[tlevel] = malloc(strlen(line)+1))
data/ckermit-305~alpha02/ckuus5.c:1936:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((tfnam[tlevel] = malloc(strlen(iksdconf)+1)))
data/ckermit-305~alpha02/ckuus5.c:2226:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(lp2) - 1;          /* Position of line terminator */
data/ckermit-305~alpha02/ckuus5.c:2315:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(lp2);              /* Length after trimming */
data/ckermit-305~alpha02/ckuus5.c:2467:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        i = (int)strlen((char *)lasttakeline) - 1;
data/ckermit-305~alpha02/ckuus5.c:2537:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(s) > 70) {
data/ckermit-305~alpha02/ckuus5.c:3305:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    x = strlen(cmdbuf);	/* Avoid blank line */
data/ckermit-305~alpha02/ckuus5.c:3333:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = strlen(cmdbuf); /* Length of command buffer */
data/ckermit-305~alpha02/ckuus5.c:3410:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    debug(F111,"xxout string",obuf,strlen(obuf));
data/ckermit-305~alpha02/ckuus5.c:3595:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!(v->lv_name = (char *) malloc((int) strlen(p) + 1)))
data/ckermit-305~alpha02/ckuus5.c:3600:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!(v->lv_value = (char *) malloc((int) strlen(s) + 1)))
data/ckermit-305~alpha02/ckuus5.c:3660:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    debug(F111,"dooutput s",s,(int)strlen(s));
data/ckermit-305~alpha02/ckuus5.c:3706:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(s);                  /* Just send the string literally */
data/ckermit-305~alpha02/ckuus5.c:4094:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            x = strlen(s);
data/ckermit-305~alpha02/ckuus5.c:4238:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (((int)strlen(s) == cmdlen) &&
data/ckermit-305~alpha02/ckuus5.c:4258:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((cmdlen = strlen(cmd)) < 1) || (n < 1)) return(-3);
data/ckermit-305~alpha02/ckuus5.c:4261:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (((int)strlen(table[i].kwd) == cmdlen) &&
data/ckermit-305~alpha02/ckuus5.c:4325:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return((int)strlen(p));
data/ckermit-305~alpha02/ckuus5.c:4341:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0; (y = (int)strlen(s[i])) > 0; i++) { /* Add up total length */
data/ckermit-305~alpha02/ckuus5.c:4359:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = (int)strlen(p);                 /* Final precaution. */
data/ckermit-305~alpha02/ckuus5.c:5461:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define xxdiff(v,sys) strncmp(v,sys,strlen(sys))
data/ckermit-305~alpha02/ckuus5.c:5874:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(tt_info[tt_type].x_id))
data/ckermit-305~alpha02/ckuus5.c:6571:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            x = strlen(ap[i]) + 5;
data/ckermit-305~alpha02/ckuus5.c:7139:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(s2);
data/ckermit-305~alpha02/ckuus5.c:7178:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    r += (int) strlen(buf);
data/ckermit-305~alpha02/ckuus5.c:8316:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = (int)strlen(s1) + 4;            /* Width of current line */
data/ckermit-305~alpha02/ckuus5.c:8894:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(s);
data/ckermit-305~alpha02/ckuus5.c:9111:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(ss);
data/ckermit-305~alpha02/ckuus5.c:9293:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(s) < 2) {
data/ckermit-305~alpha02/ckuus5.c:10053:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(line);                   /* homdir ends in colon, */
data/ckermit-305~alpha02/ckuus5.c:10064:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int len = (int)strlen(s) + 2;
data/ckermit-305~alpha02/ckuus5.c:10067:17:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
                strcpy(p,":");          /* safe */
data/ckermit-305~alpha02/ckuus5.c:10190:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = (int)strlen(s) + 1;
data/ckermit-305~alpha02/ckuus6.c:1156:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            readsize = (int) strlen(s);
data/ckermit-305~alpha02/ckuus6.c:1761:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    k = strlen(s);
data/ckermit-305~alpha02/ckuus6.c:1998:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(s) > 200) {
data/ckermit-305~alpha02/ckuus6.c:2198:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    i = (int) strlen(dialpxx);
data/ckermit-305~alpha02/ckuus6.c:2199:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    j = (int) strlen(s);
data/ckermit-305~alpha02/ckuus6.c:2206:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    j = (int) strlen(s);
data/ckermit-305~alpha02/ckuus6.c:2208:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        i = (int) strlen(dialpxx[kx]);
data/ckermit-305~alpha02/ckuus6.c:2300:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                n = (int) strlen(ybuf);
data/ckermit-305~alpha02/ckuus6.c:2308:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                n = (int) strlen(ybuf);
data/ckermit-305~alpha02/ckuus6.c:2318:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                j = (int) strlen(ybuf);
data/ckermit-305~alpha02/ckuus6.c:2320:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    i = (int) strlen(dialpxx[kx]);
data/ckermit-305~alpha02/ckuus6.c:2358:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                s = (char *) (xbuf + ((x == 0) ? n : (int)strlen(diallcc)));
data/ckermit-305~alpha02/ckuus6.c:2498:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = (int) strlen(linebuf);      /* Strip line terminator, */
data/ckermit-305~alpha02/ckuus6.c:2550:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((n1 = (int) strlen(s)) < 1)     /* Length of string to look up */
data/ckermit-305~alpha02/ckuus6.c:2622:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((pp = malloc((int)strlen(line) + 1))) {
data/ckermit-305~alpha02/ckuus6.c:2725:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((n3 = (int) strlen(info[1])) < 1) /* Its length */
data/ckermit-305~alpha02/ckuus6.c:2745:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((n2 = (int) strlen(info[2])) < 1) /* Length of phone number */
data/ckermit-305~alpha02/ckuus6.c:2790:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ((int) strlen(info[1]) == t) /* Lengths compare */
data/ckermit-305~alpha02/ckuus6.c:2909:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = (int) strlen(s);
data/ckermit-305~alpha02/ckuus6.c:3345:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if ((int) strlen(s) < 1) {
data/ckermit-305~alpha02/ckuus6.c:3446:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(name,q,48);
data/ckermit-305~alpha02/ckuus6.c:3985:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pfxlen = strlen(prefix);
data/ckermit-305~alpha02/ckuus6.c:4139:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            x = strlen(line);
data/ckermit-305~alpha02/ckuus6.c:4586:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(p);                      /* Get length of result */
data/ckermit-305~alpha02/ckuus6.c:4675:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = (int)strlen(line);    /* Get length */
data/ckermit-305~alpha02/ckuus6.c:4697:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    len += (int)strlen(name) + 1;
data/ckermit-305~alpha02/ckuus6.c:5697:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		xxstruct.date.len = (int)strlen(xxstruct.date.val);
data/ckermit-305~alpha02/ckuus6.c:5771:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            p = s + (int)strlen(s) - 1; /* Yes */
data/ckermit-305~alpha02/ckuus6.c:5773:15:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
              strcat(s, "*");
data/ckermit-305~alpha02/ckuus6.c:5783:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p = s + (int)strlen(s) - 1;     /* Yes */
data/ckermit-305~alpha02/ckuus6.c:5800:11:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
          strcat(s, "+");
data/ckermit-305~alpha02/ckuus6.c:5806:11:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
          strcat(s, "*");
data/ckermit-305~alpha02/ckuus6.c:5887:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dirmsglen = strlen(tmpbuf);
data/ckermit-305~alpha02/ckuus6.c:6169:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                xxstruct.date.len = (int)strlen(xxstruct.date.val);
data/ckermit-305~alpha02/ckuus6.c:6225:25:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                        strncpy(nbp,lbp,bufleft); /* Copy this piece */
data/ckermit-305~alpha02/ckuus6.c:6228:25:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                        strncpy(nbp,string2,bufleft); /* replacement string */
data/ckermit-305~alpha02/ckuus6.c:6334:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    xxstruct.date.len = (int)strlen(xxstruct.date.val);
data/ckermit-305~alpha02/ckuus6.c:6412:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dlen = strlen(dbuf);            /* Length of date */
data/ckermit-305~alpha02/ckuus6.c:6462:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            n = strlen(linebuf);
data/ckermit-305~alpha02/ckuus6.c:6463:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            m = strlen(linkname) + n;
data/ckermit-305~alpha02/ckuus6.c:6493:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                n = strlen(linebuf);
data/ckermit-305~alpha02/ckuus6.c:6500:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            n = strlen(linebuf);
data/ckermit-305~alpha02/ckuus6.c:6505:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            i = strlen(linebuf);
data/ckermit-305~alpha02/ckuus6.c:6521:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    int x = strlen(linebuf);
data/ckermit-305~alpha02/ckuus6.c:6586:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    int x = strlen(dirlist[i]);
data/ckermit-305~alpha02/ckuus6.c:6589:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += ((int)strlen(dirlist[i]) / cmd_cols) + y;
data/ckermit-305~alpha02/ckuus6.c:7323:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        i = strlen(tmpbuf);
data/ckermit-305~alpha02/ckuus6.c:7805:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((y = (int)strlen(s)) < 1) return(-2);
data/ckermit-305~alpha02/ckuus6.c:7862:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    lp += (int)strlen(line);            /* "_for" macro. */
data/ckermit-305~alpha02/ckuus6.c:7876:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(s) < 1) goto badfor;
data/ckermit-305~alpha02/ckuus6.c:7901:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(s) < 1)
data/ckermit-305~alpha02/ckuus6.c:7937:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(s) < 1)
data/ckermit-305~alpha02/ckuus6.c:7971:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((y = (int)strlen(s)) < 1) return(-2);
data/ckermit-305~alpha02/ckuus6.c:8743:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(p);
data/ckermit-305~alpha02/ckuus6.c:8847:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		i = strlen(line);	/* Isolate source filename */
data/ckermit-305~alpha02/ckuus6.c:8855:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		i = strlen(nm);		/* And destination filename */
data/ckermit-305~alpha02/ckuus6.c:8952:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    xx.systemid.len = (int)strlen(cksysid);
data/ckermit-305~alpha02/ckuus6.c:8957:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    xx.lprotect.len = (int)strlen(pstr);
data/ckermit-305~alpha02/ckuus6.c:8960:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    xx.date.len = (int)strlen(xx.date.val);
data/ckermit-305~alpha02/ckuus6.c:9291:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = (int) strlen(s1);
data/ckermit-305~alpha02/ckuus6.c:9386:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = (int)strlen(old) - 1;	/* put it in a separate place.     */
data/ckermit-305~alpha02/ckuus6.c:9415:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((n = strlen(new)) > 0) /* so we can check for */
data/ckermit-305~alpha02/ckuus6.c:9432:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((n = strlen(new)) > 0)
data/ckermit-305~alpha02/ckuus6.c:9459:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len0 = (int)strlen(bp[0]);	/* length of original filename */
data/ckermit-305~alpha02/ckuus6.c:9460:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len1 = (int)strlen(bp[1]);	/* length of target substring */
data/ckermit-305~alpha02/ckuus6.c:9461:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len2 = (int)strlen(bp[2]);	/* Length of replacement string */
data/ckermit-305~alpha02/ckuus6.c:9567:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		x = (int)strlen(new);	/* Unreverse the result */
data/ckermit-305~alpha02/ckuus6.c:10131:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(line) < 1) return(-2);
data/ckermit-305~alpha02/ckuus6.c:10221:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(line) < 1) return(-2);
data/ckermit-305~alpha02/ckuus6.c:10519:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            y = strlen(s);
data/ckermit-305~alpha02/ckuus6.c:10539:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pv[n].sval = malloc((int)strlen(s)+1);
data/ckermit-305~alpha02/ckuus6.c:10569:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            y = strlen(s);
data/ckermit-305~alpha02/ckuus6.c:10595:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((y = strlen(s)) > 0) {
data/ckermit-305~alpha02/ckuus6.c:10617:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            y = strlen(s);
data/ckermit-305~alpha02/ckuus6.c:10634:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((y = strlen(s)) > 0) {
data/ckermit-305~alpha02/ckuus6.c:10699:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int)strlen(tmpbuf) > 0)
data/ckermit-305~alpha02/ckuus6.c:10952:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(p);
data/ckermit-305~alpha02/ckuus6.c:11075:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = strlen(cmarg2);
data/ckermit-305~alpha02/ckuus6.c:11122:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                x = strlen(cmarg2);
data/ckermit-305~alpha02/ckuus6.c:11322:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = strlen(s);                      /* y = length of target label */
data/ckermit-305~alpha02/ckuus6.c:11333:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            m = (int)strlen(lp);
data/ckermit-305~alpha02/ckuus6.c:11583:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                t = strlen(line);       /* Get its length. */
data/ckermit-305~alpha02/ckuus6.c:11853:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    t = strlen(line);
data/ckermit-305~alpha02/ckuus6.c:12013:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = (int)strlen(s);
data/ckermit-305~alpha02/ckuus6.c:12027:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        y = (int)strlen(s);
data/ckermit-305~alpha02/ckuus6.c:12034:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(tp,s,LINBUFSIZ-x-3);
data/ckermit-305~alpha02/ckuus6.c:12131:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            x = (int)strlen(lp);
data/ckermit-305~alpha02/ckuus6.c:12237:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(d1) != 17 || (int)strlen(d2) != 17) {
data/ckermit-305~alpha02/ckuus6.c:12237:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(d1) != 17 || (int)strlen(d2) != 17) {
data/ckermit-305~alpha02/ckuus6.c:12808:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              p = malloc((int)strlen(ifcond) + (int)strlen(line) + 2);
data/ckermit-305~alpha02/ckuus6.c:12808:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              p = malloc((int)strlen(ifcond) + (int)strlen(line) + 2);
data/ckermit-305~alpha02/ckuus6.c:12848:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slen = strlen(s);
data/ckermit-305~alpha02/ckuus6.c:12884:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((tfnam[tlevel] = malloc(strlen(s) + 1))) {
data/ckermit-305~alpha02/ckuus7.c:86:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#ifdef getchar
data/ckermit-305~alpha02/ckuus7.c:87:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef getchar
data/ckermit-305~alpha02/ckuus7.c:89:9:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define getchar(x) coninc(0)
data/ckermit-305~alpha02/ckuus7.c:2201:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (c = strlen(atmbuf) - 1; c > 0; c--) /* Trim */
data/ckermit-305~alpha02/ckuus7.c:2518:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((k = strlen(s)) < 5)
data/ckermit-305~alpha02/ckuus7.c:3071:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(basebuf,namebuf,z);     /* Set basename of this file */
data/ckermit-305~alpha02/ckuus7.c:3533:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ((int) strlen(fnp->fpath) > 0)
data/ckermit-305~alpha02/ckuus7.c:3552:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          x = strlen(s);
data/ckermit-305~alpha02/ckuus7.c:3984:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  k = strlen(q);
data/ckermit-305~alpha02/ckuus7.c:4656:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              len = strlen(s);
data/ckermit-305~alpha02/ckuus7.c:5559:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          x = LINBUFSIZ - (int) strlen(line) - 1; /* Get remaining space */
data/ckermit-305~alpha02/ckuus7.c:5580:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          switch (strlen(s)) {          /* Action depends on length */
data/ckermit-305~alpha02/ckuus7.c:5605:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  defevt.literal.string = (char *) malloc(strlen(s)+1);
data/ckermit-305~alpha02/ckuus7.c:5610:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  defevt.macro.string = (char *) malloc(strlen(s)+1);
data/ckermit-305~alpha02/ckuus7.c:5868:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if ((int)strlen(s) != 6) {
data/ckermit-305~alpha02/ckuus7.c:5883:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if ((int)strlen(s) != 6) {
data/ckermit-305~alpha02/ckuus7.c:6035:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = LINBUFSIZ - (int) strlen(line) - 1; /* Calculate remaining space */
data/ckermit-305~alpha02/ckuus7.c:6089:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            switch (strlen(s)) {        /* Action depends on length */
data/ckermit-305~alpha02/ckuus7.c:6111:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                defevt.macro.string = (char *) malloc(strlen(s)+1);
data/ckermit-305~alpha02/ckuus7.c:6435:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = LINBUFSIZ - (int) strlen(line) - 1; /* Calculate remaining space */
data/ckermit-305~alpha02/ckuus7.c:6462:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    switch (strlen(s)) {                /* Action depends on length */
data/ckermit-305~alpha02/ckuus7.c:6486:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       mousemap[button][event].macro.string = (MACRO) malloc(strlen(s)+1);
data/ckermit-305~alpha02/ckuus7.c:6885:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          y = strlen(s);
data/ckermit-305~alpha02/ckuus7.c:7082:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s) > XMBUFL) {
data/ckermit-305~alpha02/ckuus7.c:7316:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(s);                      /* Length of cmtxt() string */
data/ckermit-305~alpha02/ckuus7.c:7414:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    y = strlen(s);
data/ckermit-305~alpha02/ckuus7.c:7424:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        y = strlen(s);
data/ckermit-305~alpha02/ckuus7.c:7434:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            y = strlen(s);
data/ckermit-305~alpha02/ckuus7.c:7467:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        y = strlen(s);
data/ckermit-305~alpha02/ckuus7.c:7487:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((p2 = malloc((int)strlen(s) + 1)) == NULL) {
data/ckermit-305~alpha02/ckuus7.c:7599:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                for (x = (int)strlen(sbuf);
data/ckermit-305~alpha02/ckuus7.c:7614:21:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    getchar();
data/ckermit-305~alpha02/ckuus7.c:7616:21:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                x = getchar();
data/ckermit-305~alpha02/ckuus7.c:7641:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                      getchar();
data/ckermit-305~alpha02/ckuus7.c:7643:25:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    x = getchar();
data/ckermit-305~alpha02/ckuus7.c:7695:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((y = (int)strlen(s)) < 1)
data/ckermit-305~alpha02/ckuus7.c:7709:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s) < 1)  {
data/ckermit-305~alpha02/ckuus7.c:7755:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(optbuf) > 94) { /* Make sure this is legal */
data/ckermit-305~alpha02/ckuus7.c:7790:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s) < 1) {
data/ckermit-305~alpha02/ckuus7.c:7849:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if ((int)strlen(s) >= VNAML) {
data/ckermit-305~alpha02/ckuus7.c:7868:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if ((int)strlen(s) > 85) {    /* Allow for encoding expansion */
data/ckermit-305~alpha02/ckuus7.c:7999:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s) == 0) {
data/ckermit-305~alpha02/ckuus7.c:8001:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        } else if ((int)strlen(s) > MAXCUDATA) {
data/ckermit-305~alpha02/ckuus7.c:8535:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((n1 = (int) strlen(s)) < 1)     /* Length of string to look up */
data/ckermit-305~alpha02/ckuus7.c:8577:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((n = (int) strlen(info[1])) < 1) /* Length of name-tag */
data/ckermit-305~alpha02/ckuus7.c:8621:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int) strlen(info[1]) == t) /* Lengths compare */
data/ckermit-305~alpha02/ckuus7.c:10511:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if ((x = (int)strlen(s)) > PWBUFL) {
data/ckermit-305~alpha02/ckuus7.c:10532:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if ((x = (int)strlen(s)) > 63) {
data/ckermit-305~alpha02/ckuus7.c:10875:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            if ((y = (int)strlen(s)) > PWBUFL) {
data/ckermit-305~alpha02/ckuus7.c:11024:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        if ((int)strlen(s) > 63) {
data/ckermit-305~alpha02/ckuus7.c:11767:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        n = strlen(s);                  /* Get length of string arg */
data/ckermit-305~alpha02/ckuus7.c:11875:22:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if ((x = getc(t)) == EOF) {
data/ckermit-305~alpha02/ckuus7.c:11896:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            i = strlen(s);
data/ckermit-305~alpha02/ckuus7.c:12025:22:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if ((x = getc(t)) == EOF)
data/ckermit-305~alpha02/ckuus7.c:12068:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(tmpbuf);
data/ckermit-305~alpha02/ckuus7.c:12221:18:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if ((x = getc(t)) == EOF)       /* Stupid byte loop */
data/ckermit-305~alpha02/ckuus7.c:12737:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                xx = strlen(s);         /* Size of given string */
data/ckermit-305~alpha02/ckuus7.c:12825:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    k = strlen(line);
data/ckermit-305~alpha02/ckuus7.c:13278:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int len = strlen((char *)macrotab[i]);
data/ckermit-305~alpha02/ckuus7.c:13472:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      int len = strlen((char *)pnode->def.macro.string);
data/ckermit-305~alpha02/ckuus7.c:13515:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      int len = strlen((char *)pnode->def.literal.string);
data/ckermit-305~alpha02/ckuus7.c:13716:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if ((int) strlen(fnp->fpath) > 0)
data/ckermit-305~alpha02/ckuus7.c:13846:22:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if ((c = getchar()) == EOF)
data/ckermit-305~alpha02/ckuus7.c:15238:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((_u = (CHAR *)malloc((int)strlen(s) + 1)) == NULL) {
data/ckermit-305~alpha02/ckuus7.c:15298:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        } else if (*userid && strlen((char *)userid) < 60) {
data/ckermit-305~alpha02/ckuus7.c:15349:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((_p = (CHAR *)malloc((int)strlen(s) + 1)) == NULL) {
data/ckermit-305~alpha02/ckuusr.c:3804:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = line + strlen(ftpapp);
data/ckermit-305~alpha02/ckuusr.c:4196:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    y = strlen(s);
data/ckermit-305~alpha02/ckuusr.c:4230:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    y = strlen(s);
data/ckermit-305~alpha02/ckuusr.c:4262:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    pv[n].sval = malloc((int)strlen(s)+1);
data/ckermit-305~alpha02/ckuusr.c:4287:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    pv[n].sval = malloc((int)strlen(s)+1);
data/ckermit-305~alpha02/ckuusr.c:4305:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    pv[n].sval = malloc((int)strlen(s)+1);
data/ckermit-305~alpha02/ckuusr.c:4321:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((y = strlen(s)) > 0) {
data/ckermit-305~alpha02/ckuusr.c:4363:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    y = strlen(s);
data/ckermit-305~alpha02/ckuusr.c:4380:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((y = strlen(s)) > 0) {
data/ckermit-305~alpha02/ckuusr.c:4437:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((pv[n].sval = malloc((int)strlen(s)+1))) {
data/ckermit-305~alpha02/ckuusr.c:4694:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(p);
data/ckermit-305~alpha02/ckuusr.c:4838:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    lp = line + (int)strlen(line) + 1; /* Point past it */
data/ckermit-305~alpha02/ckuusr.c:4865:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (((int)strlen(fspec) + (int)strlen(p) + 1) < fspeclen) {
data/ckermit-305~alpha02/ckuusr.c:4865:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (((int)strlen(fspec) + (int)strlen(p) + 1) < fspeclen) {
data/ckermit-305~alpha02/ckuusr.c:4867:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		    strcat(fspec," ");	/* safe */
data/ckermit-305~alpha02/ckuusr.c:4896:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((y = strlen(p)) > 0) {
data/ckermit-305~alpha02/ckuusr.c:4915:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = strlen(line);
data/ckermit-305~alpha02/ckuusr.c:4959:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if ((int)strlen(s) > 94) { /* Ensure legal size */
data/ckermit-305~alpha02/ckuusr.c:5139:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((y = strlen(cmarg2)) > 0) {
data/ckermit-305~alpha02/ckuusr.c:5501:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((y = strlen(s)) > 0) {
data/ckermit-305~alpha02/ckuusr.c:5537:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (tt_idlesnd_str = (char *)malloc((int)strlen(pv[CONN_IS].sval)+1))
data/ckermit-305~alpha02/ckuusr.c:5721:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(fspec) + (int)strlen(s) + 1) < fspeclen) {
data/ckermit-305~alpha02/ckuusr.c:5721:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(fspec) + (int)strlen(s) + 1) < fspeclen) {
data/ckermit-305~alpha02/ckuusr.c:5723:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(fspec," ");		/* safe */
data/ckermit-305~alpha02/ckuusr.c:5779:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = (int) strlen(line);	/* Length of filename */
data/ckermit-305~alpha02/ckuusr.c:5785:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    x = (int) strlen(cmarg2);	/* Length of as-name */
data/ckermit-305~alpha02/ckuusr.c:6926:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(editopts) + (int)strlen(editfile) + 1) < TMPBUFSIZ) {
data/ckermit-305~alpha02/ckuusr.c:6926:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(editopts) + (int)strlen(editfile) + 1) < TMPBUFSIZ) {
data/ckermit-305~alpha02/ckuusr.c:6935:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = s + strlen(editor);		/* And again with the slashes */
data/ckermit-305~alpha02/ckuusr.c:6985:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(browsopts) + (int)strlen(browsurl) + 1) < TMPBUFSIZ) {
data/ckermit-305~alpha02/ckuusr.c:6985:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(browsopts) + (int)strlen(browsurl) + 1) < TMPBUFSIZ) {
data/ckermit-305~alpha02/ckuusr.c:6998:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = line + strlen(browser);		/* Flip slashes */
data/ckermit-305~alpha02/ckuusr.c:7023:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = strlen(s);
data/ckermit-305~alpha02/ckuusr.c:7606:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    memset(http_d_pass,0,strlen(http_d_pass));
data/ckermit-305~alpha02/ckuusr.c:7627:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memset(http_d_pass,0,strlen(http_d_pass));
data/ckermit-305~alpha02/ckuusr.c:7701:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(http_pass,0,strlen(http_pass));
data/ckermit-305~alpha02/ckuusr.c:7909:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        y = (int)strlen(s[i]);
data/ckermit-305~alpha02/ckuusr.c:7961:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                len = (int)strlen(tag);
data/ckermit-305~alpha02/ckuusr.c:8010:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len1 = (int)strlen(s);
data/ckermit-305~alpha02/ckuusr.c:8011:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len2 = (int)strlen(takefile);
data/ckermit-305~alpha02/ckuusr.c:8012:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len3 = (int)strlen(lineno);
data/ckermit-305~alpha02/ckuusr.c:8013:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len4 = (int)strlen((char *)lasttakeline);
data/ckermit-305~alpha02/ckuusr.c:8349:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = strlen(line);
data/ckermit-305~alpha02/ckuusr.c:8512:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	x = strlen(s);
data/ckermit-305~alpha02/ckuusr.c:9015:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    x = LINBUFSIZ - (int) strlen(line) - 1;
data/ckermit-305~alpha02/ckuusr.c:9177:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    return(success = ((int)strlen(pwp) > 0));
data/ckermit-305~alpha02/ckuusr.c:9183:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    return(success = ((int)strlen(pwp) > 0));
data/ckermit-305~alpha02/ckuusr.c:9961:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (((int)strlen(fspec) + (int)strlen(p) + 1) < fspeclen) {
data/ckermit-305~alpha02/ckuusr.c:9961:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (((int)strlen(fspec) + (int)strlen(p) + 1) < fspeclen) {
data/ckermit-305~alpha02/ckuusr.c:9963:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(fspec," ");	/* safe */
data/ckermit-305~alpha02/ckuusr.c:10417:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  (scriptenv && scriptenv[strlen(scriptenv)-1]==';')?"":";",
data/ckermit-305~alpha02/ckuusr.c:10422:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  (keymapenv && keymapenv[strlen(keymapenv)-1]==';')?"":";",
data/ckermit-305~alpha02/ckuusr.c:10490:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    x = strlen(line);
data/ckermit-305~alpha02/ckuusr.c:10504:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		x = strlen(s);
data/ckermit-305~alpha02/ckuusr.c:10649:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  memset(ssh_tmpstr,0,strlen(ssh_tmpstr));
data/ckermit-305~alpha02/ckuusr.c:10758:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    if ((x = (int)strlen(s)) > PWBUFL) {
data/ckermit-305~alpha02/ckuusr.c:10810:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  memset(ssh_tmpstr,0,strlen(ssh_tmpstr));
data/ckermit-305~alpha02/ckuusr.c:11296:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memset(pass,0,strlen(pass));
data/ckermit-305~alpha02/ckuusr.c:11461:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  memset(ssh_tmpstr,0,strlen(ssh_tmpstr));
data/ckermit-305~alpha02/ckuusr.c:11570:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    if ((x = (int)strlen(s)) > PWBUFL) {
data/ckermit-305~alpha02/ckuusr.c:11610:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      memset(ssh_tmpstr,0,strlen(ssh_tmpstr));
data/ckermit-305~alpha02/ckuusr.c:11753:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  memset(ssh_tmpstr,0,strlen(ssh_tmpstr));
data/ckermit-305~alpha02/ckuusr.c:11862:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    if ((x = (int)strlen(s)) > PWBUFL) {
data/ckermit-305~alpha02/ckuusr.c:11902:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      memset(ssh_tmpstr,0,strlen(ssh_tmpstr));
data/ckermit-305~alpha02/ckuusr.c:12423:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if ((int)strlen(s) > 63) {
data/ckermit-305~alpha02/ckuusr.c:12442:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((int)strlen(s) > 127) {
data/ckermit-305~alpha02/ckuusr.c:12712:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if ((int) strlen(wc) > 0) {
data/ckermit-305~alpha02/ckuusx.c:2032:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    count = strlen(s);
data/ckermit-305~alpha02/ckuusx.c:2283:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(fdate);
data/ckermit-305~alpha02/ckuusx.c:2658:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int)strlen(str);
data/ckermit-305~alpha02/ckuusx.c:2695:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(arg1)+(int)strlen(arg2)+(int)strlen(arg3)+4) < MAXSP) {
data/ckermit-305~alpha02/ckuusx.c:2695:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(arg1)+(int)strlen(arg2)+(int)strlen(arg3)+4) < MAXSP) {
data/ckermit-305~alpha02/ckuusx.c:2695:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(arg1)+(int)strlen(arg2)+(int)strlen(arg3)+4) < MAXSP) {
data/ckermit-305~alpha02/ckuusx.c:2740:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    mgbufp = malloc((int)strlen(string)+2);
data/ckermit-305~alpha02/ckuusx.c:2755:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (x = strlen(s);                 /* Strip trailing spaces */
data/ckermit-305~alpha02/ckuusx.c:2931:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    x = (int)strlen(vvbuf);
data/ckermit-305~alpha02/ckuusx.c:3511:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s1) + (int)strlen(s2) + 15 > TBUFL)
data/ckermit-305~alpha02/ckuusx.c:3511:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s1) + (int)strlen(s2) + 15 > TBUFL)
data/ckermit-305~alpha02/ckuusx.c:3522:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = (int)strlen(s2);
data/ckermit-305~alpha02/ckuusx.c:3530:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = (int)strlen(s2);
data/ckermit-305~alpha02/ckuusx.c:3541:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s1) + 15 > TBUFL)
data/ckermit-305~alpha02/ckuusx.c:3547:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = (int)strlen(s2);
data/ckermit-305~alpha02/ckuusx.c:3549:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s1) + x + 4 > TBUFL)
data/ckermit-305~alpha02/ckuusx.c:3556:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = (int)strlen(s2);
data/ckermit-305~alpha02/ckuusx.c:3558:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen(s1) + x + 15 > TBUFL)
data/ckermit-305~alpha02/ckuusx.c:3668:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(buf);
data/ckermit-305~alpha02/ckuusx.c:3686:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if ((int)strlen(msg) + 4 < left) {
data/ckermit-305~alpha02/ckuusx.c:4012:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = (int)strlen(s) + (int)strlen(fbuf);
data/ckermit-305~alpha02/ckuusx.c:4012:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = (int)strlen(s) + (int)strlen(fbuf);
data/ckermit-305~alpha02/ckuusx.c:4014:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = (int)strlen(abuf) + 4;
data/ckermit-305~alpha02/ckuusx.c:4024:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m = (int)strlen(a2buf) + 4;
data/ckermit-305~alpha02/ckuusx.c:4319:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int)strlen(s);               /* Length of string */
data/ckermit-305~alpha02/ckuusx.c:4563:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        conol(buf); hpos += (int)strlen(buf); return;
data/ckermit-305~alpha02/ckuusx.c:5060:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    symval.dsc$w_length = (int)strlen(envstr);
data/ckermit-305~alpha02/ckuusx.c:5244:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len1 = strlen(s1);
data/ckermit-305~alpha02/ckuusx.c:5245:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len2 = strlen(s2);
data/ckermit-305~alpha02/ckuusx.c:5255:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = (int) strlen(s1) + (int) strlen(s2) + 18;
data/ckermit-305~alpha02/ckuusx.c:5255:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = (int) strlen(s1) + (int) strlen(s2) + 18;
data/ckermit-305~alpha02/ckuusx.c:5387:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      x = strlen(s2);
data/ckermit-305~alpha02/ckuusx.c:6491:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int)strlen(tgsbuf) < 32)
data/ckermit-305~alpha02/ckuusx.c:6498:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int)strlen(tgsbuf) < 32)
data/ckermit-305~alpha02/ckuusx.c:6505:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int)strlen(tgsbuf) < 64)
data/ckermit-305~alpha02/ckuusx.c:7026:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                sprintf( &xferstr[strlen(xferstr)], /* safe */
data/ckermit-305~alpha02/ckuusx.c:7032:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                sprintf( &xferstr[strlen(xferstr)], /* safe */
data/ckermit-305~alpha02/ckuusx.c:7576:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(s);                    /* Length of argument string */
data/ckermit-305~alpha02/ckuusx.c:8661:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(s);                    /* Length of argument string */
data/ckermit-305~alpha02/ckuusx.c:9229:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dbdir = malloc(strlen(p)+2);
data/ckermit-305~alpha02/ckuusx.c:9252:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(dbdir);
data/ckermit-305~alpha02/ckuusx.c:9257:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x += (int)strlen(IK_DBASEFIL);
data/ckermit-305~alpha02/ckuusx.c:9333:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(&dbrec[dbfld[db_LASTU].off],
data/ckermit-305~alpha02/ckuusx.c:9372:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[dbfld[db_FLAGS].off],ulongtohex(myflags,k),k);
data/ckermit-305~alpha02/ckuusx.c:9375:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[dbfld[db_ATYPE].off],ulongtohex(myatype,k),k);
data/ckermit-305~alpha02/ckuusx.c:9378:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[dbfld[db_AMODE].off],ulongtohex(myamode,k),k);
data/ckermit-305~alpha02/ckuusx.c:9381:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[dbfld[db_STATE].off],ulongtohex(mystate,k),k);
data/ckermit-305~alpha02/ckuusx.c:9384:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[dbfld[db_SADDR].off],ulongtohex(myip,k),k);
data/ckermit-305~alpha02/ckuusx.c:9389:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[dbfld[db_CADDR].off],ulongtohex(peerxipaddr,k),k);
data/ckermit-305~alpha02/ckuusx.c:9392:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[dbfld[db_CADDR].off],ulongtohex(0L,k),k);
data/ckermit-305~alpha02/ckuusx.c:9396:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[dbfld[db_MYPID].off],ulongtohex(mypid,k),k);
data/ckermit-305~alpha02/ckuusx.c:9399:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[dbfld[db_START].off],ckdate(),k);
data/ckermit-305~alpha02/ckuusx.c:9402:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(&dbrec[dbfld[db_ULEN].off],"0000",4);
data/ckermit-305~alpha02/ckuusx.c:9405:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(&dbrec[dbfld[db_DLEN].off],"0000",4);
data/ckermit-305~alpha02/ckuusx.c:9408:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(&dbrec[dbfld[db_ILEN].off],"0000",4);
data/ckermit-305~alpha02/ckuusx.c:9410:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(&dbrec[dbfld[db_INFO].off],"INIT",4);
data/ckermit-305~alpha02/ckuusx.c:9422:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l1 = strlen(s1);
data/ckermit-305~alpha02/ckuusx.c:9424:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l2 = strlen(s2);
data/ckermit-305~alpha02/ckuusx.c:9426:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l3 = strlen(s3);
data/ckermit-305~alpha02/ckuusx.c:9427:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[DB_STATE],ulongtohex(mystate,4),4);
data/ckermit-305~alpha02/ckuusx.c:9432:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[DB_ILEN],ulongtohex((unsigned long)z,k),k);
data/ckermit-305~alpha02/ckuusx.c:9451:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(buf,&dbrec[DB_INFO],127);
data/ckermit-305~alpha02/ckuusx.c:9469:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len1 = strlen(s1);
data/ckermit-305~alpha02/ckuusx.c:9470:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len2 = strlen(s2);
data/ckermit-305~alpha02/ckuusx.c:9472:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[DB_DLEN],ulongtohex((unsigned long)(len1+len2),k),k);
data/ckermit-305~alpha02/ckuusx.c:9496:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(&dbrec[dbfld[db_FLAGS].off],ulongtohex(dbflags,k),k);
data/ckermit-305~alpha02/ckuusx.c:9539:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dummy = write(lockfd,idstring,(int)strlen(idstring));
data/ckermit-305~alpha02/ckuusy.c:315:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(p);                  /* Length of remainder */
data/ckermit-305~alpha02/ckuusy.c:967:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      char * p = (char *) malloc(strlen(path)+2);
data/ckermit-305~alpha02/ckuusy.c:3991:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((int)strlen(udata) <= MAXCUDATA) {
data/ckermit-305~alpha02/ckuusy.c:4228:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((int)strlen(*xargv) > 63) {
data/ckermit-305~alpha02/ckuusy.c:4250:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((strlen(*xargv) != 1) ||
data/ckermit-305~alpha02/ckuusy.c:4472:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((int)strlen(*xargv) > 63) {
data/ckermit-305~alpha02/ckuusy.c:4513:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if ((int)strlen(*xargv) > 63) {
data/ckermit-305~alpha02/ckuusy.c:4638:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((int)strlen(*xargv) > 63) {
data/ckermit-305~alpha02/ckuusy.c:4731:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((int)strlen(*xargv) > 63) {
data/ckermit-305~alpha02/ckwart.c:270:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((c = getc(infp)) != EOF) {
data/ckermit-305~alpha02/ckwart.c:307:23:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while (isword(c = getc(fp)) && ++len < MAXWORD) *buf++ = (char) c;
data/ckermit-305~alpha02/ckwart.c:320:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((c = getc(fp)) != EOF && c != '\n') {
data/ckermit-305~alpha02/ckwart.c:368:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if ((int)strlen(tokval) != 1)
data/ckermit-305~alpha02/ckwart.c:418:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while (c = getc(inp), (isspace(c) || c == C_L))
data/ckermit-305~alpha02/ckwart.c:423:26:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while (bcnt > 0 && (c = getc(inp)) != EOF) {
data/ckermit-305~alpha02/ckwart.c:433:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    c = getc(inp);
data/ckermit-305~alpha02/ckwart.c:569:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((c = getc(in)) != EOF) putc(c,out);
data/ckermit-305~alpha02/ckwart.c:583:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    c = getc(fp);
data/ckermit-305~alpha02/ckwart.c:590:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    if ((c = getc(fp)) == '%') return(SEP);
data/ckermit-305~alpha02/ckwart.c:602:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    if ((c = getc(fp)) == '*') {
data/ckermit-305~alpha02/ckwart.c:629:19:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while (!((c = getc(fp)) == '/' && star)) {
data/ckermit-305~alpha02/ckwart.c:685:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    new = (char *) malloc((int)strlen(s) + 1);

ANALYSIS SUMMARY:

Hits = 4243
Lines analyzed = 294561 in approximately 8.83 seconds (33343 lines/second)
Physical Source Lines of Code (SLOC) = 253597
Hits@level = [0] 6532 [1] 1323 [2] 2156 [3] 163 [4] 578 [5]  23
Hits@level+ = [0+] 10775 [1+] 4243 [2+] 2920 [3+] 764 [4+] 601 [5+]  23
Hits/KSLOC@level+ = [0+] 42.4887 [1+] 16.7313 [2+] 11.5143 [3+] 3.01265 [4+] 2.3699 [5+] 0.0906951
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.