Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/backend-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/network.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/test1284.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/testsupplies.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/usb.c
Examining data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpc.c
Examining data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c
Examining data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c
Examining data/cups-2.3.3op1~106-ga72b0140e/berkeley/lprm.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/cgi-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/cgi.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/html.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/makedocset.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/testcgi.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/testhi.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/testtemplate.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/array-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/array.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/array.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/backchannel.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/backend.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/backend.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/cups.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/debug-internal.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/debug-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dest-job.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dir.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dir.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/encode.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/file-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/file.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/file.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/getdevices.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs-internal.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/language-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/language.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/language.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/md5-internal.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/notify.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/options.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-attr.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-conflicts.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-custom.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-page.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/pwg.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-error.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interstub.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/rasterbench.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/request.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/snmp-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/string-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/string.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testadmin.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testcache.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testconflicts.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testcreds.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testcups.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testgetdests.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testoptions.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testpwg.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testraster.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testsnmp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testthreads.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/thread-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/thread.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tls.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/util.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/versioning.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c
Examining data/cups-2.3.3op1~106-ga72b0140e/data/epson.h
Examining data/cups-2.3.3op1~106-ga72b0140e/data/hp.h
Examining data/cups-2.3.3op1~106-ga72b0140e/data/label.h
Examining data/cups-2.3.3op1~106-ga72b0140e/examples/ppdx.c
Examining data/cups-2.3.3op1~106-ga72b0140e/examples/ppdx.h
Examining data/cups-2.3.3op1~106-ga72b0140e/examples/testppdx.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/commandtops.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/common.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/common.h
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/gziptoany.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/rastertohp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/rastertopwg.c
Examining data/cups-2.3.3op1~106-ga72b0140e/locale/checkpo.c
Examining data/cups-2.3.3op1~106-ga72b0140e/locale/ipp-strings.c
Examining data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c
Examining data/cups-2.3.3op1~106-ga72b0140e/locale/strings2po.c
Examining data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c
Examining data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c
Examining data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c
Examining data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c
Examining data/cups-2.3.3op1~106-ga72b0140e/notifier/testnotify.c
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/genstrings.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-array.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-attr.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-choice.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-constraint.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-file.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-filter.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-font.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-group.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-mediasize.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-message.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-option.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-profile.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-shared.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-string.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-variable.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.h
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdhtml.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdi.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdmerge.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdpo.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/testcatalog.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/banners.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/banners.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsd.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/filter.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/listen.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/policy.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/policy.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/quotas.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/select.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/server.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/sysman.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/sysman.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/testsub.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/cupsaccept.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/cupsctl.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lpinfo.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lpmove.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/dither.h
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ippevecommon.h
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/printer-lg-png.h
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/printer-png.h
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/printer-sm-png.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/dns_sd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/dns_sd.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/cclass.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/cname.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/debug.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/engine.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regex.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regex2.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regexec.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regfree.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/utils.h
Examining data/cups-2.3.3op1~106-ga72b0140e/xcode/config.h
FINAL RESULTS:
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:223:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(addr->un.sun_path, 0140777);
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1177:23: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((realsize = readlink(filename, realfile, sizeof(realfile) - 1)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:346:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(filename, user, group) && !getuid())
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:369:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(filename, mode))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:823:20: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((linkbytes = readlink(filter, linkpath, sizeof(linkpath) - 1)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:525:22: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:177:20: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:786:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(filename, argv);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:657:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(buf, sizeof(buf), format, ap);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:458:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:87:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(libpath, 0))
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:153:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(scheme, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:161:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(backend, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:463:5: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(backend, argv + first_arg);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:282:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(device, 0))
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:286:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(device, 0))
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:305:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(argv[i], R_OK) != 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:118:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:63:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:68:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:201:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:724:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
!access(CUPS_DEFAULT_DOMAINSOCKET, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:1096:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(CUPS_DEFAULT_DOMAINSOCKET, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:1368:48: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!_cups_strcasecmp(host, "localhost") && !access(name, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:1379:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:235:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(prompt, sizeof(prompt), _cupsLangString(cg->lang_default, _("Password for %s on %s? ")), cupsUser(), http->hostname[0] == '/' ? "localhost" : http->hostname);
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:393:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(prompt, sizeof(prompt),
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:287:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buffer, sizeof(buffer), logfile, getpid());
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:491:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, double));
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:515:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, long long));
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:519:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, long));
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:521:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, int));
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:536:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, void *));
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:148:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), _cupsLangString(lang, _("%g x %g \"")), size->width / 2540.0, size->length / 2540.0);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:156:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), _cupsLangString(lang, _("%d x %d mm")), (size->width + 50) / 100, (size->length + 50) / 100);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:180:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (Borderless)")), lsize);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:187:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (Borderless, %s)")), lsize, ltype);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:189:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (%s)")), lsize, ltype);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:194:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (Borderless, %s)")), lsize, lsource);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:196:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (%s)")), lsize, lsource);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:201:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (Borderless, %s, %s)")), lsize, ltype, lsource);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:203:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (%s, %s)")), lsize, ltype, lsource);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2077:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:229:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:235:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:244:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:249:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:256:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:263:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:273:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:277:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:284:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:288:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:540:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:570:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(buffer, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:572:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(buffer, executable ? X_OK : 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:596:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(buffer, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1378:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(fp->printf_buffer, fp->printf_size, format, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1400:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(fp->printf_buffer, fp->printf_size, format, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:467:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(resource, sizeof(resource), resourcef, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1870:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(buf, sizeof(buf), format, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2655:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(len, sizeof(len), CUPS_LLFMT, CUPS_LLCAST length);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:839:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), message, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1104:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if ((bytes = vsnprintf(buffer, sizeof(buffer), format, ap)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4379:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if ((bytes = vsnprintf(buffer, sizeof(buffer), format, ap)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6692:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), _cupsLangString(lang, format), ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:68:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(bufptr, sizeof(buffer) - (size_t)(bufptr - buffer),
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:124:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), temp, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:178:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer) - 1,
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1335:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(path, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1446:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, sizeof(filename),
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1450:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1459:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, sizeof(filename), CUPS_BUNDLEDIR "/Resources/%s.lproj/cups.strings", locale);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1462:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1476:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, sizeof(filename), CUPS_BUNDLEDIR "/Resources/%s.lproj/cups.strings", baselang);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1479:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1512:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(CUPS_BUNDLEDIR "/Resources/zh_TW.lproj/cups.strings", 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1530:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, sizeof(filename),
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1694:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (strchr(lang->language, '_') && access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1703:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:195:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!stat(ppdname, &ppdinfo) && !access(ppdname, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:231:45: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((tmpdir = getenv("TMPDIR")) != NULL && access(tmpdir, W_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-error.c:40:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(s, sizeof(s), f, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:174:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, double));
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:205:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, int));
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:229:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, void *));
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:343:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(buffer, bufsize, format, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/string-private.h:175:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _cups_snprintf
data/cups-2.3.3op1~106-ga72b0140e/cups/string-private.h:180:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _cups_vsnprintf
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:70:46: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((tmpdir = getenv("TMPDIR")) != NULL && access(tmpdir, W_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:326:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("locale", 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1381:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1768:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(msgbuf, sizeof(msgbuf), _cupsLangString(cg->lang_default, _("Unable to establish a secure connection to host (%d).")), error);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:2064:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, R_OK) && tls_cups_keychain)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:945:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(buffer, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:956:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(buffer, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1416:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(crtfile, R_OK) || access(keyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1416:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(crtfile, R_OK) || access(keyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1427:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(hostname, '.')) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1427:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(hostname, '.')) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1441:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1441:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1452:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1452:47: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1463:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(crtfile, R_OK) || access(keyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1463:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(crtfile, R_OK) || access(keyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1474:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(tls_common_name, '.')) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1474:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(tls_common_name, '.')) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1488:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1488:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1499:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1499:47: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:584:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (Windows %d.%d) IPP/2.0", version.dwMajorVersion, version.dwMinorVersion);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:586:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0", version.dwMajorVersion, version.dwMinorVersion, machine);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:603:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (macOS %s) IPP/2.0", version);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:605:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (macOS %s; %s) IPP/2.0", version, name.machine);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:609:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (iOS %s) IPP/2.0", version);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:611:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (iOS %s; %s) IPP/2.0", version, name.machine);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:622:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (%s %s) IPP/2.0", name.sysname, name.release);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:624:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (%s %s; %s) IPP/2.0", name.sysname, name.release, name.machine);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1188:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(CUPS_DEFAULT_DOMAINSOCKET, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2020:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(buffer, sizeof(buffer), format, ap);
data/cups-2.3.3op1~106-ga72b0140e/locale/strings2po.c:70:18: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((strings = popen(iconv, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:144:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line + 4, "%s%d", name, §ion);
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:954:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(manfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:561:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], argv);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/genstrings.cxx:45:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("../data", 0) || access("sample.drv", 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/genstrings.cxx:45:31: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access("../data", 0) || access("sample.drv", 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:69:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(pofile, sizeof(pofile), CUPS_BUNDLEDIR "/Resources/%s.lproj/cups.strings", _cupsAppleLanguage(l, applelang, sizeof(applelang)));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:70:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(pofile, 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:92:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(pofile, sizeof(pofile), CUPS_BUNDLEDIR "/Resources/%s.lproj/cups.strings", tl);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx:250:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(attr->value, "%s%*[^\"]\"%[^\"]\"%s%s", encoding, version,
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:194:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(n, 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:209:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(n, 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:218:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(n, 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:222:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(n, 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:289:4: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("cupstestppd", "cupstestppd", "-", (char *)0);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdi.cxx:85:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(srcfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:684:13: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
pass = crypt(password, pw->pw_passwd);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:691:10: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
pass = crypt(password, spw->sp_pwdp);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1997:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(urltext, sizeof(urltext), _cupsLangString(con->language, _("You must access this page using the URL https://%s:%d%s.")), con->servername, con->serverport, con->uri);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2736:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2773:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2787:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, F_OK) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3474:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(content_length, sizeof(content_length), "CONTENT_LENGTH=" CUPS_LLFMT, CUPS_LLCAST con->bytes);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:391:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(iccfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1214:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access(TempDir, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1654:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (Printcap && *Printcap && access(Printcap, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2910:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(temp, 0) && _cups_strcasecmp(value, "internal") && _cups_strcasecmp(line, "ServerKeychain"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:483:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(line, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1087:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access("/usr/local/share/ppd", 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1089:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access("/usr/share/ppd", 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1091:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access("/opt/share/ppd", 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:175:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[i + 1], argv + i + 2);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1012:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access("/System/Library/Frameworks/ApplicationServices.framework/"
data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c:172:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(v, sizeof(v), value, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:303:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:325:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2022:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(notifier, X_OK) || stat(notifier, &info) || !S_ISREG(info.st_mode))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2404:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(srcfile, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4163:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0) && strlen(attrname) > 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4176:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5749:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(notifier, X_OK) || !strcmp(scheme, ".") || !strcmp(scheme, ".."))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7101:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((dtype & CUPS_PRINTER_REMOTE) && access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7114:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10073:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(formatted, sizeof(formatted),
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1923:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(jobfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2620:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), message, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4319:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(jobfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4322:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(jobfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4446:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(jobfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:459:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), message, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:702:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:720:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:494:5: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(argv[0], argv[0], "-C", ConfigurationFile, "-s", CupsFilesFile, (char *)0);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1356:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(v, sizeof(v), f, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:182:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), message, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1033:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(line, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4087:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(strings_name, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4957:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (!access(ppd_name, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:796:7: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(exec_path, argv);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.c:86:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(sb->prefix, sizeof(sb->prefix), prefix, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:155:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(ftext, sizeof(ftext), text, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:137:5: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv("./cups-lpd", cupslpd_argv);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:176:4: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(argv[0], argv[0], options, "0", reqstr, "-o", opstring,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:179:4: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(argv[0], argv[0], options, "0", reqstr, serverstr, (char *)NULL);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:223:11: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return (execv(command, argv));
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:532:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(argv[i], R_OK) != 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1636:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(command, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1646:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(command, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2570:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!strcmp(scheme, "file") && access(resource, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3072:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, double));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3090:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, long long));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3094:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, long));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3096:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, int));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3105:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp, sizeof(temp), tformat, va_arg(ap, void *));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8236:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(supply_text, sizeof(supply_text), printer_supply[i], level);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:834:5: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(PDFTOPS, (char * const *)pdf_argv);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2058:32: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (strchr(args[0], '/') && !access(args[0], X_OK))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:462:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(argv[i], 0))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:469:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0) && filename[0] != '/'
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:476:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:479:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:656:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(argv[i], 0) && argv[i][0] != '/'
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:663:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(testname, 0))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:747:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), s, ap);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2039:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (!access(src, R_OK) || *src == '/'
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2575:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), s, ap);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3231:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(filename, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3477:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(data->file, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:36:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define access _access
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:226:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f0copy, f0);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:250:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f2copy, f2);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:505:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(efbuf, "REG_%s", name);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:1168:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(cs->multis + oldend - 1, cp);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:85:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(convbuf, r->name);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:97:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(errbuf, s);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:162:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(buf, argv[1]);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:166:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(buf, argv[1]);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:288:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(buf, tests[n].str);
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:755:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:771:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:338:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:342:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((auth_info_required = getenv("AUTH_INFO_REQUIRED")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:345:40: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
state_reasons = _cupsArrayNewStrings(getenv("PRINTER_STATE_REASONS"), ',');
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:353:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getuid() && (value = getenv("AUTH_UID")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:396:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((content_type = getenv("CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:399:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((final_content_type = getenv("FINAL_CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:641:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *ptr = getenv("AUTH_USERNAME");
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:649:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
password = getenv("AUTH_PASSWORD");
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:712:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1027:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("CLASS"))
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1253:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1319:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3185:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ppd = ppdOpenFile(getenv("PPD"))) != NULL &&
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3295:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("AUTH_INFO_REQUIRED"));
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3296:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((auth_negotiate = getenv("AUTH_NEGOTIATE")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:188:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:840:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:72:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:168:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((snmp_value = getenv("CUPS_SNMP_VALUE")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:173:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((snmp_count = getenv("CUPS_SNMP_COUNT")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:339:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((device_id = getenv("1284DEVICEID")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:515:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ppd = ppdOpenFile(getenv("PPD"))) == NULL ||
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:558:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cachedir = getenv("CUPS_CACHEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:787:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((debug = getenv("CUPS_DEBUG_LEVEL")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:790:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((runtime = getenv("CUPS_MAX_RUN_TIME")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:797:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:158:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:304:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:157:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:965:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *pdl = getenv("FINAL_CONTENT_TYPE");
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1383:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2037:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((requestedLang = getenv("APPLE_LANGUAGE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2038:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
requestedLang = getenv("LANG");
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2087:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
usb_legacy_status = getenv("USB_I386_STATUS");
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2089:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
usb_legacy_status = getenv("USB_PPC_STATUS");
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2157:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1160:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:93:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:218:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dest = getenv("LPDEST")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:220:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dest = getenv("PRINTER")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:118:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *printer = getenv("PRINTER_NAME"),
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:120:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
*server_port = getenv("SERVER_PORT");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:128:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("HTTPS") ? "https" : "http", NULL,
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:129:5: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("SERVER_NAME"), port, "/%s/%s",
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:134:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("HTTPS") ? "https" : "http", NULL,
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:135:4: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("SERVER_NAME"), port, "/admin");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:183:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HTTPS"))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:185:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("SERVER_NAME"), getenv("SERVER_PORT"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:185:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("SERVER_NAME"), getenv("SERVER_PORT"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:188:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("SERVER_NAME"), getenv("SERVER_PORT"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:188:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("SERVER_NAME"), getenv("SERVER_PORT"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1646:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_root = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1723:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((data_dir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:67:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((pclass = getenv("PATH_INFO")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:82:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
user = getenv("REMOTE_USER");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:138:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *server_port = getenv("SERVER_PORT");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:145:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("HTTPS") ? "https" : "http", NULL,
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:146:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("SERVER_NAME"), port, "/classes/%s", pclass);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:63:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cache_dir = getenv("CUPS_CACHEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:68:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((docroot = getenv("CUPS_DOCROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:99:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((helpfile = getenv("PATH_INFO")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:43:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((lang = getenv("LANG")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:273:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((user = getenv("REMOTE_USER")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:572:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((user = getenv("REMOTE_USER")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:702:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
user = getenv("REMOTE_USER");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:708:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:830:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server = getenv("SERVER_NAME")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:839:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ishttps = getenv("HTTPS") != NULL;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:152:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((user = getenv("REMOTE_USER")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:164:45: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (cupsLastError() <= IPP_OK_CONFLICT && getenv("HTTP_REFERER"))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:174:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cgiFormEncode(url + 6, getenv("HTTP_REFERER"), sizeof(url) - 6);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:68:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((printer = getenv("PATH_INFO")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:83:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
user = getenv("REMOTE_USER");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:139:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *server_port = getenv("SERVER_PORT");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:146:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("HTTPS") ? "https" : "http", NULL,
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:147:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("SERVER_NAME"), port, "/printers/%s", printer);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:96:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((lang = getenv("LANG")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:171:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:188:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cgiSetVariable("SERVER_NAME", getenv("SERVER_NAME"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:189:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cgiSetVariable("REMOTE_USER", getenv("REMOTE_USER"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:289:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
method = getenv("REQUEST_METHOD");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:290:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
content_type = getenv("CONTENT_TYPE");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:352:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((method = getenv("REQUEST_METHOD")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:620:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cookie = getenv("HTTP_COOKIE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:725:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
data = getenv("QUERY_STRING");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:977:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
content_length = getenv("CONTENT_LENGTH");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1211:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1213:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_name = getenv("SERVER_NAME")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1215:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_port = getenv("SERVER_PORT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:690:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_port_env = getenv("SERVER_PORT")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:980:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("GATEWAY_INTERFACE") && (schemedata = cups_auth_find(www_auth, "AuthRef")) != NULL && cups_auth_param(schemedata, "key", auth_key, sizeof(auth_key)))
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:1048:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
!getenv("GATEWAY_INTERFACE") && /* Not via CGI programs... */
data/cups-2.3.3op1~106-ga72b0140e/cups/backend.c:48:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((device_uri = getenv("DEVICE_URI")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/backend.c:57:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((auth_info_required = getenv("AUTH_INFO_REQUIRED")) != NULL &&
data/cups-2.3.3op1~106-ga72b0140e/cups/backend.c:61:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ppd = ppdOpenFile(getenv("PPD"))) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:98:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
_cups_debug_set(getenv("CUPS_DEBUG_LOG"), getenv("CUPS_DEBUG_LEVEL"),
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:98:47: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
_cups_debug_set(getenv("CUPS_DEBUG_LOG"), getenv("CUPS_DEBUG_LEVEL"),
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:99:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("CUPS_DEBUG_FILTER"), 0);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:181:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
_cups_debug_set(getenv("CUPS_DEBUG_LOG"), getenv("CUPS_DEBUG_LEVEL"),
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:181:47: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
_cups_debug_set(getenv("CUPS_DEBUG_LOG"), getenv("CUPS_DEBUG_LEVEL"),
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:182:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("CUPS_DEBUG_FILTER"), 0);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:408:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("CUPS_DISABLE_APPLE_DEFAULT"))
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1857:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("LPDEST"))
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1859:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (getenv("PRINTER"))
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2246:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env = getenv("LPDEST")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2247:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env = getenv("PRINTER")) != NULL && !strcmp(env, "lp"))
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2262:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("CUPS_NO_APPLE_DEFAULT") && (locprinter = _cupsAppleCopyDefaultPrinter()) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:67:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cups_global_mutex.m_criticalSection);
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:146:9: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&cups_global_mutex.m_criticalSection);
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:261:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cg->cups_datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:264:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cg->cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:267:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cg->cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:270:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cg->cups_statedir = getenv("CUPS_STATEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:273:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cg->localedir = getenv("LOCALEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:276:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cg->home = getenv("HOME");
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:302:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cg->cups_datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:305:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cg->cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:308:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cg->cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:311:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cg->cups_statedir = getenv("CUPS_STATEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:314:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cg->localedir = getenv("LOCALEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:317:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cg->home = getenv("HOME");
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c:84:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value = getenv(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:519:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("SOFTWARE") || (language = getenv("LANG")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:519:44: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("SOFTWARE") || (language = getenv("LANG")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:559:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("LC_CTYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:560:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("LC_ALL")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:561:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("LANG")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:581:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("LC_MESSAGES")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:582:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("LC_ALL")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:583:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("LANG")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1307:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SOFTWARE") != NULL && (lang = getenv("LANG")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1307:47: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SOFTWARE") != NULL && (lang = getenv("LANG")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1425:41: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *cups_strings = getenv("CUPS_STRINGS");
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:231:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) != NULL && access(tmpdir, W_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:249:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:56:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TEMP")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:70:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) != NULL && access(tmpdir, W_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:89:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1374:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("MallocStackLogging") && getenv("MallocStackLoggingNoCompact"))
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1374:39: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("MallocStackLogging") && getenv("MallocStackLoggingNoCompact"))
data/cups-2.3.3op1~106-ga72b0140e/cups/thread.c:252:3: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&mutex->m_criticalSection);
data/cups-2.3.3op1~106-ga72b0140e/cups/thread.c:270:7: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&mutex->m_criticalSection);
data/cups-2.3.3op1~106-ga72b0140e/cups/thread.c:277:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&mutex->m_criticalSection);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:110:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!cupsFileFind("certtool", getenv("PATH"), 1, command, sizeof(command)))
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1129:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("CUPS_TRUSTFIRST")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1132:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("CUPS_ANYROOT")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1135:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1138:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1142:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1146:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("CUPS_SERVER")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1149:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("CUPS_USER")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1152:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("CUPS_VALIDATECERTS")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1212:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *envuser = getenv("USER");
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1405:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ipp_port = getenv("IPP_PORT")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/commandtops.c:66:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ppd = ppdOpenFile(getenv("PPD"))) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/common.c:53:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/filter/common.c:302:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((classification = getenv("CLASSIFICATION")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/gziptoany.c:48:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("FINAL_CONTENT_TYPE"))
data/cups-2.3.3op1~106-ga72b0140e/filter/gziptoany.c:75:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("FINAL_CONTENT_TYPE"))
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2399:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((content_type = getenv("CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2646:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (doc->page_label || getenv("CLASSIFICATION") || doc->number_up > 1 ||
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:3179:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((classification = getenv("CLASSIFICATION")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c:96:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((device_uri = getenv("DEVICE_URI")) != NULL &&
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c:1045:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertohp.c:714:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:1169:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertopwg.c:75:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((final_content_type = getenv("FINAL_CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertopwg.c:81:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:74:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:619:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:403:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_admin = getenv("SERVER_ADMIN")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:419:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_root = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:199:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cachedir = getenv("CUPS_CACHEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:202:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_name = getenv("SERVER_NAME")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:205:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_port = getenv("SERVER_PORT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/testnotify.c:42:45: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fprintf(stderr, "DEBUG: TMPDIR=\"%s\"\n", getenv("TMPDIR"));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1174:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) != NULL &&
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1177:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:221:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_bin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:277:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SOFTWARE"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:747:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_bin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:479:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:931:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1053:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1732:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_bin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2585:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_cachedir = getenv("CUPS_CACHEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:655:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:150:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server_root = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1008:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((temp = getenv("PPD")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1375:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((temp = getenv("CUPS_DATADIR")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1380:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((temp = getenv("CUPS_FONTPATH")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1387:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((temp = getenv("CUPS_SERVERBIN")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c:111:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value = getenv(name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1996:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(e = getenv("UPSTART_EVENTS")))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:2010:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((e = getenv("UPSTART_FDS")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:271:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (RunUser && getenv("CUPS_TESTROOT"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:276:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cupsd_requote(testroot, getenv("CUPS_TESTROOT"), sizeof(testroot));
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2410:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2538:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2624:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3022:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ptr = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1084:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((printer = getenv("LPDEST")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1086:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((printer = getenv("PRINTER")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:62:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((content_type = getenv("CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:677:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TEMP")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:680:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:683:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tmpdir = getenv("TMPDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:74:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ipp_copies = getenv("IPP_COPIES")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:88:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if ((content_type = getenv("CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:239:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *job_name = getenv("IPP_JOB_NAME");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:244:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *job_id = getenv("IPP_JOB_ID");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:368:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("IPP_MEDIA")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:369:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("IPP_MEDIA_COL")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:370:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("IPP_MEDIA_DEFAULT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:371:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value = getenv("IPP_MEDIA_COL_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:420:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ppd = ppdOpenFile(getenv("PPD"))) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:425:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("IPP_FINISHINGS")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:426:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value = getenv("IPP_FINISHINGS_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:454:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("IPP_OUTPUT_BIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:455:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value = getenv("IPP_OUTPUT_BIN_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:463:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("IPP_SIDES")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:464:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value = getenv("IPP_SIDES_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:476:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("IPP_PRINT_QUALITY")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:477:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value = getenv("IPP_PRINT_QUALITY_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:494:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((value = getenv("IPP_PRINT_COLOR_MODE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:495:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value = getenv("IPP_PRINT_COLOR_MODE_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:810:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((job_id = getenv("IPP_JOB_ID")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:812:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((job_name = getenv("IPP_JOB_NAME")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:929:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((page_ranges = getenv("IPP_PAGE_RANGES")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:278:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1079:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1230:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1258:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1838:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2040:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2060:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (!cupsFileFind(args[0], getenv("PATH"), 1, program, sizeof(program)))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2067:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2118:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2072:33: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *userprofile = getenv("USERPROFILE");
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:702:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define CUPS_RAND() random()
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:703:25: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define CUPS_SRAND(v) srandom(v)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:705:23: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define CUPS_RAND() lrand48()
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:709:25: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define CUPS_SRAND(v) srand(v)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:44:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c:e:S:E:x")) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/xcode/config.h:635:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define CUPS_RAND() random()
data/cups-2.3.3op1~106-ga72b0140e/xcode/config.h:636:25: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define CUPS_SRAND(v) srandom(v)
data/cups-2.3.3op1~106-ga72b0140e/xcode/config.h:638:23: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define CUPS_RAND() lrand48()
data/cups-2.3.3op1~106-ga72b0140e/xcode/config.h:642:25: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define CUPS_SRAND(v) srand(v)
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uriName[1024]; /* Unquoted fullName for URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:386:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_uri[1024]; /* Device URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:739:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[1024], /* Scheme from URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:841:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullName[kDNSServiceMaxDomainName];
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:997:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], /* Key string */
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1076:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, data, (size_t)(datanext - data));
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1130:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
device->priority = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1167:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(make_and_model, model, (size_t)(ptr - model));
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devparport[16]; /* /dev/parportN */
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:105:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((devparportfd = open(devparport, O_RDWR | O_NOCTTY)) != -1)
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256], /* Temporary manufacturer string */
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:391:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary make and model */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:92:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char username[256] = "",
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:141:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpfilename[1024] = "";
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:143:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mandatory_attrs[1024] = "";
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[255], /* Scheme in URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Updated URI without user/pass */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print_job_name[1024]; /* Update job-name for Print-Job */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16384]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:355:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid_t uid = (uid_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:369:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[i], O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:572:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(value) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:573:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contimeout = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:802:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char credinfo[1024], /* Information on credentials */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1294:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1619:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(files[0], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1832:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(files[i], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1907:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fprintf(stderr, "PAGE: 1 %d\n", copies_sup ? atoi(argv[4]) : 1);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Value buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phone[1024], /* Phone number string */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2860:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char predial[1024]; /* Pre-dial string */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2917:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char def_username[HTTP_MAX_VALUE]; /* Default username */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2940:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quoted[HTTP_MAX_VALUE * 2 + 4];
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3025:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1024], /* Value string */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3098:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1024], /* State/message string */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpfilename[1024] = ""; /* Temporary spool file name */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[255], /* Scheme in URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16384]; /* Initial print buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:385:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(value) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:386:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:394:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(value) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:395:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contimeout = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:469:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:506:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
manual_copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:512:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:522:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fprintf(stderr, "PAGE: 1 %d\n", atoi(argv[4]));
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:640:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; /* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:715:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localhost[255]; /* Local host name */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:720:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[10240], /* LPD control 'file' */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrname[256]; /* Address name */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:731:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32768]; /* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portname[32], /* Port number as string */
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[65536]; /* Request/response data */
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:175:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((count = atoi(snmp_count)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:245:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataptr, packet.object_value.string.bytes, i);
data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print_buffer[8192], /* Print data buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print_buffer[8192], /* Print data buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[CUPS_SNMP_MAX_STRING], /* Name of supply */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[CUPS_MAX_SUPPLIES * 4],
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrstr[1024], /* Address string */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:299:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->address), addr, sizeof(temp->address));
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:622:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(current->addr), addr->ifa_broadaddr,
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:679:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024], /* Full device URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:788:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
DebugLevel = atoi(debug);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:791:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MaxRunTime = atoi(runtime);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:823:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
DebugLevel = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:839:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MaxRunTime = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:879:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrname[256]; /* Source address name */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:992:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char make_model[256]; /* Make and model */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1047:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char make_model[256]; /* Make and model */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1103:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary address string */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1183:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[255]; /* Interface name */
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[255], /* Scheme in URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrname[256]; /* Address name */
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Initial print buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:140:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((print_fd = open(argv[6], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:146:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:249:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(value) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:250:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contimeout = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:463:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Back-channel buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/test1284.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_id[1024], /* 1284 device ID string */
data/cups-2.3.3op1~106-ga72b0140e/backend/test1284.c:49:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[i], O_RDWR)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[255], /* Scheme in URI == backend */
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:172:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_WRONLY); /* Make sure fd 3 and 4 are used */
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:173:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_WRONLY);
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:200:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDONLY)) != 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:338:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Buffer for response data */
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:442:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_WRONLY)) != 2)
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2049]; /* Buffer for reponse */
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:656:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[80];
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:667:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, data, (size_t)datalen);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[1024]; /* Serial number buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:344:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print_buffer[8192], /* Print data buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1005:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2048]; /* Request/response data */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uristr[1024], makestr[1024], modelstr[1024], serialstr[1024];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optionsstr[1024], idstr[1024], make_modelstr[1024];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bundlestr[1024]; /* Bundle path */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[258] = {};
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2074:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *my_argv[32];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usbpath[1024]; /* Path to USB backend */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathbuf[PROC_PIDPATHINFO_MAXSIZE];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2268:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msgbuf[256] = "";
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2309:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gErrorBuffer[1024] = "";
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2315:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logstr[1024];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2323:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gErrorBufferPtr, (const void *)sockBuffer, len);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048]; /* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:189:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char print_buffer[8192], /* Print data buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:816:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_id[1024],/* IEEE-1284 device ID */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char make_model[1024]; /* Make and model */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[1024]; /* Device URI options */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1264:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempmfg[256], /* Temporary manufacturer string */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1600:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char requested_uri[1024], /* Requested URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1690:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char readbuffer[512];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2048]; /* Request/response data */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1911:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048]; /* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255], /* Device filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:219:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_RDWR | O_EXCL)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:226:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_RDWR | O_EXCL)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:233:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_RDWR | O_EXCL)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255], /* Device filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:263:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_EXCL)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255]; /* Device filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255], /* Device filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:349:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_RDWR | O_EXCL)) < 0 && errno == ENOENT)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:353:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_RDWR | O_EXCL)) < 0 && errno == ENOENT)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:357:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_RDWR | O_EXCL)) < 0 && errno == ENOENT)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:429:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[255], /* Device filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:445:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(device, O_WRONLY | O_EXCL)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:507:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(uri + 4, O_RDWR | O_EXCL);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:513:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(uri + 4, O_WRONLY | O_EXCL);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:541:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2048]; /* Request/response data */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[255], /* Method in URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb.c:222:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((print_fd = open(argv[6], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb.c:228:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpc.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Input line from user */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:69:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
interval = atoi(argv[i] + 1);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:193:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[1024]; /* Resource string */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rankstr[255]; /* Rank string */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namestr[1024]; /* Job name string */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:339:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const ranks[10] = /* Ranking strings */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:573:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:42:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *files[1000]; /* Files to print */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char email[1024]; /* EMail address */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:248:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_copies = atoi(opt + 1);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:260:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_copies = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lprm.c:167:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job_id = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:122:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(server_port ? server_port : "0");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:124:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[1024]; /* URL prefix */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:194:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoded[1024], /* Encoded URL string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:323:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Device or printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refresh[1024]; /* Refresh URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:622:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI], /* Device or printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char baudrate[255]; /* Baud rate string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:714:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char make[1024], /* Make string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:745:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char template[128], /* Template name */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:865:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxrate = atoi(var + 6);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:945:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:947:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1208:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refresh[1024]; /* Refresh URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_auth_type[255];
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1325:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!max_jobs || atoi(max_jobs) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1341:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!max_clients || atoi(max_clients) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1344:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!max_log_size || atoi(max_log_size) <= 0.0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1535:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024]; /* Temporary new cupsd.conf */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1637:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1787:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1872:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2077:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[1024], /* Form variables for this device */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2177:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings)) != NULL && atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2181:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings)) != NULL && atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2185:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings)) != NULL && atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2189:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings)) != NULL && atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2193:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings)) != NULL && atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2513:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[1024], /* Printer/class URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2543:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2600:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[1024], /* Printer/class URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2630:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2634:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024]; /* Temporary filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2637:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from PPD file */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3333:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refresh[1024]; /* Refresh URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3366:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3403:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ippAddBoolean(request, IPP_TAG_OPERATION, "printer-is-shared", (char)atoi(shared));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[1024], /* Printer/class URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3467:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[256]; /* Parameter name */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3714:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, "}", 2);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3756:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved[1024], /* Resolved URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/cgi.h:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024], /* Temporary file containing data */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[HTTP_MAX_URI]; /* New URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:140:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(server_port ? server_port : "0");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:142:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI], /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[1024], /* Printer/class URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[1024]; /* Form variable */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:353:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
first = atoi(var);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refresh[1024]; /* Refresh URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[2048], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:289:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
word->count = atoi(line + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:845:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:1141:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, text, (size_t)wordlen);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topic_data[1024]; /* Topic form data */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *attrs[1000]; /* Attributes */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255], /* Name of variable */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:76:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:224:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255]; /* Number buffer */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_dest[1024]; /* Current destination */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:291:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[255]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:312:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_uri[1024]; /* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024], /* Job/printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:529:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI], /* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:690:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI], /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:799:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:810:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char servername[1024];
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:935:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], /* Name of attribute */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:1077:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024], /* New URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:1363:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[1024], /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:1395:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((first = atoi(var)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:61:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job_id = atoi(job_id_var);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[1024]; /* Encoded URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/makedocset.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024], /* Path to documentation */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[HTTP_MAX_URI]; /* New URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:141:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(server_port ? server_port : "0");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:143:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI], /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[1024], /* Printer/class URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[1024]; /* Form variable */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:370:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
first = atoi(var);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:462:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char refresh[1024]; /* Refresh URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:198:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sptr, prefix, strlen(prefix) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:239:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sptr, ".*|.*", 6);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:242:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sptr, lword2, strlen(lword2) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:245:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sptr, ".*", 3);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:248:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sptr, lword, strlen(lword) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:277:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sptr, ".*", 3);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:51:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen(tmpl, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:115:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:120:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:123:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(filename, "r");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:162:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char templates[1024] = ""; /* Template directory */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255], /* Name of variable */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outval[1024], /* Formatted output string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:287:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((value = cgiGetArray(name + 1, atoi(nameptr) - 1)) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:328:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(name + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:378:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((value = cgiGetArray(name, atoi(nameptr) - 1)) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:481:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((innerval = cgiGetArray(innername, atoi(innerptr) - 1)) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/testtemplate.c:51:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(argv[i], "w");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255], /* Current variable name */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:107:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
element = atoi(s + 1) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[256]; /* Date string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:615:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128], /* Name string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:748:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[10240], /* MIME header line */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:885:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cgiSetArray(name, atoi(ptr) - 1, line);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:978:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (content_length == NULL || atoi(content_length) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1149:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cgiSetArray(name, atoi(s) - 1, value);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512], /* SID data */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1204:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum[16]; /* MD5 sum */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cupsdconf[1024]; /* cupsd.conf filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from cupsd.conf file */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:198:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024]; /* Message string */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cupsdconf[1024]; /* cupsd.conf filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024]; /* Temporary new cupsd.conf */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:427:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from cupsd.conf file */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:504:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
old_debug_logging = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:513:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
old_remote_admin = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:522:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
old_remote_any = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:531:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
old_share_printers = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:540:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
old_user_cancel_any = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:556:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug_logging = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:575:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote_any = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:594:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote_admin = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:614:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
share_printers = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:634:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
user_cancel_any = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:692:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((server_port = atoi(server_port_env)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:1352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[HTTP_MAX_HOST]; /* Hostname for connection */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:1376:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024]; /* Message string */
data/cups-2.3.3op1~106-ga72b0140e/cups/array.c:378:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(da->saved, a->saved, sizeof(a->saved));
data/cups-2.3.3op1~106-ga72b0140e/cups/array.c:414:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(da->elements, a->elements, (size_t)a->num_elements * sizeof(void *));
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[256], /* Scheme name */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:224:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_username[HTTP_MAX_VALUE];
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:270:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encode[256]; /* Base64 buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:283:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nonce[HTTP_MAX_VALUE]; /* nonce="xyz" string */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[1024], /* Prompt for user */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; /* Name buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:939:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trc[16], /* Try Root Certificate parameter */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:950:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_key[1024]; /* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:951:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:1082:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL && pid > 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:1100:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:1110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char certificate[33], /* Certificate string */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cupsd_hostname[HTTP_MAX_HOST];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gss_service_name[32];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved_uri[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char http_date[256]; /* Date+time buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ip_ptrs[2]; /* Pointer to packed address */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[1024]; /* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipp_unknown[255];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language[32]; /* Cached language */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwg_name[65], /* PWG media name for custom size */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snmp_community[255];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024]; /* cupsTempFd/File buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[65], /* User name */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char def_printer[256];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups.h:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media[128]; /* Media name to use */
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048]; /* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:171:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048]; /* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:285:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Filename buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:290:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_cups_debug_fd = open(buffer + 1, O_WRONLY | O_APPEND | O_CREAT, 0644);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:292:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_cups_debug_fd = open(buffer, O_WRONLY | O_TRUNC | O_CREAT, 0644);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:296:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_cups_debug_level = atoi(level);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tformat[100], /* Temporary format string for snprintf() */
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:559:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, va_arg(ap, char *), (size_t)width);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstr[1024], /* Localized size name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pair[256]; /* option.value pair */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048]; /* Option value */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:283:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_value = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:297:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_value = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2048]; /* Current attribute value as string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:687:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[1024]; /* Resource path */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:842:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IPP_MAX_NAME]; /* Attribute name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:890:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IPP_MAX_NAME]; /* Attribute name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:940:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IPP_MAX_NAME]; /* Attribute name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1922:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IPP_MAX_NAME + 1],
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1975:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_key[256]; /* Synthesized media-key value */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:2593:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:2635:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_value = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:2665:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_value = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char def_name[1024], /* Default printer name, if any */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char def_name[1024], /* Default printer name, if any */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:597:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:602:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portstr[16]; /* Port number string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1354:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* printer-uri value */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_default[41]; /* Default paper size */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optname[1024], /* Option name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1749:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Path to lpoptions */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2037:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* lpoptions file */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2087:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "w")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2740:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullName[kDNSServiceMaxDomainName],
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2942:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serviceName[256],/* Service name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2998:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], /* Key string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:3041:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, txt, (size_t)(txtnext - txt));
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:3226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempuri[1024]; /* Temporary URI buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:3418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Local lpoptions file */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:3547:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:4027:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:4082:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/dir.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[1024]; /* Directory filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/dir.c:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[1024]; /* Directory filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/dir.c:336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Full filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/dir.h:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[260]; /* File name */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024], /* Message string */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:390:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char trailer[8]; /* Trailer CRC and length */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1079:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[1024], /* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1108:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY | O_LARGEFILE | O_BINARY, 0);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1244:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[10]; /* gzip file header */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1435:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->ptr, fp->printf_buffer, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1618:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->ptr, s, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1685:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, fp->ptr,(size_t) count);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->ptr, buf, bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2399:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->cbuf, ptr, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2478:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char trailer[8]; /* Trailer bytes */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2489:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trailer, fp->stream.next_in, (size_t)tbytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2618:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, mode, 0666)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[65536], /* Buffer for address info */
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:98:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request.ifr_name, ifp->ifr_name, sizeof(ifp->ifr_name));
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:131:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp->ifa_addr, &(ifp->ifr_addr), sockaddr_len(&(ifp->ifr_addr)));
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:144:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp->ifa_netmask, &(request.ifr_netmask),
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:167:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp->ifa_broadaddr, &(request.ifr_broadaddr),
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:180:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp->ifa_dstaddr, &(request.ifr_dstaddr),
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Buffer for file */
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char if_modified_since[HTTP_MAX_VALUE];
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:244:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_WRONLY | O_EXCL | O_TRUNC)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Buffer for file */
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:542:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:186:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char installdir[1024] = "", /* Install directory */
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:143:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[CC_SHA512_DIGEST_LENGTH];
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:157:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, temp, CC_SHA224_DIGEST_LENGTH);
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:164:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[CC_SHA512_DIGEST_LENGTH];
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, temp, CC_SHA256_DIGEST_LENGTH);
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:186:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[64]; /* Temporary hash buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:240:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, temp, tempsize);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:833:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localStr[1024]; /* Local host name C string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:913:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256]; /* Temporary address string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:430:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current, src, sizeof(http_addrlist_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6[64], /* IPv6 address */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:635:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->addr.ipv6), current->ai_addr,
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:638:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->addr.ipv4), current->ai_addr,
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:690:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
portnum = atoi(service);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:763:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->addr.ipv6.sin6_addr), host->h_addr_list[i],
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:771:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->addr.ipv4.sin_addr), host->h_addr_list[i],
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:817:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
portnum = atoi(service);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[256]; /* Most recent error message */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[HTTP_MAX_HOST],
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HTTP_MAX_BUFFER];
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:233:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _md5_state[88]; /* MD5 state (deprecated) */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nonce[HTTP_MAX_VALUE];
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _authstring[HTTP_MAX_VALUE],
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuffer[HTTP_MAX_BUFFER];
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gsshost[256]; /* Hostname for Kerberos */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:292:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char algorithm[65], /* Algorithm from WWW-Authenticate */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fields[HTTP_FIELD_MAX],
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:55:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const http_days[7] =/* Days of the week */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const http_months[12] =
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[1024]; /* Formatted resource string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:501:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024]; /* Source string for MD5 */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:502:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16]; /* MD5 digest/sum */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:822:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mon[16]; /* Abbreviated month name */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1320:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kd[65], /* Final MD5/SHA-256 digest */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1328:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32]; /* Hash buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cnonce[65]; /* cnonce value */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1730:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI components... */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[257], /* Remote path */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[256]; /* UUID value */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2318:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2372:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((char *)value)[0] == '/')
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2378:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resource, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2388:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resource + 1, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[257], /* Remote path */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2515:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IF_NAMESIZE];
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2542:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[256]; /* UUID value */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2546:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2622:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resource, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2632:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resource + 1, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:225:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(credential->data, data, datalen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:606:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Junk buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:809:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[HTTP_MAX_VALUE], /* Copy of Accepts-Encoding value */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1342:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[HTTP_MAX_VALUE], /* Temporary buffer for name */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1601:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len[32]; /* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1754:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(http->sbuffer + ((z_stream *)http->stream)->avail_in, http->buffer, buflen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1810:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, http->buffer, length);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1863:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536]; /* Buffer for formatted string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2038:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len[32]; /* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2065:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len[32]; /* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2098:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len[32]; /* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096], /* HTTP request line */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256]; /* Temporary address string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2652:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len[32]; /* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2743:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[32768], /* Line from connection... */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2879:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
http->expect = (http_status_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3240:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(http->wbuffer + http->wused, buffer, length);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3556:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary value string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3637:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char combined[HTTP_MAX_VALUE];
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3936:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[255]; /* Service name */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255], /* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4042:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, " ", 3);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4047:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, " ", 3);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4207:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, http->buffer, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len[32]; /* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4298:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; /* Encoded URI buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4818:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[16]; /* Chunk header */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:422:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[256]; /* Padding to ensure binary compatibility */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:487:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *httpMD5(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:487:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *httpMD5(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:487:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *httpMD5(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:487:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *httpMD5(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:488:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *httpMD5Final(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:488:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *httpMD5Final(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:488:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *httpMD5Final(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:488:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *httpMD5Final(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:489:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *httpMD5String(const unsigned char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsHashString instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:489:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *httpMD5String(const unsigned char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsHashString instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[1024]; /* Token string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:76:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128], /* Variable name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:102:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syntax[128], /* Attribute syntax (value tag) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[1024]; /* Token string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:457:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syntax[128], /* Attribute syntax (value tag) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:555:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2049], /* Value string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:834:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Formatted string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* New printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved[1024]; /* Resolved mDNS URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:349:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->values[0].date, value, 11);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:537:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->values[0].unknown.data, data, (size_t)datalen);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:884:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[IPP_MAX_LANGUAGE];
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1059:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[IPP_MAX_TEXT + 4];
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[32]; /* Language/charset value buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1523:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstattr->values, srcattr->values, (size_t)srcattr->num_values * sizeof(_ipp_value_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1544:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstattr->values, srcattr->values, (size_t)srcattr->num_values * sizeof(_ipp_value_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1568:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstattr->values, srcattr->values, (size_t)srcattr->num_values * sizeof(_ipp_value_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1613:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstval->unknown.data, srcval->unknown.data, (size_t)dstval->unknown.length);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1935:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parent[1024], /* Parent attribute name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:3476:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(string, bufptr + 2, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:3974:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, data, (size_t)datalen);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[IPP_MAX_TEXT + 4];
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[32]; /* Language code */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4718:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[64], /* Scheme from URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5131:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256]; /* Temporary error string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5176:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256]; /* Temporary error string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5447:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, attr->name, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5482:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, attr->name, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5691:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, value->string.text, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5737:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, value->date, 11);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5932:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, value->string.language, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5948:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, value->string.text, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6091:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, value->unknown.data, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6686:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048]; /* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048], /* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[2048], /* Temporary format buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048], /* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[8192]; /* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Command-line argument buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_lc_time[255], /* New LC_TIME value */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char locale[255]; /* Copy of locale name */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:452:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char langname[16], /* Requested language name */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:919:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4096], /* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1080:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->str + length, ptr, ptrlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1092:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->msg + length, ptr, ptrlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1188:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Path to cups.strings file */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1686:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Filename for language locale file */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1772:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192], /* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.h:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language[16]; /* Language/locale name */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5-internal.h:56:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64]; /* accumulate block */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5-internal.h:70:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void _cupsMD5Finish(_cups_md5_state_t *pms, unsigned char digest[16]) _CUPS_INTERNAL;
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:151:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf, data, 64);
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:302:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf + offset, p, (size_t)copy);
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:316:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf, p, (size_t)left);
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:320:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
_cupsMD5Finish(_cups_md5_state_t *pms, unsigned char digest[16])
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:322:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pad[64] = {
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:328:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[8];
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5[33]) /* O - MD5 string */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:31:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum[16]; /* Sum data */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256]; /* Line to sum */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:62:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5[33]) /* IO - MD5 sum */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:64:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum[16]; /* Sum data */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line of data */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a2[33]; /* Hash of method and resource */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:98:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5[33])
data/cups-2.3.3op1~106-ga72b0140e/cups/notify.c:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Subject buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/options.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strvalue[32]; /* String value */
data/cups-2.3.3op1~106-ga72b0140e/cups/options.c:552:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], /* Key string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:110:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64]; /* Hash of password */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:168:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ippAddInteger(request, IPP_TAG_JOB, value_tag, mandatory, atoi(keyword));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:178:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lower = upper = atoi(keyword);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:280:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ippAddInteger(request, IPP_TAG_JOB, IPP_TAG_ENUM, "print-quality", atoi(keyword));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:385:81: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ippAddInteger(request, IPP_TAG_JOB, IPP_TAG_INTEGER, "job-pages-per-set", atoi(keyword) / finishings_copies);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:401:76: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ippAddInteger(request, IPP_TAG_JOB, IPP_TAG_INTEGER, "job-pages-per-set", atoi(keyword) / finishings_copies);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[2048], /* Current line */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:489:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(line + 16) != _PPD_CACHE_VERSION)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:615:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((num_bins = atoi(value)) <= 0 || num_bins > 65536)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:663:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((num_sizes = atoi(value)) < 0 || num_sizes > 65536)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:753:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((num_sources = atoi(value)) <= 0 || num_sources > 65536)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:802:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((num_types = atoi(value)) <= 0 || num_types > 65536)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:900:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pc->max_copies = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:999:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwg_keyword[3 + PPD_MAX_NAME + 1 + 12 + 1 + 12 + 3],
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:1026:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_id[256]; /* Message identifier */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:1743:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
finishings->value = (ipp_finishings_t)atoi(ppd_attr->spec);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:1882:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pc->max_copies = atoi(ppd_attr->value);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:2797:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newfile[1024]; /* New filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3027:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char make[256], /* Make and model */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3049:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgid[256]; /* Message identifier (attr.value) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringsfile[1024]; /* Temporary strings file */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[33]; /* Password pattern */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3532:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tleft[256], /* Left string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3587:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmax[256], tmin[256]; /* Min/max values */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3945:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tray[IPP_MAX_OCTETSTRING];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3975:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tray, tray_ptr, (size_t)tray_len);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:4454:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lowdpi = atoi(rs + 2);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:4456:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hidpi = atoi(rs + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:4609:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char member_value[256]; /* Member attribute value */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:4909:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, sizeptr + 1, (size_t)(dimptr - sizeptr - 1));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:4927:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URL scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:5054:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newsize, size, sizeof(cups_size_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-conflicts.c:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resoption[PPD_MAX_NAME],
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-conflicts.c:708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[PPD_MAX_NAME], /* Option name/MainKeyword */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-conflicts.c:960:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstpage[255]; /* AP_FIRSTPAGE_Keyword string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:130:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asection[17], /* Section name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:366:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[65], /* Local title string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:901:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(attr->value) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:913:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(attr->value) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1072:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, choices[i]->code, (size_t)j);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckeyword[PPD_MAX_NAME], /* Custom keyword */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ll_CC[6]; /* Language + country locale */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ll_CC[6], /* Language + country locale */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:275:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgid[1024], /* State message identifier */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:441:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ll_CC[6]; /* Language + country locale */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:598:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lkeyword[PPD_MAX_NAME]; /* Localization keyword */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c:174:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pwg_pq = (_pwg_print_quality_t)(atoi(print_quality) - IPP_QUALITY_DRAFT);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c:345:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pq = atoi(print_quality); /* print-quaity value */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c:623:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[PPD_MAX_NAME * 2 + 1], /* Current option/property */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c:885:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cparam->current.custom_int = atoi(choice + 7);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c:965:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cparam->current.custom_int = atoi(val->value);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-page.c:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spec[PPD_MAX_NAME]; /* Selector for min/max */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-private.h:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppd_filename[HTTP_MAX_URI];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-private.h:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolver[PPD_MAX_NAME]; /* Resolver name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char http_hostname[HTTP_MAX_HOST];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localhost[HTTP_MAX_URI],/* Local hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024] = ""; /* Temporary filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppdname[1024]; /* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:229:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmppath[1024]; /* Temporary directory */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:390:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(buffer, O_CREAT | O_TRUNC | O_WRONLY, 0600);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:555:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI], /* printer-uri attribute */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[PPD_MAX_NAME],
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char custom_name[PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ll[7], /* Base language + '.' */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:819:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppd->language_level = atoi(string);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:884:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppd->model_number = atoi(string);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:944:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppd->throughput = atoi(string);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:972:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctype[33], /* Data type */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1026:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cparam->minimum.custom_int = atoi(cminimum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1027:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cparam->maximum.custom_int = atoi(cmaximum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1038:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cparam->minimum.custom_passcode = atoi(cminimum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1039:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cparam->maximum.custom_passcode = atoi(cmaximum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1044:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cparam->minimum.custom_password = atoi(cminimum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1045:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cparam->maximum.custom_password = atoi(cmaximum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1062:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cparam->minimum.custom_string = atoi(cminimum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1063:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cparam->maximum.custom_string = atoi(cmaximum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1251:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ppd->patches + strlen(ppd->patches), string, strlen(string) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1508:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tchoice[PPD_MAX_NAME]; /* Temporary choice name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1543:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tchoice[PPD_MAX_NAME]; /* Temporary choice name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1932:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[PPD_MAX_NAME]; /* Rewrite with a leading underscore */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1961:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[PPD_MAX_NAME]; /* Rewrite with a leading underscore */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1997:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[PPD_MAX_NAME]; /* Rewrite with a leading underscore */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:3419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcsuper[16], /* Source MIME media type */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PPD_MAX_NAME]; /* Name of attribute (cupsXYZ) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spec[PPD_MAX_NAME]; /* Specifier string, if any */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[PPD_MAX_TEXT]; /* Human-readable text, if any */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char choice[PPD_MAX_NAME]; /* Computer-readable option name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[PPD_MAX_TEXT]; /* Human-readable option name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[PPD_MAX_NAME]; /* Option keyword name ("PageSize", etc.) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defchoice[PPD_MAX_NAME];/* Default option choice */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[PPD_MAX_TEXT]; /* Human-readable text */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[PPD_MAX_TEXT - PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PPD_MAX_NAME]; /* Group name @since CUPS 1.1.18/macOS 10.3@ */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option1[PPD_MAX_NAME]; /* First keyword */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char choice1[PPD_MAX_NAME]; /* First option/choice (blank for all) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:192:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option2[PPD_MAX_NAME]; /* Second keyword */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char choice2[PPD_MAX_NAME]; /* Second option/choice (blank for all) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:199:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PPD_MAX_NAME]; /* Media size option */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PPD_MAX_NAME]; /* Emulator name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolution[PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_type[PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PPD_MAX_NAME]; /* Parameter name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[PPD_MAX_TEXT]; /* Human-readable text */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[PPD_MAX_NAME]; /* Name of option that is being extended... */
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usize[12 + 1 + 12 + 3], /* Unit size: NNNNNNNNNNNNxNNNNNNNNNNNNuu */
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:367:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uptr, units, 3);
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:762:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wstr[32], lstr[32]; /* Width and length as strings */
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:872:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wstr[32], lstr[32]; /* Width and length strings */
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:939:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wstr[32], lstr[32]; /* Width and length as strings */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-error.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2048]; /* Message string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-error.c:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->current, s, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64]; /* Name value */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char other[64]; /* Other operator */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64]; /* Sring value */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:955:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, obj, sizeof(_cups_ps_obj_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1008:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, st->objs + n, (size_t)s * sizeof(_cups_ps_obj_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1010:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(st->objs + n + c - s, temp, (size_t)s * sizeof(_cups_ps_obj_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1021:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, st->objs + n + c - s, (size_t)s * sizeof(_cups_ps_obj_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1023:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(st->objs + n, temp, (size_t)s * sizeof(_cups_ps_obj_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1292:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
obj.value.number = strtol(cur + 1, &cur, atoi(start));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1564:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((i = atoi(name + 11)) < 0 || i > 15)
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1571:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((i = atoi(name + 8)) < 0 || i > 15)
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1578:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((i = atoi(name + 10)) < 0 || i > 15)
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:511:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[8]; /* File header */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:654:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char appleheader[32]; /* Raw header */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:927:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, temp - r->bpp, r->bpp);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:969:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, ptr, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:980:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, r->pcurrent, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:1107:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char appleheader[32];/* Raw page header */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:1323:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->pcurrent, p, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:1541:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, r->bufptr, (size_t)count);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:1725:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
cf = (_cups_copyfunc_t)memcpy;
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:178:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h, &(r->header), sizeof(cups_page_header_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:209:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h, &(r->header), sizeof(cups_page_header2_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:254:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(r->header), h, sizeof(cups_page_header_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(r->header), h, sizeof(cups_page_header2_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaClass[64]; /* MediaClass string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaColor[64]; /* MediaColor string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[64]; /* MediaType string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutputType[64]; /* OutputType string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaClass[64]; /* MediaClass string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaColor[64]; /* MediaColor string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MediaType[64]; /* MediaType string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutputType[64]; /* OutputType string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cupsString[16][64]; /* User-defined string values @since CUPS 1.2/macOS 10.5@ */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:349:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cupsMarkerType[64]; /* Ink/toner type @since CUPS 1.2/macOS 10.5@ */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:350:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cupsRenderingIntent[64];/* Color rendering intent @since CUPS 1.2/macOS 10.5@ */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cupsPageSizeName[64]; /* PageSize name @since CUPS 1.2/macOS 10.5@ */
data/cups-2.3.3op1~106-ga72b0140e/cups/rasterbench.c:173:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[8 * TEST_WIDTH];
data/cups-2.3.3op1~106-ga72b0140e/cups/rasterbench.c:256:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[32][8 * TEST_WIDTH];
data/cups-2.3.3op1~106-ga72b0140e/cups/request.c:53:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = open(filename, O_RDONLY | O_BINARY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/request.c:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32768]; /* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/request.c:589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[256]; /* Date: header value */
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:259:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, buffer + 4, (size_t)templen);
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:359:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, real_data + real_oidlen, (size_t)real_datalen);
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_oid[2048]; /* Last OID */
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:602:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + 4, data, (size_t)datalen);
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp-private.h:60:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[CUPS_SNMP_MAX_STRING];
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp-private.h:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char community[CUPS_SNMP_MAX_COMMUNITY];
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:347:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[CUPS_SNMP_MAX_PACKET];
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:439:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(packet->address), &address, sizeof(packet->address));
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:649:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[CUPS_SNMP_MAX_PACKET];
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[CUPS_SNMP_MAX_STRING];
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:1167:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, packet->community, commlen);
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:1207:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, packet->object_value.string.bytes, valuelen);
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:1407:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(string, *buffer, length);
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:1417:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(string, *buffer, strsize - 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tformat[100], /* Temporary format string for sprintf() */
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, temp, templen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:219:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, temp, templen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:243:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, temp, templen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:261:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, va_arg(ap, char *), (size_t)width);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:287:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, s, (size_t)slen);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:293:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr + width - slen, s, (size_t)slen);
data/cups-2.3.3op1~106-ga72b0140e/cups/string-private.h:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1]; /* String */
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->str, s, slen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:398:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], /* Temporary buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:610:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return (memcpy(t, s, slen + 1));
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmppath[1024]; /* Temporary directory */
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:133:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY,
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:136:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600);
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:138:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[256]; /* Word from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *saved[32]; /* Saved entries */
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:523:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[256]; /* Word from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:526:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printer_state_reasons[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_state_reasons[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:130:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((num_clients = atoi(argv[i])) < 1)
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:433:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xdpi = ydpi = atoi(val + 2);
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:588:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lineptr, color, 3);
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:631:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printer_state_reasons[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:634:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_state_reasons[1024];/* Printer state reasons */
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:765:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024] = ""; /* Temporary file (if any) */
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:972:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Value */
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:1008:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Attribute value buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testconflicts.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], /* Input buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testcreds.c:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Scheme from URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/testcreds.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hinfo[1024], /* String for connection credentials */
data/cups-2.3.3op1~106-ga72b0140e/cups/testcups.c:171:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/testcups.c:190:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16384]; /* Read/write buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testcups.c:207:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
interval = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c:414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32768]; /* File buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c:519:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1024]; /* Value of default attribute */
data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c:549:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[32]; /* Units */
data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c:671:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstr[256];
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Filename buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192]; /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512]; /* Data buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:450:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char readbuf[8192], /* Read buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:676:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (_cups_strcasecmp(line, "TestLine") || !value || atoi(value) != i ||
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Input buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encode[256], /* Base64-encoded string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Scheme from URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:398:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numeric[1024]; /* Numeric IP address */
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:567:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved[1024]; /* Resolved URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:639:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(argv[i], "wb");
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:664:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* File line source string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char legsrc[1024], /* Legacy source string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:152:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[1], "rb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:194:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("utf8demo.txt", "rb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:543:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(utf32src, utf32dest, (len + 1) * sizeof(cups_utf32_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:948:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048]; /* Value string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:993:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data->wbuffer + data->rpos, count);
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:1014:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hex[256] = ""; /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:1093:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->wbuffer + data->wused, buffer, count);
data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char locale_str[256], /* Locale ID C string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char country_str[256]; /* Country code C string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1082:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1173:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realfile[1024]; /* Real file path */
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1211:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lang[255], /* LANG environment variable */
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024]; /* malloc_history command */
data/cups-2.3.3op1~106-ga72b0140e/cups/testpwg.c:93:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[2], O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/testraster.c:74:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/testraster.c:133:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[2048]; /* Raster data */
data/cups-2.3.3op1~106-ga72b0140e/cups/testraster.c:148:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("test.raster", "wb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testraster.c:286:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("test.raster", "rb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testsnmp.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary OID string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testsnmp.c:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary OID string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testthreads.c:188:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstr[256];
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024], /* Command */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:364:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Keychain filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:535:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cert_name[256]; /* Certificate's common name (C string) */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:626:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char credentials_str[1024], /* String for incoming credentials */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:812:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commonName[256],/* Common name associated with cert */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:816:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_digest[16]; /* MD5 result */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:924:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Filename for keychain */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1042:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Filename for keychain */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256], /* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[1024]; /* Error message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1677:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)credential->data, CFDataGetBytePtr(data),
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], /* Temporary directory name */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:71:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[8192]; /* Buffer for x509 data */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:73:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char serial[4]; /* Serial number buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localname[256]; /* hostname.local */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Default path buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:403:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cserial[1024], /* Certificate serial number */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:485:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char credentials_str[1024], /* String for incoming credentials */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], /* Common name associated with cert */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:673:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_digest[16]; /* MD5 result */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:716:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* filename.crt */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:847:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* filename.crt */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:987:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* site.crl */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256], /* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char priority_string[2048];
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crtfile[1024], /* Certificate file */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1422:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cacrtfile[1024], cakeyfile[1024]; /* CA cert files */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1469:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cacrtfile[1024], cakeyfile[1024]; /* CA cert files */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cert_name[1024]; /* Name from certificate */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cert_name[256]; /* Common name */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:350:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_digest[16]; /* MD5 result */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:424:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[1024]; /* Error message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:550:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[1024]; /* Error message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:723:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sspi->readBuffer, bytesToCopy);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:845:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pDataBuffer->pvBuffer, bytesToCopy);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:869:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((BYTE *)sspi->readBuffer) + sspi->readBufferUsed, ((BYTE *)pDataBuffer->pvBuffer) + bytesToCopy, bytesToSave);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:927:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256], /* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:1160:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sspi->writeBuffer + sspi->streamSizes.cbHeader, bufptr, chunk);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:1224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256], /* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:1227:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR username[256]; /* Username returned from GetUserName() */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:1228:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR commonName[256];/* Common name for certificate */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2069:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char common_name[512]; /* Common name for cert */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2233:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sspi->decryptBuffer, (LPBYTE)(sspi->decryptBuffer + sspi->decryptBufferUsed - inBuffers[1].cbBuffer), inBuffers[1].cbBuffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2254:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sspi->decryptBuffer, (LPBYTE)(sspi->decryptBuffer + sspi->decryptBufferUsed - inBuffers[1].cbBuffer), inBuffers[1].cbBuffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2342:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[1024]; /* Error message string */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2356:23: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
count = MultiByteToWideChar(CP_ACP, 0, common_name, -1, NULL, 0);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2361:8: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
if (!MultiByteToWideChar(CP_ACP, 0, common_name, -1, commonNameUnicode, count))
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char creds_str[2048]; /* Credentials string */
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024], /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1024]; /* Attribute (string) value */
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:148:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(argv[i] + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:150:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unknownCipherName[256];
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toset[1024]; /* Destination character set */
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toset[1024]; /* Destination character set */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[65], /* User name */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gss_service_name[32];
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:420:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cg->ipp_port = atoi(port);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:515:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[256]; /* macOS/iOS version */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:817:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tty = open("/dev/tty", O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:974:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sval[1024]; /* String value */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1407:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((cg->ipp_port = atoi(ipp_port)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1496:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256], /* Copy of value */
data/cups-2.3.3op1~106-ga72b0140e/cups/util.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Job/printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/util.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[1024]; /* Printer resource */
data/cups-2.3.3op1~106-ga72b0140e/cups/util.c:438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* URI for jobs */
data/cups-2.3.3op1~106-ga72b0140e/cups/util.c:787:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/util.c:911:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[1024], /* Resource for destinatio */
data/cups-2.3.3op1~106-ga72b0140e/examples/ppdx.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[PPD_MAX_NAME], /* Keyword name */
data/cups-2.3.3op1~106-ga72b0140e/examples/ppdx.c:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PPDX_MAX_CHUNK], /* Chunk buffer */
data/cups-2.3.3op1~106-ga72b0140e/examples/testppdx.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contents[8193], /* Contents of file */
data/cups-2.3.3op1~106-ga72b0140e/examples/testppdx.c:49:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("testppdx.c", "r");
data/cups-2.3.3op1~106-ga72b0140e/examples/testppdx.c:82:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("testppdx.dat", "wb")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/commandtops.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/filter/commandtops.c:130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024], /* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/common.c:99:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Orientation = atoi(val) - 3;
data/cups-2.3.3op1~106-ga72b0140e/filter/gziptoany.c:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Data buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/gziptoany.c:49:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024]; /* Temporary filename */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192]; /* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:518:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Data buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:613:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (Duplex && (pages = atoi(line + 8)) > 0 && pages <= doc->number_up)
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:693:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int orient = (atoi(line + 14) / 90) & 3;
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:1047:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:1230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[256], /* Page label string */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:1632:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytes = atoi(strchr(line, ':') + 1);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2015:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255], /* Option name */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2311:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
doc->job_id = atoi(argv[1]);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2314:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
doc->copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2435:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (intval = atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2563:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_copies = atoi(attr->value);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2697:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bytes = atoi(strchr(line, ':') + 1);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c:48:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *Planes[6], /* Output buffers */
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c:540:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comp_ptr, start, (size_t)count);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c:1010:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[6], O_RDONLY)) == -1)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertohp.c:28:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *Planes[4], /* Output buffers */
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertohp.c:529:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comp_ptr, start, count);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertohp.c:679:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[6], O_RDONLY)) == -1)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:514:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(choice->choice);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:673:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(choice->choice);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:869:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(LastBuffer, Buffer, header->cupsBytesPerLine);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:1016:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comp_ptr, start, count);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:1031:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(LastBuffer, line, length);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:1132:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[6], O_RDONLY)) == -1)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertopwg.c:66:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[6], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertopwg.c:241:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned quality = (unsigned)atoi(val); /* print-quality value */
data/cups-2.3.3op1~106-ga72b0140e/locale/checkpo.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idbuf[80], /* Abbreviated msgid */
data/cups-2.3.3op1~106-ga72b0140e/locale/checkpo.c:336:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, "...", 4);
data/cups-2.3.3op1~106-ga72b0140e/locale/checkpo.c:352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255], /* Format string buffer */
data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4096], /* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c:233:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgstr + length, ptr, ptrlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c:245:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgid + length, ptr, ptrlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/locale/strings2po.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconv[1024], /* iconv command */
data/cups-2.3.3op1~106-ga72b0140e/locale/strings2po.c:76:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((po = fopen(argv[2], "w")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:82:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = fopen(argv[1], "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:93:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfile = fopen(argv[2], "w")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:942:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], /* Name */
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:1171:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line/buffer from stream/file */
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:60:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:61:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[6], "rb");
data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line/buffer from stream/file */
data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c:59:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c:60:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[6], "rb");
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:149:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lock_filename[1024]; /* Lock filename */
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:628:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*fd = open(lockfile, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailtoCc[1024]; /* Cc email address */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:25:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailtoFrom[1024]; /* From email address */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailtoReplyTo[1024]; /* Reply-To email address */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailtoSubject[1024]; /* Subject prefix */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailtoSMTPServer[1024]; /* SMTP server to use */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:29:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailtoSendmail[1024]; /* Sendmail program to use */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[1024]; /* SMTP response buffer */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[1024]; /* Local hostname */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:237:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spec[1024]; /* Host:service spec */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:253:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:261:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:268:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:275:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:282:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:355:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:368:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:392:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[100], /* Argument array */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:608:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Value buffer */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI scheme ("rss") */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Local filename */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char baseurl[1024]; /* Base URL */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:127:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_events = atoi(options + 11);
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:212:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
NULL, server_name, atoi(server_port), "/rss%s", resource);
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:449:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:538:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sequence_number = atoi(start + 6);
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:605:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[1024]; /* Current date */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:609:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "w")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/testnotify.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Value buffer */
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-array.cxx:36:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, a->data, (size_t)count * sizeof(ppdcShared *));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-array.cxx:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, data, (size_t)count * sizeof(ppdcShared *));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pofile[1024]; // Message catalog file
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char applelang[256]; // Apple language ID
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:131:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char baseloc[3]; // Base locale...
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024]; // Text to translate
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096], // Line buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:667:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[1024], // Message id
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:744:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[3]; // Bytes
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:930:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4]; // Output buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:379:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[42], // Query attribute
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:661:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char density[255], gamma[255], profile[9][255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:860:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char left[255], right[255], bottom[255], top[255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:889:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char width[255], length[255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:947:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char width0[255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:961:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char length0[255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:1035:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char order[255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], // Comment line
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoding[256], // Encoding string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], // Temporary path
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // Name string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256]; // String buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:376:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // Option name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolution[1024], // Resolution/media type
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:630:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], // One string to rule them all
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:707:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256]; // Duplex keyword
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:870:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[1024], // MIME type
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:948:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256], // String buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:982:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], // Font name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1090:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // UI name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // Name for installable option
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1449:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; // String buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], // Number buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // UI name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1619:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char locale[32], // Locale name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolution[1024], // Resolution/media type
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1894:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1938:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], // Name string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], // Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tformat[100]; // Temporary format string for fprintf()
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2248:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tformat, bufformat, (size_t)(format - bufformat));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2265:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tformat, bufformat, (size_t)(format - bufformat));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2283:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tformat, bufformat, (size_t)(format - bufformat));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2385:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256], // Token from file...
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2559:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basedir[1024], // Base directory
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2739:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copytemp[8192], // Copyright string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3056:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; // Model name string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3087:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[41]; // Media size name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3179:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; // Model name string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3225:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; // Filename string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3242:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; // PC filename string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3345:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; // Model name string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3426:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bckname[1024]; // Backup file
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-string.cxx:31:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, v, vlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], // Copy of language list
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdmerge.cxx:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bckname[1024]; // Backup filename
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdmerge.cxx:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; // Line from file
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdmerge.cxx:294:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char locale[255]; // Locale string
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[HTTP_MAX_VALUE], /* Username string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[32], /* Interface name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authdata[HTTP_MAX_VALUE];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:862:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[256]; /* Auth scheme... */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1377:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1968:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, mask, sizeof(cupsd_authmask_t));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/banners.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Name of banner */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Certificate filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c:75:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, 0400)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c:268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Certificate file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c:309:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Certificate file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.h:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char certificate[33]; /* 32 hex characters, or 128 bits */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.h:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[33]; /* Authenticated username */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* Class URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:347:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (value && (i = atoi(value)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:476:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->state_time = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:581:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->quota_period = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:589:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->page_limit = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:597:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->k_limit = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* classes.conf filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; /* Hostname of client */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peername[256]; /* Name of process */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:550:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[32768], /* Line from client... */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:557:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; /* Buffer for real filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:694:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Method/scheme */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1384:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
con->file = open(con->filename, O_WRONLY | O_CREAT | O_TRUNC, 0640);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1662:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
con->file = open(con->filename, O_WRONLY | O_CREAT | O_TRUNC, 0640);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1862:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(con->filename, O_RDONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1916:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char location[HTTP_MAX_VALUE]; /* Location field */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1970:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[4096], /* Message for user */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2069:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_str[1024]; /* Authorization string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2418:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
con->pipe_status = (http_status_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2694:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char language[7], /* Language subdirectory, if any */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3001:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Configuration filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3004:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16384]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argbuf[10240], /* Argument buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_type[256], /* AUTH_TYPE environment variable */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3575:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
con->clientport = atoi(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3731:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
con->file = open(filename, O_RDONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.h:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[HTTP_MAX_VALUE],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.h:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[2048]; /* Header from CGI program */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.h:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientname[256];/* Client's server name for connection */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.h:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char servername[256];/* Server name for connection */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:127:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void colord_get_qualifier_format(ppd_file_t *ppd, char *format[3]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppdfile[1024], /* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char q_keyword[PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_id[1024]; /* Device ID as understood by colord */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:906:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_str[1024]; /* Qualifier format as a string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1021:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_str[1024]; /* Qualifier format as a string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1317:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *format[3]) /* I - Format tuple */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1370:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppdfile[1024], /* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1376:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *format[3]; /* Qualifier format tuple */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1495:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_id[1024]; /* Device ID as understood by colord */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->name, name, namelen + 1); /* OK since a->name is allocated */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[1024]; /* File name with prefix */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:412:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; /* Service name buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:535:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], /* Temporary buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1526:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1716:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024], /* Hostname + port number buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1972:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(maskval);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1024], /* Value string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1024], /* Value string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2607:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1024], /* Value string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2678:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2875:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(value) != 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2938:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[HTTP_MAX_BUFFER],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2982:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
JobRetryInterval = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2989:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
JobRetryLimit = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3149:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[HTTP_MAX_BUFFER], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3499:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Group = (gid_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3524:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
LogFileGroup = (gid_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3685:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int uid = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3698:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
User = (uid_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3763:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[HTTP_MAX_BUFFER],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3883:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[HTTP_MAX_BUFFER],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.h:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1]; /* Alias name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.h:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
VAR char *SystemGroups[MAX_SYSTEM_GROUPS]
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_class[128], /* Device class */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Backend directory filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:145:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
request_id = atoi(argv[1]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:153:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
device_limit = atoi(argv[2]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:161:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[3]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:169:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
normal_user = (uid_t)atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:472:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[2048], /* Line from backend */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:736:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char program[1024]; /* Full path to backend */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:738:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2]; /* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512], /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:94:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char all[TAR_BLOCK]; /* Raw data block */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[100], /* Destination path */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:209:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cat_ppd(argv[3], atoi(argv[2]));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:211:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
list_ppds(atoi(argv[2]), atoi(argv[3]), argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:211:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
list_ppds(atoi(argv[2]), atoi(argv[3]), argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[2048], // status-message
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[256], /* Scheme from PPD name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4]; /* Arguments for program */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:557:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:597:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Archive filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:770:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* ppds.dat filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1002:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* ppds.dat filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[1024]; /* New filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1200:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
model_number = atoi(model_number_str);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024], // Driver URI
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drivers[1024]; /* Location of driver programs */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1713:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3], /* Arguments for command */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1948:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Name of PPD or directory */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2393:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dinfoptr, &dinfo, sizeof(struct stat));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2653:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curname[256], /* Current archive file name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2760:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[2048], /* Regular expression string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2864:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[2048], /* Regular expression string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:74:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gid = (gid_t)atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:82:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
niceval = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:90:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid = (uid_t)atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], /* Command string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256], /* Name of client */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from lpoptions file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:424:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:720:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:779:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Temporary filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:782:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], /* Line from file/stdin */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:788:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[1024], /* Control filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:791:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[1024], /* User name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:891:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(control, O_WRONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1022:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(control, "rb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1248:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
while ((id = atoi(list)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1324:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rankstr[255]; /* Rank string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namestr[1024]; /* Job name string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[256]; /* Printer/class queue */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1328:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const ranks[10] = /* Ranking strings */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1403:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(list);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char TempFile[1024] = "";
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mimedir[1024]; /* MIME directory */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cupsfilesconf[1024]; /* cups-files.conf file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:533:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super[MIME_MAX_SUPER], /* Super-type for filter */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:605:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Full path to program */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:813:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char processPath[1024], /* CFProcessPath environment variable */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:856:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infd = open("/dev/null", O_RDONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:868:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfd = open("/dev/null", O_WRONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:877:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDWR)) > 3)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:884:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDWR)) > 4)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:923:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[8], /* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1136:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filterfds[1 - current][1] = open(outfile, O_CREAT | O_TRUNC | O_WRONLY,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1146:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pid = exec_filter(program, (char **)argv, (char **)envp,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1146:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pid = exec_filter(program, (char **)argv, (char **)envp,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* job-uri */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1370:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valueStr[1024], /* Domain string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char admin_hostname[256], /* Hostname for admin page */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1000:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256], /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; /* Service name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1385:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char webif[1024]; /* Web interface share name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameBuffer[1024]; /* C-string buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[1024]; /* Printer/class resource path */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1670:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1739:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newfile[1024]; /* New cups-lpd.N file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1742:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1789:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[5], /* Arguments for command */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1826:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newfile[1024]; /* New smb.conf.N file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1829:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *common_env[MAX_ENV]; /* Common env vars */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[4096]; /* Formatting string value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newfile[1024], /* filename.N */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newfile[1024]; /* filename.N */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:224:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldfile[1024]; /* filename.O */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:317:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512]; /* Data buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:334:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_WRONLY | O_EXCL)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:152:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1024]; /* Attribute value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:821:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:1211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_uri[HTTP_MAX_URI]; /* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:1352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE + 2];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:1526:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
priority = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:1999:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notifier[1024], /* Notifier filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub->user_data, user_data->values[0].unknown.data,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[64]; /* job-uuid string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line from file... */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcfile[1024], /* Source Script/PPD file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_device_uri[1024];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2740:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache_name[1024]; /* Cache filename for printer attrs */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2951:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3012:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Scheme portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Scheme portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3474:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3661:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[33], /* Username */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3902:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_uri[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4099:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attrname[255], /* Name of attribute */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4381:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024]; /* Temporary PPD file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4], /* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[PPD_MAX_NAME], /* Option name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4452:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cups_protocol[PPD_MAX_LINE];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4471:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempfd = open(tempfile, O_WRONLY | O_CREAT | O_TRUNC, 0600);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4720:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_uri[HTTP_MAX_URI]; /* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4849:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* URI value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5044:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printer_uri[HTTP_MAX_URI];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromppd[1024], /* Source PPD */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128], /* Sanitized printer name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5574:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notifier[1024]; /* Notifier filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5845:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5847:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, user_data->values[0].unknown.data, (size_t)user_data->values[0].unknown.length);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5929:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub->user_data, user_data->values[0].unknown.data,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5958:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Script/PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024], /* cups-deviced command */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Filename for document */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6262:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6313:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((con->file = open(filename, O_RDONLY)) == -1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Scheme portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6409:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6473:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Scheme portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7029:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024], /* cups-driverd command */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7083:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7132:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((con->file = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024], /* cups-driverd command */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7692:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7730:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job = cupsdFindJob(atoi(resource + 6));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7735:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(resource + 6));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7868:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7921:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:8075:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Scheme portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:8197:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:8401:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:8403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super[MIME_MAX_SUPER], /* Supertype of file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:8695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256]; /* Line data */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9007:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9059:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI], /* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9283:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9393:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Job authentication filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[65536]; /* Line for file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9565:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_uri[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9577:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super[MIME_MAX_SUPER],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9583:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9635:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10021:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[HTTP_MAX_URI]; /* Resource portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10069:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted[1024]; /* Formatted errror message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10244:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10674:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], /* New attribute name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:11163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char baseuser[256], /* Base username */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:11237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super[MIME_MAX_SUPER],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:494:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[255]; /* Device URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:595:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[MIME_MAX_TYPE]; /* MIME media type for printer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1166:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
job->print_pipes[1] = open(job->printer->device_uri + 5,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1169:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
job->print_pipes[1] = open(job->printer->device_uri + 7,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1172:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
job->print_pipes[1] = open(job->printer->device_uri + 7,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1175:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
job->print_pipes[1] = open(job->printer->device_uri + 5,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1548:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Full filename of job.cache file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1653:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobfile[1024]; /* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2002:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[65536], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* job.cache filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Job control filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2540:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2616:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048]; /* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2962:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[2048], /* Log message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3096:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* Buffer for formatted messages */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobfile[1024]; /* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4294:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
NextJobId = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4310:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4388:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->state_value = (ipp_jstate_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4413:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->priority = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4425:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->dtype = (cups_ptype_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4429:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->koctets = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4433:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->num_files = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4469:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super[MIME_MAX_SUPER], /* MIME super type */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4538:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4570:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
next_job_id = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4631:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->id = atoi(dent->filename + 1);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4677:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Document filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4709:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Control filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4732:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_name[128]; /* date-time-at-xxx */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:5069:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[CUPSD_SB_BUFFER_SIZE],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:5123:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int total = atoi(message + 6); /* Total impressions */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:5262:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int progress = atoi(attr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.h:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *auth_env[3], /* AUTH_xxx environment variables,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.h:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1]; /* Message string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/listen.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256]; /* String addresss */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backname[1024], /* Backup log filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:307:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[1024]; /* Date/time string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:308:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const months[12] =/* Months */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Buffer for vsnprintf */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:499:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientmsg[1024];/* Format string for client message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:554:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jobmsg[1024]; /* Format string for job message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:608:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp->message, log_line, log_len + 1);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:774:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048], /* Buffer for page log */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:780:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[256]; /* Page number */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:845:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, format + 1, (size_t)(nameend - format - 1));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:1021:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[2048]; /* Temporary string for URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:390:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open("/dev/null", O_RDONLY)) != 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:396:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open("/dev/null", O_WRONLY)) != 1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:402:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open("/dev/null", O_WRONLY)) != 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:563:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1343:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[65536 + 64]; /* Formatting string value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1396:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024]; /* Process name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1504:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024]; /* New printer-state-message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1852:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256]; /* String addresss */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:2045:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidfile[1024]; /* PID/KeepAlive file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Full filename of .convs file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Full filename of .types file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:544:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024]; /* Full path to filter */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Input line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:760:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cost = atoi(lineptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:849:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[32768], /* Input line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matchv[64]; /* Match value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localev[64]; /* Locale value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringv[64]; /* String value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super[MIME_MAX_SUPER], /* Super-type name ("image", "application", etc.) */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter[MIME_MAX_FILTER];/* Filter program to use */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[1024]; /* Hostname for address */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp->hostname, hostname, hostlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:195:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->address), addr->ifa_addr, sizeof(struct sockaddr_in));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:196:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->mask), addr->ifa_netmask, sizeof(struct sockaddr_in));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->broadcast), addr->ifa_dstaddr,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:209:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->address), addr->ifa_addr, sizeof(struct sockaddr_in6));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:210:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->mask), addr->ifa_netmask, sizeof(struct sockaddr_in6));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:213:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(temp->broadcast), addr->ifa_dstaddr,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.h:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32], /* Network interface name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024], /* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:787:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Script/PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:943:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:972:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (value && (i = atoi(value)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1057:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (value && (i = atoi(value)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1204:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->state_time = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1213:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->config_time = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1238:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->type = (cups_ptype_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1320:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->quota_period = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1328:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->page_limit = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1336:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->k_limit = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1392:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->marker_time = atoi(valueptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* printers.conf filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1934:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024], /* URI buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256], /* printer-supply values */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2252:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[HTTP_MAX_URI]; /* Resource portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2617:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[255], /* Reason string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2870:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcfile[1024], /* Original filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3017:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localname[1024],/* Localized hostname */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; /* name-default */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super[MIME_MAX_SUPER], /* Super-type for filter */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Full filter filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3611:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE + 2];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3697:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdl[1024]; /* Buffer to build pdl list */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3848:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache_name[1024]; /* Cache filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3851:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppd_name[1024]; /* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3853:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strings_name[1024]; /* Strings filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3884:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const sides[3] = /* sides-supported values */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4843:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outPath[HTTP_MAX_URI];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[33]; /* User data */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state_message[1024]; /* Printer state message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *reasons[64]; /* printer-state-reasons strings */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *job_sheets[2]; /* Banners/job sheets */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h:110:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *auth_info_required[4]; /* Required authentication fields */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1]; /* Name of process */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char profile[1024], /* File containing the profile */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testroot[1024]; /* Root directory of test files */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *real_argv[110], /* Real command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char processPath[1024], /* CFProcessPath environment variable */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:668:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
errfd = open("/dev/null", O_WRONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:697:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infd = open("/dev/null", O_RDONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:709:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfd = open("/dev/null", O_WRONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.h:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[64]; /* Prefix for log messages */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.h:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CUPSD_SB_BUFFER_SIZE]; /* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftext[1024]; /* Formatted text buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:672:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:704:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:717:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(value));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:830:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((sub->job = cupsdFindJob(atoi(value))) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:940:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sub->lease = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:958:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sub->interval = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:974:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sub->expire = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:990:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sub->next_event_id = sub->first_event_id = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:1024:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* subscriptions.conf filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:1447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4], /* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:1567:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024]; /* Pointer to message text */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.h:85:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char user_data[64]; /* notify-user-data */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cupslpd_argv[1000]; /* Arguments for cups-lpd */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024], /* Command buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:250:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(args[0], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:381:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024]; /* Command buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:405:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024]; /* Command buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024], /* Command buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1024], /* Command buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super[MIME_MAX_SUPER], /* Super-type name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super[MIME_MAX_SUPER], /* Super-type for filter */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:345:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char indent[255] = "\t"; /* Indentation for rules */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* File to type */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:86:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
children = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:102:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
requests = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:121:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[255], /* Command-line options for child */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testsub.c:48:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *events[100]; /* Events */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testsub.c:425:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vstring[256]; /* Formatted time */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:37:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[MIME_MAX_BUFFER];/* Buffered data */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp->type, type, typelen);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255], /* Name in rule string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:439:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mt->priority = atoi(value[0]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:535:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp->value.stringv, value[1], (size_t)length[1]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:569:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp->value.stringv, value[2], (size_t)length[2]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:913:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MIME_MAX_BUFFER + 1];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:916:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, fb->buffer, (size_t)fb->length);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *envp[500], /* Array of environment variables */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:301:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/null", O_RDONLY)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* Printer or job URI */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:208:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job_id = atoi(job + 1);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:218:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job_id = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:921:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junkstr[255]; /* Temp string */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:1748:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[PPD_MAX_NAME],
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super[16], /* Super-type for filter */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2977:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Profile filename */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2982:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *specs[1000]; /* Specifiers for profiles */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PPD_MAX_NAME]; /* PapeSize name that is supposed to be */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3382:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char altbuf[PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3427:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ll[3]; /* Base language */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3655:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
language = (char *)cupsArrayNext(languages))
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3885:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], /* Temporary path */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:45:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *files[1000]; /* Files to print */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:237:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job_id = atoi(strrchr(val, '-') + 1);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:239:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job_id = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char email[1024]; /* EMail address */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:267:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_copies = atoi(opt + 1);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:280:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_copies = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:318:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
priority = atoi(opt + 1);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:331:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
priority = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* URI for job */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:705:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* URI for job */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:227:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:813:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:862:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:916:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:1062:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:1113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI]; /* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:1175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved[1024], /* Resolved URI */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:1335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[HTTP_MAX_URI], /* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpinfo.c:171:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpinfo.c:180:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[i] + 10);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpmove.c:106:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(job + 1);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpmove.c:109:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobid = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpmove.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char job_uri[HTTP_MAX_URI], /* job-uri */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10240], /* String for options */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10240], /* Option string buffer */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:483:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[1024]; /* Resource path */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:685:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printer_state_time[255];/* Printer state time */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:862:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[HTTP_MAX_URI], /* Request method */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[255], /* Temporary buffer */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1475:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alerts[1024], /* Alerts string */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1535:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printer_uri[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1812:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alerts[1024], /* Alerts string */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alerts[1024], /* Alerts string */
data/cups-2.3.3op1~106-ga72b0140e/tools/dither.h:2:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char threshold[64][64] =
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:257:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[65536]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:267:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:426:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(compptr, start, count);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:472:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[HTTP_MAX_VALUE], /* Username string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:253:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024], /* Request URI */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:259:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256], /* Client hostname */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[1024] = ""; /* Spool directory */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:593:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
serverport = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024], /* job-uri value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printer_uri[1024]; /* job-printer-uri value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1253:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], /* "Safe" filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1312:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (open(fname, O_WRONLY | O_CREAT | O_TRUNC, 0666));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[255]; /* Service port */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char media_key[256]; /* media-key value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024]; /* Full path to command */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1442:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha256[32]; /* SHA-256 digest/sum */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_data[1024],/* Data to hash for printer-uuid */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1448:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *formats[100], /* Supported document formats */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1451:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *sup_attrs[100];/* Supported attributes */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1452:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xxx_supported[256];
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1715:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1803:161: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (num_formats = 0, format = (const char *)cupsArrayFirst(docformats); format && num_formats < (int)(sizeof(formats) / sizeof(formats[0])); format = (const char *)cupsArrayNext(docformats))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2012:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048]; /* String buffer for value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2341:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key.id = atoi(uriptr + 1);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2365:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Filename buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2501:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[256], /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], /* Filename buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2605:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = open(resource, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2782:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Read buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2935:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tformat[100], /* Temporary format string for sprintf() */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3607:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uris[3][1024]; /* Buffers for URIs */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3608:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *values[3]; /* Values for attribute */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3623:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* URI value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3656:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[32]; /* Reason string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3674:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* URI value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3682:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* URI value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3693:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uris[2][1024]; /* Buffers for URIs */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3694:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *values[2]; /* Values for attribute */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3736:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const afplay[3] =
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_id[1024],/* printer-device-id */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4978:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *urf[10]; /* urf-supported values */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4979:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urf_rs[32]; /* RS value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5501:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_id[1024]; /* Device ID string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5513:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_tray[1024]; /* printer-input-tray value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5740:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->impressions = atoi(option->value);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5748:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
job->impcompleted = atoi(option->value);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5803:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1]; /* First byte from client */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5843:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* URI */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5847:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* Method/scheme */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5984:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
client->host_port = atoi(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6068:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6071:62: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stat(client->printer->strings, &fileinfo) && (fd = open(client->printer->strings, O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6102:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6105:63: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stat(client->printer->icons[1], &fileinfo) && (fd = open(client->printer->icons[1], O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6144:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6147:63: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stat(client->printer->icons[2], &fileinfo) && (fd = open(client->printer->icons[2], O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6186:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6189:63: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!stat(client->printer->icons[0], &fileinfo) && (fd = open(client->printer->icons[0], O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6444:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6613:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myargv[3], /* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6617:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[1280], /* IPP_NAME=value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6622:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[2048], /* Line from stderr */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6764:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scheme[32], /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6783:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((mystdout = open(resource, O_WRONLY | O_CREAT | O_TRUNC, 0666)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6800:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((mystdout = open(resource, O_WRONLY | O_CREAT | O_TRUNC, 0666)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6805:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((mystdout = open(resource, O_WRONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6813:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[32]; /* Service number */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6835:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mystdout = open("/dev/null", O_WRONLY);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adminurl[247], /* adminurl value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_dnssd_name[256]; /* New DNS-SD name */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regtype[256]; /* DNS-SD service type */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256]; /* Subtype service string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024]; /* Text message */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[256]; /* WWW-Authenticate value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7736:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tray_str[1024], /* printer-input-tray string value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255]; /* Form name */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7874:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ready_sheets = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7973:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tray_str, ready_tray, (size_t)tray_len);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7977:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ready_sheets = atoi(tray_ptr + 6);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8089:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char when[256], /* When job queued/started/finished */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char supply_text[1024], /* Supply string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64]; /* Form field */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8234:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(val); /* New level */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8272:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(supply_text, supply_value, (size_t)supply_len);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8276:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(supply_ptr + 6);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8478:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[8]; /* First 8 bytes of file */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:75:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
copies = atoi(ipp_copies);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:127:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[5]; /* Base-85 encoded characters */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:129:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char leftdata[4]; /* Leftover data at the end */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:189:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(leftdata + leftcount, data, (size_t)(length - leftcount));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:247:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppdEmitJCL(ppd, stdout, job_id ? atoi(job_id) : 0, cupsUser(), job_name ? job_name : "Unknown");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:407:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
media = pwgMediaForSize(atoi(x_dimension), atoi(y_dimension));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:407:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
media = pwgMediaForSize(atoi(x_dimension), atoi(y_dimension));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:536:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[65536], /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:559:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:781:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[1024]; /* Temporary file */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:784:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *pdf_argv[8]; /* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:785:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdf_options[1024]; /* Options */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:904:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:913:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "rb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:1037:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], /* Full name string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1902:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char program[1024]; /* Program to execute */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1972:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[2048], /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullName[kDNSServiceMaxDomainName];
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[10]; /* Port number of service */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preasons[1024], /* Comma-delimited printer-state-reasons */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2467:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp->range[1] = atoi(value + 1);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2476:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp->range[0] = temp->range[1] = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2486:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256]; /* Error message */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2505:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp->args, args, (size_t)num_args * sizeof(char *));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2562:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], /* TXT key value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2607:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, txtRecord, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2644:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256], /* TXT key */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2683:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, current->text, current->size);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2711:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[1024]; /* URI */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compression[16]; /* COMPRESSION value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *displayed[200]; /* Displayed attributes */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[1024], /* Data filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024]; /* Test name */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pause[1024]; /* PAUSE value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource[512]; /* Resource for request */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_id[1024]; /* Test identifier */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:586:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
repeat = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:731:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10240]; /* Format buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:766:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascheme[32], /* Components of first URI */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:771:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bscheme[32], /* Components of second URI */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:880:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, (size_t)datalen);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:909:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:912:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[131072]; /* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1446:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group_name[256],/* Parent attribute name */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2195:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[255]; /* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2247:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tty = open("/dev/tty", O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2389:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[IPP_MAX_LENGTH * 5 / 4 + 1];
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[131072]; /* Value buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10240]; /* Format buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3026:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024], /* Name string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3183:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->request_id = atoi(temp);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3226:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3568:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((count = atoi(temp)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3696:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (atoi(temp) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3704:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->last_status->repeat_limit = atoi(temp);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3708:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->last_expect->repeat_limit = atoi(temp);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3901:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->last_expect->with_value, value + 1, (size_t)(ptr - value - 1));
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4118:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Mapped filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4154:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Mapped filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4190:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Mapped filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024], /* Temporary value string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4839:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, adata, (size_t)adatalen);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4878:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char withdata[1023], /* WITH-VALUE data */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4932:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(withdata, value, (size_t)withlen);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:41:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/cups-2.3.3op1~106-ga72b0140e/vcnet/dns_sd.h:2038:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union _TXTRecordRef_t { char PrivateData[16]; char *ForceNaturalAlignment; } TXTRecordRef;
data/cups-2.3.3op1~106-ga72b0140e/vcnet/dns_sd.h:2427:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char assert0[(sizeof(union _TXTRecordRef_t) == 16) ? 1 : -1];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/debug.c:235:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/debug.c:238:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%c", ch);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/debug.c:240:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\\%o", ch);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/engine.c:1000:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pbuf[10];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/engine.c:1003:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pbuf, "%c", ch);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/engine.c:1005:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pbuf, "\\%o", ch);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char erbuf[100];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:53:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
startoff = (regoff_t)atoi(optarg);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:56:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
endoff = (regoff_t)atoi(optarg);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[1000];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *f[MAXF];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char erbuf[100];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:187:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(erbuf) != (int)REG_BADPAT) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *should[NSHOULD];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char erbuf[100];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f0copy[1000];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f2copy[1000];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:413:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char grump[500];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:428:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(grump, "start %ld end %ld", (long)sub.rm_so,
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:441:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(grump, "start %ld end %ld, past end of string",
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:452:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(grump, "matched `%.*s'", len, p);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:458:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(grump, "matched `%.*s' instead", len, p);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:471:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(grump, "matched null at `%.20s'", p);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:485:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char epbuf[100];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:501:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char efbuf[100];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:509:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return(atoi(efbuf));
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nuls[10]; /* place to point scanner in event of error */
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:845:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bracket[3];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:891:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bracket[4];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convbuf[50];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:87:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(convbuf, "REG_0x%x", target);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:124:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(localbuf, "%d", r->code);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regexec.c:75:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ASSIGN(d, s) memcpy(d, s, m->g->nstates)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fields[MNF];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:161:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (n = atoi(argv[3]); n > 0; n--) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:165:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (n = atoi(argv[3]); n > 0; n--) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fields[NF];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fi[RNF];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fields[RNF+1];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/utils.h:21:26: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memmove(d, s, c) bcopy(s, d, c)
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1095:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = device_id + strlen(device_id);
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1112:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr = value + strlen(value) - 1) > value && *ptr == ')')
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1192:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *valptr = value + strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1210:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = device_id + strlen(device_id);
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:103:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri + strlen(uri) - 1);
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:131:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((length = read(devparportfd, device_id, (size_t)device_id_size - 1)) >= 2)
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:309:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!_cups_strncasecmp(mdl, mfg, strlen(mfg)))
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:311:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mdl += strlen(mfg);
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:377:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!mfg || !_cups_strncasecmp(mdl, mfg, strlen(mfg)))
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:410:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(des) >= 8)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:687:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((bytes = read(0, buffer, sizeof(buffer))) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1651:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1845:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2852:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(phone) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2868:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3046:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valptr += strlen(valptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3053:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valptr += strlen(valptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3120:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, valptr = value; i < count; i ++, valptr += strlen(valptr))
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3574:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remptr += strlen(remptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3587:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addptr += strlen(addptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3605:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remptr += strlen(remptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3625:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remptr += strlen(remptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3641:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addptr += strlen(addptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:427:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(bytes = read(0, buffer, sizeof(buffer))) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1011:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cptr = control + strlen(control);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1019:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cptr += strlen(cptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1026:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cptr += strlen(cptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1049:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lpd_command(fd, "\002%d cfA%03d%.15s\n", (int)strlen(control),
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1058:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned)strlen(control));
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1060:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)lpd_write(fd, control, strlen(control) + 1) < (strlen(control) + 1))
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1060:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)lpd_write(fd, control, strlen(control) + 1) < (strlen(control) + 1))
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1068:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &status, 1) < 1)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1116:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((nbytes = read(print_fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1182:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lpd_command(fd, "\002%d cfA%03d%.15s\n", (int)strlen(control),
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1191:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long)strlen(control));
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1193:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)lpd_write(fd, control, strlen(control) + 1) < (strlen(control) + 1))
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1193:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)lpd_write(fd, control, strlen(control) + 1) < (strlen(control) + 1))
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1200:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &status, 1) < 1)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:181:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (dataptr = data + strlen(data) + 1;
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:183:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count --, dataptr += strlen(dataptr))
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:187:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data + strlen(data) + 1);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:222:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = (int)strlen(data) + 1;
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:229:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:235:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:253:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:262:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:267:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:272:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:277:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:331:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = (int)strlen(data);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:342:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = (int)strlen(data);
data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c:68:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((print_bytes = read(print_fd, print_buffer,
data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c:273:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bc_bytes = read(device_fd, bc_buffer, sizeof(bc_buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c:296:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((print_bytes = read(print_fd, print_buffer,
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:245:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, ptr = value; i < num_supplies; i ++, ptr += strlen(ptr))
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:700:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, ptr = value; i < num_supplies; i ++, ptr += strlen(ptr))
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:745:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, ptr = value; i < num_supplies; i ++, ptr += strlen(ptr))
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:725:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uriptr += strlen(uriptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1041:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(device->id) < packet.object_value.string.num_bytes))
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1187:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ifname[strlen(ifname) - 1] = '\0';
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:286:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((bytes = read(0, buffer, sizeof(buffer))) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:482:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(device_fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:269:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, buffer, strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:280:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, buffer, strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:306:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:321:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, buffer, strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:397:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, data, strlen(data));
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:665:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g.print_bytes = read(print_fd, print_buffer, g.debug_bytes);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:668:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g.print_bytes = read(print_fd, print_buffer, sizeof(print_buffer));
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2193:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2413:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(g.print_fd, buffer, sizeof(buffer)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2457:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*datalen = (int)strlen(data);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:437:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g.print_bytes = read(print_fd, print_buffer, sizeof(print_buffer));
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1348:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mfglen = strlen(mfg);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1751:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000 * timeleft.tv_sec + timeleft.tv_usec);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1840:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = strlen(data);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1952:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(g.print_fd, buffer, sizeof(buffer)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:584:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = strlen(data);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpc.c:69:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (params = line + strlen(line) - 1; params >= line;)
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpc.c:152:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:94:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:113:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:164:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:82:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:101:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:125:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:154:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:205:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:249:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:278:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:398:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(bytes = read(0, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lprm.c:79:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lprm.c:103:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lprm.c:122:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:512:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*ptr || ptr == name || strlen(name) > 127)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:695:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*ptr || ptr == name || strlen(name) > 127)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:845:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(attr->values[0].string.text, var, strlen(var)) == 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1157:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uriptr = uri + strlen(uri);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1581:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2949:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
units = option->defchoice + strlen(option->defchoice) - 2;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3593:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
integer = (long)strlen(val);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3621:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3675:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
integer = (long)strlen(val);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3708:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:973:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = text + strlen(text);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:1090:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:86:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(in)) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:88:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(in);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:95:34: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (nameptr = name; (ch = getc(in)) != EOF;)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:594:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(command_file));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:968:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameptr = name + strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:1048:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valptr += strlen(valptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:1159:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valptr += strlen(valptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:59:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(query) * 3;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:164:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wlen = (size_t)(sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:166:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wlen += strlen(lword);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:198:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sptr, prefix, strlen(prefix) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:199:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:242:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sptr, lword2, strlen(lword2) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:243:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:248:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sptr, lword, strlen(lword) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:249:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:233:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(in)) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:244:28: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (s = name; (ch = getc(in)) != EOF;)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:453:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (s = compare; (ch = getc(in)) != EOF;)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:461:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:470:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(in)) != EOF && ch != '}')
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:498:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:501:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*s++ = (char)getc(in);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:607:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
putc(getc(in), out);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:609:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(in);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:726:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (data == NULL || strlen(data) == 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:769:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(bstring);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:818:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getchar()) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:859:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getchar()) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:944:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ptr = mimetype + strlen(mimetype) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:996:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nbytes = read(0, data + tbytes, (size_t)(length - tbytes))) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1226:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cupsHashData("md5", (unsigned char *)buffer, strlen(buffer), sum, sizeof(sum));
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:237:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = line + strlen(line);
data/cups-2.3.3op1~106-ga72b0140e/cups/array.c:179:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:168:128: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (schemedata = cups_auth_scheme(www_auth, scheme, sizeof(scheme)); schemedata; schemedata = cups_auth_scheme(schemedata + strlen(scheme), scheme, sizeof(scheme)))
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:273:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpEncode64_2(encode, sizeof(encode), http->userpass, (int)strlen(http->userpass));
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:519:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t schemelen = strlen(scheme); /* Length of scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:594:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(name); /* Name length */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:862:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token.length = strlen(buf);
data/cups-2.3.3op1~106-ga72b0140e/cups/backchannel.c:78:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read(3, buffer, bytes));
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:402:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:434:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:493:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += (int)strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:498:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:523:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += (int)strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:528:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:538:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += (int)strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:543:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:280:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(value) <= (size_t)attr->values[0].integer);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:295:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int_value = (int)strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:306:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(value, "%dx%d%15s", &xres_value, &yres_value, temp) != 3)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:308:17: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(value, "%d%15s", &xres_value, temp) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1545:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(mname);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1551:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(mname);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1633:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1653:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1669:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1939:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((nameptr = name + strlen(name) - 8) <= name || strcmp(nameptr, "-default"))
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:2681:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(value, "%dx%d%15s", &xres_value, &yres_value, temp) != 3)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:2683:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(value, "%d%15s", &xres_value, temp) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:3067:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr = value + strlen(value) - 1) > value && *ptr == ')')
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:4312:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/encode.c:534:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(sep, sep + 1, strlen(sep));
data/cups-2.3.3op1~106-ga72b0140e/cups/encode.c:635:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(ipp, &attr, i, val, (int)strlen(val));
data/cups-2.3.3op1~106-ga72b0140e/cups/encode.c:811:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = (int)strlen(option->name);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:818:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1585:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = (ssize_t)strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2496:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fp->fd, trailer + tbytes, sizeof(trailer) - (size_t)tbytes) < ((ssize_t)sizeof(trailer) - tbytes))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2708:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
total = (ssize_t)read(fp->fd, buf, (unsigned)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2713:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
total = read(fp->fd, buf, bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:399:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:138:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((int)(offsetof(struct sockaddr_un, sun_path) + strlen(addr->un.sun_path) + 1));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:210:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask(0);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:222:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mask);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:574:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:581:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:594:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:604:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:608:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:717:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cg->hostent.h_length = (int)strlen(name) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:872:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > 6 && !strcmp(s + strlen(s) - 6, ".local"))
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:872:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > 6 && !strcmp(s + strlen(s) - 6, ".local"))
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:584:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ipv6len = (int)strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']')
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:604:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ipv6len = (int)strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']')
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:357:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:516:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cupsHashData("md5", (unsigned char *)data, strlen(data), md5sum, sizeof(md5sum));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:679:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (httpEncode64_2(out, 512, in, (int)strlen(in)));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:838:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(s, "%*s%d%15s%d%d:%d:%d", &day, mon, &year, &hour, &min, &sec) < 6)
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1285:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *resptr = resource + strlen(resource);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1404:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashsize = (size_t)cupsHashData(hashalg, (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1409:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashsize = (size_t)cupsHashData(hashalg, (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1414:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashsize = (size_t)cupsHashData(hashalg, (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1434:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1439:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1444:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2406:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(hostptr = hostTarget + strlen(hostTarget) - 7) > hostTarget &&
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2430:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn ||
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2672:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(hostptr = hostTarget + strlen(hostTarget) - 6) > hostTarget &&
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2696:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn ||
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2475:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(scheme) + (data ? strlen(data) + 1 : 0) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2475:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(scheme) + (data ? strlen(data) + 1 : 0) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3591:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = temp + strlen(temp) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3609:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valuelen = strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3619:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fieldlen = strlen(http->fields[field]);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4033:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = line + strlen(line);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4829:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (http_write(http, header, strlen(header)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:739:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valuelen = strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:741:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (value[0] == '<' && value[strlen(value) - 1] == '>')
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c:703:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c:761:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c:804:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(val->string.language);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c:853:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c:2549:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(attr->name) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c:96:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempptr = temp + strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c:118:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dstptr += strlen(dstptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1095:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = (ssize_t)strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1155:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr = buffer + strlen(buffer) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4370:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = (ssize_t)strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4432:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr = buffer + strlen(buffer) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5049:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(attr->values[i].string.text) > (IPP_MAX_URI - 1))
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5051:173: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad URI value \"%s\" - bad length %d (RFC 8011 section 5.1.6)."), attr->name, attr->values[i].string.text, (int)strlen(attr->values[i].string.text));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5147:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(attr->values[i].string.text) > (IPP_MAX_LANGUAGE - 1))
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5149:185: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad naturalLanguage value \"%s\" - bad length %d (RFC 8011 section 5.1.9)."), attr->name, attr->values[i].string.text, (int)strlen(attr->values[i].string.text));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5192:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(attr->values[i].string.text) > (IPP_MAX_MIMETYPE - 1))
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5194:184: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad mimeMediaType value \"%s\" - bad length %d (RFC 8011 section 5.1.10)."), attr->name, attr->values[i].string.text, (int)strlen(attr->values[i].string.text));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5418:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((n = (int)strlen(attr->name)) > (IPP_BUF_SIZE - 8))
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5457:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((n = (int)strlen(attr->name)) > (IPP_BUF_SIZE - 12))
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5649:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(value->string.text);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5890:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += (int)strlen(value->string.language);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5893:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += (int)strlen(value->string.text);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5922:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(value->string.language);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5938:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(value->string.text);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6467:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += strlen(attr->name); /* Name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6506:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += strlen(value->string.text);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6531:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += strlen(value->string.language);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6534:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += strlen(value->string.text);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6669:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ((ssize_t)read(*fd, buffer, (unsigned)length));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6671:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (read(*fd, buffer, length));
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:63:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr = buffer + strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:284:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
charset = new_lc_time + strlen(new_lc_time);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:177:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(locale))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:287:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(apple_language_locale[i].language);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:717:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(langname) != 2 && strlen(langname) != 3)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:717:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(langname) != 2 && strlen(langname) != 3)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1057:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(m->str ? m->str : m->msg);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1058:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptrlen = strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1538:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(CFIndex)strlen(filename), false);
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:40:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:74:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:84:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
data/cups-2.3.3op1~106-ga72b0140e/cups/options.c:307:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr = copyarg + strlen(copyarg) - 1) > copyarg && *ptr == '}')
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-attr.c:305:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (bufptr = buffer + strlen(buffer) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:102:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr = ippAddOctetString(request, IPP_TAG_OPERATION, "job-password", password, (int)strlen(password));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:113:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((hashlen = cupsHashData(keyword, password, strlen(password), hash, sizeof(hash))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:184:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippAddOctetString(request, IPP_TAG_JOB, mandatory, keyword, (int)strlen(keyword));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:633:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(value, "%127s%40s", pwg_keyword, ppd_keyword) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:694:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(value, "%127s%40s%d%d%d%d%d%d", pwg_keyword, ppd_keyword,
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:771:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(value, "%127s%40s", pwg_keyword, ppd_keyword) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:820:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(value, "%127s%40s", pwg_keyword, ppd_keyword) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:140:6: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(attr->value, "%f%16s%41s%40s", &aorder, asection, amain,
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:321:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflength = strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:682:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize += strlen(cparam->current.custom_string);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:706:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize += 23 + strlen(choices[i]->option->keyword) + 6;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:732:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize += 4 * strlen(cparam->current.custom_string);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:738:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize += 17 + strlen(choices[i]->option->keyword) + 1 +
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:739:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(choices[i]->choice) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:747:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize += strlen(choices[i]->code) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:749:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize += strlen(ppd_custom_code);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:772:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, bufptr = buffer; i < count; i ++, bufptr += strlen(bufptr))
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:828:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:837:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:857:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:988:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1011:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1033:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1048:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1066:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1071:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (int)strlen(choices[i]->code);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1081:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1089:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:381:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
schemelen = strlen(scheme);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:708:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ll_CC) == 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:577:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll_CC_len = strlen(ll_CC);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:578:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll_len = strlen(ll);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:653:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string ? (int)strlen(string) : 0));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1007:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(string, "%d%32s%64s%64s", &corder, ctype, cminimum,
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1240:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = realloc(ppd->patches, strlen(ppd->patches) +
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1241:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(string) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1251:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(ppd->patches + strlen(ppd->patches), string, strlen(string) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1251:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(ppd->patches + strlen(ppd->patches), string, strlen(string) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1271:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DEBUG_printf(("2_ppdOpen: name=\"%s\" (%d)", name, (int)strlen(name)));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1276:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = (int)strlen(name) - 1; i > 0 && _cups_isspace(name[i]); i --)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1618:20: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (!sptr || sscanf(sptr, "%40s%40s", name, keyword) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1774:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
switch (sscanf(string, "%40s%40s%40s%40s", constraint->option1,
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:2770:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pg->ppd_conform == PPD_CONFORM_STRICT && strlen(text) >= sizeof(group->text))
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:3380:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strptr = lineptr + strlen(lineptr) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:3459:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(attr->value, "%15[^/]/%255s%*[ \t]%15[^/]/%255s%d%*[ \t]%1023[^\n]",
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:358:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uptr += strlen(uptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:361:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uptr += strlen(uptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:522:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(suffix = name + strlen(name) - 10 /* .FullBleed */) > name &&
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:709:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
units = ptr + strlen(ptr) - 2;
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:855:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
units = ptr + strlen(ptr) - 2;
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:321:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((count = read(fd, buf, (unsigned)bytes)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:323:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((count = read(fd, buf, bytes)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/request.c:218:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(infile, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:177:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(CUPS_SC_FD, buffer, _CUPS_SC_MAX_BUFFER)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:325:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(oid) + 1, timeout))
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:350:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
real_oidlen = (int)strlen(real_data) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:434:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oidlen = strlen(oid);
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:444:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_oid, (int)strlen(current_oid) + 1, timeout))
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:484:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
real_oidlen = strlen(real_data) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:280:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src ++, dstptr += strlen(dstptr))
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:1141:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commlen = (unsigned)strlen(packet->community);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:85:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:117:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:175:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
templen = strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:206:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
templen = strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:230:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
templen = strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:271:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = (int)strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:106:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:222:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (tempptr = temp + strlen(temp) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:233:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
declen = (int)strlen(dec);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:271:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr = buf + strlen(buf);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:446:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tempptr += strlen(tempptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:555:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (strlen(item->str) + 8) & (size_t)~7;
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:606:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:692:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dstlen = strlen(dst);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:703:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:739:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:283:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen(dent->filename) - 2;
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:532:10: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
while (fscanf(fp, "%255s", word) == 1)
data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c:554:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(name, "%lfx%lf%31s", &dw, &dl, units) == 3)
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:754:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int)strlen(partial_line); i ++)
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:303:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(base64_tests[i][0]));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:275:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)len != strlen((char *)utf8latin))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:277:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8latin));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:326:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)len != strlen((char *)utf8greek))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:328:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8greek));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:372:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)len != strlen((char *)utf8japan))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:374:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8japan));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:419:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)len != strlen((char *)utf8japan))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:421:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8japan));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:466:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)len != strlen((char *)utf8taiwan))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:468:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8taiwan));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:512:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t)len != strlen((char *)utf8taiwan))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:514:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8taiwan));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:547:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len != strlen ((char *) utf8good))
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:798:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]) > 5 && !strcmp(argv[i] + strlen(argv[i]) - 5, ".test"))
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:798:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]) > 5 && !strcmp(argv[i] + strlen(argv[i]) - 5, ".test"))
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:810:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(argv[i]) > 4 && !strcmp(argv[i] + strlen(argv[i]) - 4, ".hex"))
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:810:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(argv[i]) > 4 && !strcmp(argv[i] + strlen(argv[i]) - 4, ".hex"))
data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c:247:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:427:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("FAIL (%d bytes instead of %d)\n", s ? (int)strlen(s) : 0,
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:428:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(default_code));
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:447:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("FAIL (%d bytes instead of %d)\n", s ? (int)strlen(s) : 0,
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:448:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(custom_code));
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:851:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("FAIL (%d bytes instead of %d)\n", s ? (int)strlen(s) : 0,
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:852:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(default2_code));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:891:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1588:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1593:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
error = SSLSetPeerDomainName(http->tls, hostname, strlen(hostname));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1637:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000); /* in 1 millisecond */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1789:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:148:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(language->language) == 5)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:155:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
common_name, strlen(common_name));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:157:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
common_name, strlen(common_name));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:171:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, common_name, (unsigned)strlen(common_name), GNUTLS_FSAN_SET);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:181:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, localname, (unsigned)strlen(localname), GNUTLS_FSAN_APPEND);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:192:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, alt_names[i], (unsigned)strlen(alt_names[i]), GNUTLS_FSAN_APPEND);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:699:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:793:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((num_data + strlen(line)) >= alloc_data)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1041:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((num_data + strlen(line)) >= alloc_data)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1087:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr = buffer + strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1355:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1360:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = gnutls_server_name_set(http->tls, GNUTLS_NAME_DNS, hostname, strlen(hostname));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:385:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:960:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:1249:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2302:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ptr = buffer + strlen(buffer) - 1; ptr >= buffer; ptr --)
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:105:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((int)strlen((char *)dest));
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:164:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:226:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((int)strlen(dest));
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:293:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen((char *)src);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:852:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((passbytes = read(tty, &passch, 1)) == 1)
data/cups-2.3.3op1~106-ga72b0140e/filter/common.c:465:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 5 + (int)strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2045:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
doc_write(doc, s, strlen(s));
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2153:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line + 17, "%254s%254s", name, value) != 2)
data/cups-2.3.3op1~106-ga72b0140e/locale/checkpo.c:118:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idfmt = msg->msg + strlen(msg->msg) - 1;
data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c:209:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ptrlen = strlen(ptr); /* Length of string */
data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c:211:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(msgstr ? msgstr : msgid);
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:118:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t linelen = strlen(line); /* Length of line */
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:816:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(anchor, line + 4, sizeof(anchor) - 1);
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:837:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineptr = line + strlen(line) - 1;
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:843:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineptr = line + strlen(line) - 2;
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:946:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, s, sizeof(name) - 1);
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:1180:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, s, sizeof(temp) - 1);
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:175:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = getc(fp)) == EOF)
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:184:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c:164:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch = getc(fp)) == EOF)
data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c:173:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:433:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reasons_length += 1 + strlen(ippGetString(attr, i, NULL));
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:444:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:505:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reasons_length += 1 + strlen(ippGetString(attr, i, NULL));
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:516:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:696:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((e = malloc(bytes + 1 + strlen(s))) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:95:98: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)pofile, (CFIndex)strlen(pofile), false);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:456:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:468:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:480:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:1175:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:1190:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:1205:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:1317:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)((size_t)cupsFileTell(fp) + 25 + strlen(pc_file_name->value)),
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx:94:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ppd->manufacturer)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx:96:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = ppd->modelname + strlen(ppd->manufacturer);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:174:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = temp + strlen(temp) - 1;
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1763:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commptr = command + strlen(command);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1769:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commptr += strlen(commptr);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1776:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commptr += strlen(commptr);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1783:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commptr += strlen(commptr);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2002:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2012:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2306:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = (int)strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-string.cxx:28:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t vlen = strlen(v);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:164:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:214:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:220:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:226:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:312:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(d->manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdmerge.cxx:329:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(languages[i].version);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:201:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ifptr = ifname + strlen(ifname) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:229:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp.mask.name.length = strlen(temp.mask.name.name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:760:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(authorization) + 0;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:865:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(authorization, "%255s", scheme) != 1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1416:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((uriptr = uri + strlen(uri) - 1) > uri && *uriptr == '/')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1426:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uriptr = uri + strlen(uri) - 4; /* len > 4 if we get here... */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1622:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostlen = strlen(hostname);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1882:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp->length = strlen(temp->location);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/banners.c:93:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dent->filename[strlen(dent->filename) - 1] == '~')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c:247:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, cert->certificate, strlen(cert->certificate));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2033:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(message); /* Length of message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2136:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auth_key = auth_str + strlen(auth_str);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2358:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if ((bytes = read(con->file, con->header + con->header_used, (size_t)bytes)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2715:145: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((!strncmp(con->uri, "/ppd/", 5) || !strncmp(con->uri, "/printers/", 10) || !strncmp(con->uri, "/classes/", 9)) && !strcmp(con->uri + strlen(con->uri) - 4, ".ppd"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2718:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dest[strlen(dest) - 4] = '\0'; /* Strip .ppd */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2752:147: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((!strncmp(con->uri, "/icons/", 7) || !strncmp(con->uri, "/printers/", 10) || !strncmp(con->uri, "/classes/", 9)) && !strcmp(con->uri + strlen(con->uri) - 4, ".png"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2755:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dest[strlen(dest) - 4] = '\0'; /* Strip .png */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2821:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp(con->uri, "/strings/", 9) && !strcmp(con->uri + strlen(con->uri) - 8, ".strings"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2824:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dest[strlen(dest) - 8] = '\0';
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2925:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (con->uri[strlen(con->uri) - 1] != '/')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2955:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = filename + strlen(filename);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3266:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commptr = argbuf + strlen(argbuf);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:307:105: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (const UInt8 *)iccfile, (CFIndex)strlen(iccfile), false);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1033:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idstrlen = strlen(printer_name) + 1 + strlen(qualifier) + 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1033:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idstrlen = strlen(printer_name) + 1 + strlen(qualifier) + 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:218:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:442:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token.length = strlen(buf);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1213:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1813:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maskval = value + strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:624:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line) - 1] == '\n')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:625:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0';
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1190:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
make_and_model_len = strlen(make_and_model);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1195:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
product_len = strlen(product);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1639:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(d->manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1777:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scheme_end = scheme + strlen(scheme) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1804:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scheme_end = scheme + strlen(scheme) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1849:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "\"%255[^\"]\"%127s%*[ \t]\"%127[^\"]\""
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1860:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen(line) - 1] == '\n')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1861:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0';
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1907:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2026:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(line, "%*[^:]:%63s", lang_encoding);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2028:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(line, "%*[^:]:%63s", lang_version);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2036:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (device_id[0] && device_id[strlen(device_id) - 1] != ';')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2049:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = product + strlen(product) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2175:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!_cups_strncasecmp(make_model, manufacturer, strlen(manufacturer)))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2450:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((ptr = filename + strlen(filename) - 14) > filename &&
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:139:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:854:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:875:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) < 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:919:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) < 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1588:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(fp)) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1598:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:232:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(argv[i], "%15[^/]/%255s", super, type) != 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:260:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(argv[i], "%15[^/]/%255s", super, type) != 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:398:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(srctype, "%15[^/]/%255s", super, type);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:416:3: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(dsttype, "%15[^/]/%255s", super, type);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:556:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(filter, "%15[^/]/%255s%*[ \t]%15[^/]/%255s%d%*[ \t]%1023[^\n]",
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:566:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(filter, "%15[^/]/%255s%d%*[ \t]%1023[^\n]", super, type, &cost,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:763:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += 2 * (strlen(option->name) + strlen(option->value)) + 2;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:763:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += 2 * (strlen(option->name) + strlen(option->value)) + 2;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:781:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:317:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostptr = hostname + strlen(hostname) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:395:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr = DNSSDHostName + strlen(DNSSDHostName) - 1) >= DNSSDHostName && *ptr == '.')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:544:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(keyvalue[i][1]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1057:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = name + strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1220:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p->info && strlen(p->info) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1613:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c:254:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, namelen = strlen(name); i < num_common_env; i ++)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:846:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(resource, "/classes/", 9) || strlen(resource) == 9)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2239:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(resource, "/printers/", 10) || strlen(resource) == 10)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4149:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(attrname) > 2 && attrname[2] == '-')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4163:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (access(filename, 0) && strlen(attrname) > 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4535:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(temppipe[0], buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4895:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippAddOctetString(con->response, IPP_TAG_PRINTER, "printer-alert", printer->alert, (int)strlen(printer->alert));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5625:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp(resource, "/printers", 9) && strlen(resource) <= 10)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5630:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp(resource, "/classes", 8) && strlen(resource) <= 9)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6520:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp(resource, "/printers", 9) && strlen(resource) <= 10)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6527:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncmp(resource, "/classes", 8) && strlen(resource) <= 9)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7720:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!strncmp(resource, "/jobs", 5) && strlen(resource) <= 6) ||
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7721:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!strncmp(resource, "/printers", 9) && strlen(resource) <= 10) ||
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7722:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!strncmp(resource, "/classes", 8) && strlen(resource) <= 9))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9464:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpEncode64_2(line, sizeof(line), auth_info->values[i].string.text, (int)strlen(auth_info->values[i].string.text));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9495:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpEncode64_2(line, sizeof(line), auth_info->values[0].string.text, (int)strlen(auth_info->values[0].string.text));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9501:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpEncode64_2(line, sizeof(line), auth_info->values[1].string.text, (int)strlen(auth_info->values[1].string.text));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9513:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpEncode64_2(line, sizeof(line), con->username, (int)strlen(con->username));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9522:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpEncode64_2(line, sizeof(line), con->password, (int)strlen(con->password));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10825:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(attr->name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:11075:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr = buffer + strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:937:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(attr->values[0].string.text))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:995:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psrlen += strlen(job->printer->reasons[i]) + 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1011:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psrptr += strlen(psrptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1599:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dent->filename) >= 6 && dent->filename[0] == 'c' && dent->fileinfo.st_mtime > fileinfo.st_mtime)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3029:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = temp + strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3042:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3872:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlength += 1 + strlen(pwgppd->name) + 1 + strlen(pwgppd->value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3872:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlength += 1 + strlen(pwgppd->name) + 1 + strlen(pwgppd->value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3998:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optptr += strlen(optptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4094:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optptr += strlen(optptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4106:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optptr += strlen(optptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4109:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optptr += strlen(optptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4170:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += strlen(attr->name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4172:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += (size_t)attr->num_values * strlen(attr->name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4241:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += 2 * strlen(attr->values[i].string.text) + 2;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4473:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(value, "%d%*[ \t]%15[^/]/%255s%d", &number, super, type,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4614:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dent->filename) >= 6 && dent->filename[0] == 'c')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:154:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (logptr = logname, ptr = filename + strlen(filename);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:171:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:204:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(filename, CUPS_LOGDIR, strlen(CUPS_LOGDIR)))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:602:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t log_len = strlen(log_line);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:793:3: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(page, "%255s%d", number, &copies);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:810:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:815:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:820:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:825:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:830:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:835:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:889:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:894:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:908:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:929:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:336:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ConfigurationFile) + 15;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:584:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:314:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dent->filename) > 6 &&
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:315:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strcmp(dent->filename + strlen(dent->filename) - 6, ".convs"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:386:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dent->filename) > 6 &&
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:387:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strcmp(dent->filename + strlen(dent->filename) - 6, ".types"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:703:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (lineptr = line + strlen(line) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:889:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linelen = strlen(line);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:898:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linelen += strlen(line + linelen);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:174:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostlen = strlen(hostname);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1030:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((valueptr = strchr(line + strlen(ServerBin), ':')) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1655:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, ptr = value + strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1663:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1714:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, ptr = value + strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1722:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1734:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, ptr = value + strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1742:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1794:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = values + strlen(values);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1968:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slash = start + strlen(start); /* No slash, point to the end */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2236:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
supply = ippAddOctetString(p->attrs, IPP_TAG_PRINTER, "printer-supply", buffer, (int)strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2238:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(p->attrs, &supply, i, buffer, (int)strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3488:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(filter, "%15[^/]/%255s%*[ \t]%15[^/]/%255s%d%*[ \t]%1023[^\n]",
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3505:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(filter, "%15[^/]/%255s%d%*[ \t]%1023[^\n]", super, type, &cost,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3748:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdl[strlen(pdl) - 1] = '\0'; /* Remove trailing comma */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3994:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"job-password-supported", (int)strlen(p->pc->password));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4852:109: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outUrl = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)outPath, (CFIndex)strlen(outPath), FALSE);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4853:117: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
icnsFileUrl = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)ppd_attr->value, (CFIndex)strlen(ppd_attr->value), FALSE);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4984:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strcmp(p->device_uri + strlen(p->device_uri) - 5, "/cups")))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:761:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:822:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.c:129:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(sb->fd, sb->buffer + sb->bufused, (size_t)(CUPSD_SB_BUFFER_SIZE - sb->bufused - 1))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/sysman.c:822:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read((int)SysEventPipes[0], &sysevent, sizeof(sysevent))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:202:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(command);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:210:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(infd, &status, 1) < 1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:291:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = (ssize_t)strlen(control);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:313:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(infd, command, 1) < 1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:339:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:355:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(infd, command, 1) < 1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:449:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = (ssize_t)strlen(command);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:458:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(infd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:492:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes = (ssize_t)strlen(command);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:501:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(infd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:121:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(argv[i], "%15[^/]/%255s", super, type);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:224:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(filter, "%15[^/]/%255s%*[ \t]%15[^/]/%255s%d%*[ \t]%1023[^\n]",
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:234:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(filter, "%15[^/]/%255s%d%*[ \t]%1023[^\n]", super, type, &cost,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:412:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(indent, "\t");
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:414:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent[strlen(indent) - 1] = '\0';
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:125:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
typelen = strlen(type) + 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:452:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length[0] = (int)strlen(value[0]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:388:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:425:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:431:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:93:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:122:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:144:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupsaccept.c:103:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupsaccept.c:126:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupsaccept.c:145:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:886:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ppd->product[strlen(ppd->product) - 1] != ')')
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:960:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ppd->shortnickname) > 31)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:1387:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ppd->pcfilename) > 12)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:1450:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(option->keyword);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:1459:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len < strlen(option2->keyword) &&
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:1536:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ppd->patches == NULL ? 0 : (int)strlen(ppd->patches));
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2358:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(attr->value, "%15[^/]/%255s%d%*[ \t]%1023[^\n]", super, type,
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2476:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(attr->value, "%15[^/]/%255s%*[ \t]%15[^/]/%255s%d%*[ \t]%1023[^\n]",
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2604:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(attr->value, "%15[^/]/%255s%d%*[ \t]%1023[^\n]", super, type,
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3269:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ppdlen = strlen(pwg_media->ppd);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3283:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ppdlen = strlen(buf);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3289:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlcat(buf, ".Fullbleed", sizeof(buf) - strlen(buf));
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3296:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);/* Length of full bleed name */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3375:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3388:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
altlen = strlen(altbuf);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3444:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
langlen = (int)strlen(language);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3552:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ckeyword + 1 + strlen(language),
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3584:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ckeyword + 1 + strlen(language),
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3601:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ckeyword + 1 + strlen(language),
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:106:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:128:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:175:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:195:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:215:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:268:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:296:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:319:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:360:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:379:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:399:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:442:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:463:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:482:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:618:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(bytes = read(0, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:105:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:147:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:184:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:205:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:274:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:294:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:314:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:361:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:409:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:432:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:451:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:481:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:514:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:545:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:577:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpinfo.c:200:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpmove.c:77:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:76:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:122:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:181:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:199:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:261:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:281:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:370:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:403:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = buffer + strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:451:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:464:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:122:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:141:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:171:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:207:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:282:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:296:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:324:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:347:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:437:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:456:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1485:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aptr += strlen(aptr);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1822:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aptr += strlen(aptr);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1942:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aptr += strlen(aptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:284:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1755:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cupsHashData("sha2-256", (unsigned char *)uuid_data, strlen(uuid_data), sha256, sizeof(sha256));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2614:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(infile, buffer, sizeof(buffer))) < 0 &&
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2824:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = s + (slen > 0 ? slen : strlen(s));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2978:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3010:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3074:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpWrite2(client->http, temp, strlen(temp));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3098:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpWrite2(client->http, temp, strlen(temp));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3107:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
httpWrite2(client->http, temp, strlen(temp));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3125:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
html_escape(client, s, strlen(s));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4825:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = device_id + strlen(device_id);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4846:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4859:110: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-input-tray", printer_input_tray_color[0], (int)strlen(printer_input_tray_color[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4861:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(attrs, &attr, i, printer_input_tray_color[i], (int)strlen(printer_input_tray_color[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4865:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-input-tray", printer_input_tray[0], (int)strlen(printer_input_tray[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4867:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(attrs, &attr, i, printer_input_tray[i], (int)strlen(printer_input_tray[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4883:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-supply", printer_supply_color[0], (int)strlen(printer_supply_color[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4885:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(attrs, &attr, i, printer_supply_color[i], (int)strlen(printer_supply_color[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4891:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-supply", printer_supply[0], (int)strlen(printer_supply[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4893:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(attrs, &attr, i, printer_supply[i], (int)strlen(printer_supply[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5521:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(attrs, &attr, i, input_tray, (int)strlen(input_tray));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5523:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-input-tray", input_tray, (int)strlen(input_tray));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5530:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-input-tray", printer_input_tray, (int)strlen(printer_input_tray));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5545:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-supply", printer_supply_color[0], (int)strlen(printer_supply_color[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5547:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(attrs, &attr, i, printer_supply_color[i], (int)strlen(printer_supply_color[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5553:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-supply", printer_supply[0], (int)strlen(printer_supply[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5555:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(attrs, &attr, i, printer_supply[i], (int)strlen(printer_supply[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5893:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6079:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6113:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6155:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6197:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6905:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(mypipe[0], endptr, sizeof(line) - (size_t)(endptr - line) - 1)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7178:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7193:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7237:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TXTRecordSetValue(&ipp_txt, "ty", (uint8_t)strlen(value), value);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7238:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TXTRecordSetValue(&ipp_txt, "adminurl", (uint8_t)strlen(adminurl), adminurl);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7240:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TXTRecordSetValue(&ipp_txt, "note", (uint8_t)strlen(value), value);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7241:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TXTRecordSetValue(&ipp_txt, "pdl", (uint8_t)strlen(formats), formats);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7245:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TXTRecordSetValue(&ipp_txt, "UUID", (uint8_t)strlen(value) - 9, value + 9);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7250:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TXTRecordSetValue(&ipp_txt, "URF", (uint8_t)strlen(urf), urf);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7388:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7412:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7478:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(message);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7880:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(printer->attrs, &input_tray, i, tray_str, (int)strlen(tray_str));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8238:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ippSetOctetString(printer->attrs, &supply, ippGetCount(supply), supply_text, (int)strlen(supply_text));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8240:107: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
supply = ippAddOctetString(printer->attrs, IPP_TAG_PRINTER, "printer-supply", supply_text, (int)strlen(supply_text));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:575:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(fd, buffer, sizeof(buffer));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:603:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(fd, buffer, sizeof(buffer))) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:625:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(fd, bufend, sizeof(buffer) - (size_t)bytes)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:656:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes = read(fd, buffer, sizeof(buffer))) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:756:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2026:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2335:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 1, count = ippGetCount(attr), ptr = preasons + strlen(preasons),
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2338:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i ++, ptr += strlen(ptr))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2591:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = service->host + strlen(service->host) - 1;
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2666:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = service->host + strlen(service->host) - 1;
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:447:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = name + strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:689:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep((useconds_t)interval);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:698:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep((useconds_t)interval);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:794:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr = ahost + strlen(ahost) - 1) > ahost && *ptr == '.')
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:797:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr = bhost + strlen(bhost) - 1) > bhost && *ptr == '.')
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1025:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(data->delay);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1263:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (status_message && strlen(status_message) > 255)
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1264:111: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_stringf(data->errors, "status-message (text(255)) has bad length %d (RFC 2911 section 3.1.6.2).", (int)strlen(status_message));
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1288:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (detailed_status_message && strlen(detailed_status_message) > 1023)
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1292:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(detailed_status_message));
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1751:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
widths[i] = strlen(data->displayed[i]);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2028:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*src == '<' && src[strlen(src) - 1] == '>')
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2035:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dstptr = dst + strlen(dst) - 1;
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2112:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = buffer + strlen(buffer) - 1;
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2150:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr = hostname + strlen(hostname) - 1) >= hostname && *ptr == '.')
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2290:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(tty, &key, 1);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2678:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_ippserver_string(data, s, strlen(s));
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3846:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = temp + strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3852:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3863:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3889:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = value + strlen(value) - 1;
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4889:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((withlen = (int)strlen(value)) & 1 || withlen > (int)(2 * (sizeof(withdata) + 1)))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4930:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
withlen = (int)strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:42:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:72:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define usleep(X) Sleep((X)/1000)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/engine.c:91:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stop = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:93:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subs[0].rm_eo = strlen(argv[optind]) - endoff;
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:145:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inbuf[strlen(inbuf)-1] = '\0'; /* get rid of stupid \n */
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:167:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(erbuf, badpat) != 0 || ne != strlen(badpat)+1) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:174:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ne != strlen(badpat)+1) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:180:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(erbuf, bpname) != 0 || ne != strlen(bpname)+1) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:191:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (ne != strlen(erbuf)+1) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:227:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
re.re_endp = (opts®_PEND) ? f0copy + strlen(f0copy) : NULL;
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:440:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sub.rm_eo > strlen(str)) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:447:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shlen = (int)strlen(should);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:467:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shlen = strlen(at);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:506:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(efbuf) < sizeof(efbuf));
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:111:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)pattern);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:745:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (u = cp->multis; *u != '\0'; u += strlen(u) + 1)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:1158:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cs->smultis += strlen(cp) + 1;
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:1182:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register size_t len = strlen(fp);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:1224:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = cs->multis; *p != '\0'; p += strlen(p) + 1)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:88:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(convbuf) < sizeof(convbuf));
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:94:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s) + 1;
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:99:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(errbuf, s, errbuf_size-1);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:173:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0'; /* stomp newline */
ANALYSIS SUMMARY:
Hits = 2946
Lines analyzed = 256691 in approximately 6.82 seconds (37612 lines/second)
Physical Source Lines of Code (SLOC) = 164287
Hits@level = [0] 2920 [1] 791 [2] 1685 [3] 250 [4] 213 [5] 7
Hits@level+ = [0+] 5866 [1+] 2946 [2+] 2155 [3+] 470 [4+] 220 [5+] 7
Hits/KSLOC@level+ = [0+] 35.7058 [1+] 17.932 [2+] 13.1173 [3+] 2.86085 [4+] 1.33912 [5+] 0.0426084
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.