Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/daemon-0.7/libslack/getopt.c Examining data/daemon-0.7/libslack/getopt.h Examining data/daemon-0.7/libslack/agent.c Examining data/daemon-0.7/libslack/agent.h Examining data/daemon-0.7/libslack/config.h Examining data/daemon-0.7/libslack/coproc.c Examining data/daemon-0.7/libslack/coproc.h Examining data/daemon-0.7/libslack/daemon.c Examining data/daemon-0.7/libslack/daemon.h Examining data/daemon-0.7/libslack/err.c Examining data/daemon-0.7/libslack/err.h Examining data/daemon-0.7/libslack/fio.c Examining data/daemon-0.7/libslack/fio.h Examining data/daemon-0.7/libslack/hdr.h Examining data/daemon-0.7/libslack/hsort.c Examining data/daemon-0.7/libslack/hsort.h Examining data/daemon-0.7/libslack/lib.h Examining data/daemon-0.7/libslack/lim.c Examining data/daemon-0.7/libslack/lim.h Examining data/daemon-0.7/libslack/link.c Examining data/daemon-0.7/libslack/link.h Examining data/daemon-0.7/libslack/list.c Examining data/daemon-0.7/libslack/list.h Examining data/daemon-0.7/libslack/locker.c Examining data/daemon-0.7/libslack/locker.h Examining data/daemon-0.7/libslack/map.c Examining data/daemon-0.7/libslack/map.h Examining data/daemon-0.7/libslack/mem.c Examining data/daemon-0.7/libslack/mem.h Examining data/daemon-0.7/libslack/msg.c Examining data/daemon-0.7/libslack/msg.h Examining data/daemon-0.7/libslack/net.c Examining data/daemon-0.7/libslack/net.h Examining data/daemon-0.7/libslack/prog.c Examining data/daemon-0.7/libslack/prog.h Examining data/daemon-0.7/libslack/prop.c Examining data/daemon-0.7/libslack/prop.h Examining data/daemon-0.7/libslack/pseudo.c Examining data/daemon-0.7/libslack/pseudo.h Examining data/daemon-0.7/libslack/sig.c Examining data/daemon-0.7/libslack/sig.h Examining data/daemon-0.7/libslack/snprintf.c Examining data/daemon-0.7/libslack/snprintf.h Examining data/daemon-0.7/libslack/socks.h Examining data/daemon-0.7/libslack/std.h Examining data/daemon-0.7/libslack/str.c Examining data/daemon-0.7/libslack/str.h Examining data/daemon-0.7/libslack/vsscanf.c Examining data/daemon-0.7/libslack/vsscanf.h Examining data/daemon-0.7/test/test13.daemon.c Examining data/daemon-0.7/test/test15.client.c Examining data/daemon-0.7/test/test5.client.c Examining data/daemon-0.7/test/test58.client.c Examining data/daemon-0.7/test/test6.client.c Examining data/daemon-0.7/test/test63.client.c Examining data/daemon-0.7/daemon.c FINAL RESULTS: data/daemon-0.7/libslack/daemon.c:425:8: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if (readlink(path, sym_linked, lim) == -1) data/daemon-0.7/libslack/pseudo.c:601:6: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(pty_device_name, (uid_t)0, (gid_t)0) == -1) data/daemon-0.7/libslack/pseudo.c:604:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(pty_device_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH) == -1) data/daemon-0.7/libslack/pseudo.c:646:7: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(pty_device_name, uid, gid) == -1) data/daemon-0.7/libslack/pseudo.c:651:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(pty_device_name, mode) == -1) data/daemon-0.7/daemon.c:3755:45: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (g.pidfiles && !g.running && !g.list && access(g.pidfiles, W_OK) == -1) data/daemon-0.7/daemon.c:3771:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(buf, W_OK) == -1) data/daemon-0.7/libslack/err.c:219:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:292:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:342:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:391:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:435:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:483:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:544:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:585:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:624:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:663:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:702:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/err.c:894:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, BUFSIZ, result, strerror(err)); data/daemon-0.7/libslack/msg.c:476:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(mesg, MSG_SIZE, format, args); data/daemon-0.7/libslack/net.c:817:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access, err = 0; data/daemon-0.7/libslack/net.c:823:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!(access & R_OK) && !(access & W_OK)) data/daemon-0.7/libslack/net.c:823:29: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!(access & R_OK) && !(access & W_OK)) data/daemon-0.7/libslack/net.c:3811:9: [4] (buffer) vsscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. return vsscanf(buf, format, args); data/daemon-0.7/libslack/net.c:3855:10: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. bytes = vsnprintf(buf, MSG_SIZE + 1, format, args); data/daemon-0.7/libslack/net.c:5799:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(a, 128, pformat, (cast_type) data1); \ data/daemon-0.7/libslack/net.c:5800:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(b, 128, pformat, (cast_type) data2); \ data/daemon-0.7/libslack/prog.c:1636:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msg_buf, MSG_SIZE, format, args); data/daemon-0.7/libslack/prog.c:2653:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(result_buf, BUFSIZ, result, prog_name, prog_name); data/daemon-0.7/libslack/snprintf.c:153:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. int sprintf(char *str, const char *format, ...); data/daemon-0.7/libslack/snprintf.c:155:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. int sprintf(); data/daemon-0.7/libslack/snprintf.c:232:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf(char *str, size_t size, const char *format, ...) data/daemon-0.7/libslack/snprintf.c:234:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf(str, size, format, va_alist) data/daemon-0.7/libslack/snprintf.c:248:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(str, size, format, args); data/daemon-0.7/libslack/snprintf.c:665:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(format, "%%%s%s%s%s%s%s.%d%s%s", data/daemon-0.7/libslack/snprintf.c:681:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(convert, format, fvalue); data/daemon-0.7/libslack/snprintf.c:683:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(convert, format, (double)fvalue); data/daemon-0.7/libslack/snprintf.c:696:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int vsnprintf(char *str, size_t size, const char *format, va_list args) data/daemon-0.7/libslack/snprintf.c:1915:31: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. int suppress_optimization = sprintf(valstr, (vfmt), (val)); \ data/daemon-0.7/libslack/snprintf.c:1919:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len1 = snprintf(buf1, sizeof(buf1), (format), (val)); \ data/daemon-0.7/libslack/snprintf.c:1920:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. len2 = sprintf(buf2, (format), (val)); \ data/daemon-0.7/libslack/snprintf.c:1932:31: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. int suppress_optimization = sprintf(valstr, (vfmt), (val)); \ data/daemon-0.7/libslack/snprintf.c:1936:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len1 = snprintf(buf1, sizeof(buf1), (format), (width), (precision), (val)); \ data/daemon-0.7/libslack/snprintf.c:1937:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. len2 = sprintf(buf2, (format), (width), (precision), (val)); \ data/daemon-0.7/libslack/snprintf.c:1949:31: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. int suppress_optimization = sprintf(valstr, (vfmt), (val)); \ data/daemon-0.7/libslack/snprintf.c:1953:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len1 = snprintf(buf1, sizeof(buf1), (format), (arg), (val)); \ data/daemon-0.7/libslack/snprintf.c:1954:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. len2 = sprintf(buf2, (format), (arg), (val)); \ data/daemon-0.7/libslack/snprintf.c:2305:18: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. TEST_SNPRINTF6(snprintf(NULL, 0, err_fmt[x]), err_fmt[x]) data/daemon-0.7/libslack/snprintf.h:31:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf(char *str, size_t size, const char *format, ...); data/daemon-0.7/libslack/snprintf.h:32:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int vsnprintf(char *str, size_t size, const char *format, va_list args); data/daemon-0.7/libslack/str.c:706:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(buf, size, format, args_copy); data/daemon-0.7/libslack/str.c:709:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(buf, size, format, args); data/daemon-0.7/libslack/str.c:7727:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(is_print(str[i]) ? "%c" : "\\%03o", (unsigned char)str[i]); data/daemon-0.7/libslack/vsscanf.c:143:5: [4] (buffer) vsscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. int vsscanf(const char *str, const char *format, va_list args) data/daemon-0.7/libslack/vsscanf.c:355:7: [4] (buffer) vsscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. rc = vsscanf(str, format, args); data/daemon-0.7/libslack/vsscanf.c:448:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. rc1 = sscanf(str, format, &s##var##1, &var##1, &l##var##1); \ data/daemon-0.7/libslack/vsscanf.c:460:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. rc1 = sscanf(str, format, b1, c1, s1); \ data/daemon-0.7/libslack/vsscanf.c:499:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. rc1 = sscanf(str, format); \ data/daemon-0.7/libslack/vsscanf.c:505:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. rc1 = sscanf(str, format, &var##1); \ data/daemon-0.7/libslack/vsscanf.h:30:5: [4] (buffer) vsscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. int vsscanf(const char *str, const char *format, va_list args); data/daemon-0.7/daemon.c:976:8: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. char *chroot; /* name of root directory to run under */ data/daemon-0.7/daemon.c:3457:5: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. g.chroot ? g.chroot : "<none>", data/daemon-0.7/daemon.c:3457:16: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. g.chroot ? g.chroot : "<none>", data/daemon-0.7/daemon.c:3632:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(path = getenv("PATH"))) data/daemon-0.7/daemon.c:4139:8: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (g.chroot) data/daemon-0.7/daemon.c:4141:28: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. debug((2, "chroot %s", g.chroot)) data/daemon-0.7/daemon.c:4143:15: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (chdir(g.chroot) == -1) data/daemon-0.7/daemon.c:4144:70: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. fatalsys("failed to change directory to new root directory %s", g.chroot); data/daemon-0.7/daemon.c:4146:7: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (chroot(g.chroot) == -1) data/daemon-0.7/daemon.c:4146:16: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (chroot(g.chroot) == -1) data/daemon-0.7/daemon.c:4147:56: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. fatalsys("failed to change root directory to %s", g.chroot); data/daemon-0.7/daemon.c:4150:83: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. fatalsys("failed to change directory to new root directory after chroot %s", g.chroot); data/daemon-0.7/libslack/coproc.c:190:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(path = getenv("PATH"))) data/daemon-0.7/libslack/coproc.c:837:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *path = getenv("PATH"); data/daemon-0.7/libslack/daemon.c:953:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((delay_var = getenv("DAEMON_INIT_EXIT_DELAY_MSEC")) && (delay_msec = atol(delay_var)) > 0) data/daemon-0.7/libslack/getopt.c:641:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #ifndef getenv data/daemon-0.7/libslack/getopt.c:642:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv (); data/daemon-0.7/libslack/getopt.c:834:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. posixly_correct = getenv ("POSIXLY_CORRECT"); data/daemon-0.7/libslack/getopt.c:1399:1: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt (argc, argv, optstring) data/daemon-0.7/libslack/getopt.c:1477:1: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt_long (argc, argv, options, long_options, opt_index) data/daemon-0.7/libslack/getopt.c:1533:11: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long (argc, argv, "abc:d:0123456789", data/daemon-0.7/libslack/getopt.h:133:12: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt (int __argc, char *const *__argv, const char *__shortopts); data/daemon-0.7/libslack/getopt.h:135:12: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt (); data/daemon-0.7/libslack/getopt.h:139:12: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt_long (int __argc, char *const *__argv, const char *__shortopts, data/daemon-0.7/libslack/getopt.h:152:12: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt (); data/daemon-0.7/libslack/getopt.h:154:12: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt_long (); data/daemon-0.7/libslack/map.c:2696:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(getpid() ^ time(NULL)); data/daemon-0.7/libslack/net.c:487:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((res_options = getenv("RES_OPTIONS")) && strstr(res_options, "inet6")) data/daemon-0.7/libslack/net.c:775:9: [3] (tmpfile) tmpnam: Temporary file race condition (CWE-377). if (!tmpnam(path)) data/daemon-0.7/libslack/net.c:5198:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((res_options = getenv("RES_OPTIONS")) && strstr(res_options, "inet6")) data/daemon-0.7/libslack/prog.c:2204:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. if ((rc = getopt_long(argc, argv, optstring, long_options, &longindex)) == EOF) data/daemon-0.7/daemon.c:974:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char userbuf[BUFSIZ]; /* buffer to store the user name */ data/daemon-0.7/daemon.c:975:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char groupbuf[BUFSIZ]; /* buffer to store the group name */ data/daemon-0.7/daemon.c:1019:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pty_device_name[PTY_DEVICE_NAME_SIZE]; /* pseudo terminal device name */ data/daemon-0.7/daemon.c:2092:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[512], *n = name; data/daemon-0.7/daemon.c:2093:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[4096], *o = options; data/daemon-0.7/daemon.c:2182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char explanation[256]; data/daemon-0.7/daemon.c:2732:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clientpid[32]; data/daemon-0.7/daemon.c:2743:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((clientpid_fd = open(clientpidfile, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)) == -1) data/daemon-0.7/daemon.c:2809:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/daemon.c:2821:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). clientpid_fd = open(clientpidfile, O_RDONLY); data/daemon-0.7/daemon.c:3084:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ + 1]; data/daemon-0.7/daemon.c:3535:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intbuf[256]; data/daemon-0.7/daemon.c:3548:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(cmd, O_RDONLY)) != -1) data/daemon-0.7/daemon.c:3603:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[512]; data/daemon-0.7/daemon.c:3795:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[BUFSIZ]; data/daemon-0.7/daemon.c:3843:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). anum = (unsigned int)atoi(numbuf); data/daemon-0.7/daemon.c:3851:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bnum = (unsigned int)atoi(numbuf); data/daemon-0.7/daemon.c:3896:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[64], buf[BUFSIZ]; data/daemon-0.7/daemon.c:3903:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(fname, O_RDONLY)) == -1) data/daemon-0.7/daemon.c:4356:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char explanation[256]; data/daemon-0.7/daemon.c:4478:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((g.client_outfd = open(g.client_out, flags, mode)) == -1) data/daemon-0.7/daemon.c:4486:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((g.client_errfd = open(g.client_err, flags, mode)) == -1) data/daemon-0.7/libslack/agent.c:2579:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/daemon-0.7/libslack/agent.c:2606:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/daemon-0.7/libslack/agent.c:2782:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/agent.c:3375:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int seconds = (av[2]) ? atoi(av[2]) : 10; data/daemon-0.7/libslack/agent.c:3429:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int days = (av[2]) ? atoi(av[2]) : 21; data/daemon-0.7/libslack/agent.c:3487:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int days = (av[2]) ? atoi(av[2]) : 21; data/daemon-0.7/libslack/coproc.c:165:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *shargv[4]; data/daemon-0.7/libslack/coproc.c:188:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[512]; data/daemon-0.7/libslack/coproc.c:875:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[2] = { "cat", NULL }; data/daemon-0.7/libslack/coproc.c:876:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv2[5] = { "arkleseizure", "a", "b", "c", NULL }; data/daemon-0.7/libslack/coproc.c:877:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/coproc.c:878:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pty_device_name[64]; data/daemon-0.7/libslack/coproc.c:1131:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("arkleseizure", O_WRONLY | O_CREAT, 0700)) == -1 || write(fd, "echo $*\n", 8) != 8 || close(fd) == -1) data/daemon-0.7/libslack/coproc.c:1170:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("arkleseizure", O_WRONLY | O_CREAT, 0700)) == -1 || write(fd, "echo $*\n", 8) != 8 || close(fd) == -1) data/daemon-0.7/libslack/coproc.c:1391:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("arkleseizure", O_WRONLY | O_CREAT, 0700)) == -1 || write(fd, "echo $*\n", 8) != 8 || close(fd) == -1) data/daemon-0.7/libslack/coproc.c:1429:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("arkleseizure", O_WRONLY | O_CREAT, 0700)) == -1 || write(fd, "echo $*\n", 8) != 8 || close(fd) == -1) data/daemon-0.7/libslack/daemon.c:530:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZ]; data/daemon-0.7/libslack/daemon.c:531:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/daemon.c:535:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(conf = fopen(path, "r"))) data/daemon-0.7/libslack/daemon.c:644:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((pid_fd = open(pidfile, O_RDWR | O_CREAT | O_EXCL, mode)) == -1) data/daemon-0.7/libslack/daemon.c:656:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((pid_fd = open(pidfile, O_RDWR)) == -1) data/daemon-0.7/libslack/daemon.c:736:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pid[32]; data/daemon-0.7/libslack/daemon.c:953:77: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((delay_var = getenv("DAEMON_INIT_EXIT_DELAY_MSEC")) && (delay_msec = atol(delay_var)) > 0) data/daemon-0.7/libslack/daemon.c:1032:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("/dev/null", O_RDWR)) == -1) data/daemon-0.7/libslack/daemon.c:1108:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/daemon.c:1125:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pid_fd = open(pidfile, O_RDONLY); data/daemon-0.7/libslack/daemon.c:1179:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((pid_fd = open(pidfile, O_RDONLY)) == -1) data/daemon-0.7/libslack/daemon.c:1234:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidbuf[32]; data/daemon-0.7/libslack/daemon.c:1259:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((pid_fd = open(pidfile, O_RDONLY)) == -1) data/daemon-0.7/libslack/daemon.c:1513:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *results[3][8]; data/daemon-0.7/libslack/daemon.c:1548:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(name, "w"); data/daemon-0.7/libslack/daemon.c:1567:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service[1024]; data/daemon-0.7/libslack/daemon.c:1568:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[1024]; data/daemon-0.7/libslack/daemon.c:1581:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen(name, "w"); data/daemon-0.7/libslack/daemon.c:1597:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char word[8][1024]; data/daemon-0.7/libslack/daemon.c:1829:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; \ data/daemon-0.7/libslack/daemon.c:1859:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(sym_linked, O_CREAT | O_EXCL, S_IRUSR | S_IWUSR)) == -1) data/daemon-0.7/libslack/err.c:218:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/err.c:291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE], prefix[32] = ""; data/daemon-0.7/libslack/err.c:341:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/err.c:390:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/err.c:434:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/err.c:480:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/err.c:542:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/err.c:583:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/err.c:622:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/err.c:661:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/err.c:700:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/err.c:860:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/err.c:864:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(name, O_RDONLY)) == -1) data/daemon-0.7/libslack/err.c:892:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/err.c:912:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/err.c:917:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *results[12] = data/daemon-0.7/libslack/fio.c:608:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_WRONLY | O_NONBLOCK)) == -1) data/daemon-0.7/libslack/fio.c:677:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((rfd = open(path, O_RDONLY | O_NONBLOCK)) == -1) data/daemon-0.7/libslack/fio.c:709:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((wfd = open(path, O_WRONLY)) == -1) data/daemon-0.7/libslack/fio.c:987:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZ]; data/daemon-0.7/libslack/fio.c:1046:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(file = fopen(filename, "wb"))) \ data/daemon-0.7/libslack/fio.c:1055:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(file = fopen(filename, "r"))) \ data/daemon-0.7/libslack/fio.c:1084:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_NONBLOCK, S_IRUSR | S_IWUSR)) == -1) data/daemon-0.7/libslack/fio.c:1088:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[12] = "0123456789\n"; data/daemon-0.7/libslack/fio.c:1098:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(filename, O_RDONLY | O_NONBLOCK)) == -1) data/daemon-0.7/libslack/getopt.c:408:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var[100]; data/daemon-0.7/libslack/getopt.c:414:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. cp = memcpy (&var[sizeof (var) - sizeof (envvar_tail)], envvar_tail, data/daemon-0.7/libslack/hsort.c:392:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *string[4]; data/daemon-0.7/libslack/list.c:3537:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char action_data[1024]; data/daemon-0.7/libslack/map.c:2349:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *words = fopen("/usr/dict/words", "r"); data/daemon-0.7/libslack/map.c:2350:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char word[BUFSIZ]; data/daemon-0.7/libslack/map.c:2775:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cat[BUFSIZ]; data/daemon-0.7/libslack/mem.c:409:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return memcpy(copy, str, size); data/daemon-0.7/libslack/msg.c:475:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[MSG_SIZE]; data/daemon-0.7/libslack/msg.c:668:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((data->fd = open(path, O_WRONLY | O_CREAT | O_APPEND, mode)) == -1) data/daemon-0.7/libslack/msg.c:733:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MSG_SIZE]; data/daemon-0.7/libslack/msg.c:1585:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fac[64], *pri; data/daemon-0.7/libslack/msg.c:1697:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MSG_SIZE]; data/daemon-0.7/libslack/msg.c:1701:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(name, O_RDONLY)) == -1) data/daemon-0.7/libslack/msg.c:1815:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/daemon-0.7/libslack/net.c:465:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in->sin_addr, addr, addrsize); data/daemon-0.7/libslack/net.c:475:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in6->sin6_addr, addr, addrsize); data/daemon-0.7/libslack/net.c:490:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((resolv_conf = fopen("/etc/resolv.conf", "r"))) data/daemon-0.7/libslack/net.c:492:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZ]; data/daemon-0.7/libslack/net.c:699:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, localaddr, localsize); data/daemon-0.7/libslack/net.c:774:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[L_tmpnam]; data/daemon-0.7/libslack/net.c:950:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, remoteaddr, remotesize); data/daemon-0.7/libslack/net.c:1183:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq->imr_multiaddr, &any->in.sin_addr, sizeof mreq->imr_multiaddr); data/daemon-0.7/libslack/net.c:1204:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq->imr_interface, &((sockaddr_in_t *)&ifreq->ifr_addr)->sin_addr, sizeof mreq->imr_multiaddr); data/daemon-0.7/libslack/net.c:1215:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq->ipv6mr_multiaddr, &any->in6.sin6_addr, sizeof mreq->ipv6mr_multiaddr); data/daemon-0.7/libslack/net.c:1263:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq->imr_multiaddr, &any->in.sin_addr, sizeof mreq->imr_multiaddr); data/daemon-0.7/libslack/net.c:1284:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq->imr_interface, &((sockaddr_in_t *)&ifreq->ifr_addr)->sin_addr, sizeof mreq->imr_interface); data/daemon-0.7/libslack/net.c:1295:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq->ipv6mr_multiaddr, &any->in6.sin6_addr, sizeof mreq->ipv6mr_multiaddr); data/daemon-0.7/libslack/net.c:1367:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&inaddr, &((sockaddr_in_t *)&ifreq->ifr_addr)->sin_addr, sizeof inaddr); data/daemon-0.7/libslack/net.c:2232:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iface->addr, &ifr->ifr_addr, size); data/daemon-0.7/libslack/net.c:2247:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iface->hwaddr, &ifrcopy->ifr_hwaddr, sizeof(sockaddr_t)); data/daemon-0.7/libslack/net.c:2272:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iface->brdaddr, &ifrcopy->ifr_broadaddr, size); data/daemon-0.7/libslack/net.c:2297:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iface->dstaddr, &ifrcopy->ifr_dstaddr, size); data/daemon-0.7/libslack/net.c:2745:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MSG_SIZE]; data/daemon-0.7/libslack/net.c:2799:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MSG_SIZE]; data/daemon-0.7/libslack/net.c:2857:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MSG_SIZE]; data/daemon-0.7/libslack/net.c:2912:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MSG_SIZE]; data/daemon-0.7/libslack/net.c:3056:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/daemon-0.7/libslack/net.c:3076:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, data, count); data/daemon-0.7/libslack/net.c:3092:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, data, len); data/daemon-0.7/libslack/net.c:3260:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, tmp, len); data/daemon-0.7/libslack/net.c:3438:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, p, count); data/daemon-0.7/libslack/net.c:3455:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, p, len); data/daemon-0.7/libslack/net.c:3800:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MSG_SIZE + 1]; data/daemon-0.7/libslack/net.c:3852:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MSG_SIZE + 1]; data/daemon-0.7/libslack/net.c:3911:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(int))]; data/daemon-0.7/libslack/net.c:3988:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(int))]; data/daemon-0.7/libslack/net.c:4102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(struct ucred))]; data/daemon-0.7/libslack/net.c:4134:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cred, CMSG_DATA(cmsg), sizeof(struct ucred)); data/daemon-0.7/libslack/net.c:5201:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((resolv_conf = fopen("/etc/resolv.conf", "r"))) data/daemon-0.7/libslack/net.c:5203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZ]; data/daemon-0.7/libslack/net.c:5255:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkt[1024]; data/daemon-0.7/libslack/net.c:5256:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tstmem[1024]; data/daemon-0.7/libslack/net.c:5267:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pkt_cmp[1024] = data/daemon-0.7/libslack/net.c:5283:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char lpkt_cmp[16] = data/daemon-0.7/libslack/net.c:5322:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:5349:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:5385:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:5408:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:5452:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:5479:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:5517:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:5540:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:5798:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[128], b[128]; \ data/daemon-0.7/libslack/net.c:6322:108: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ++errors, printf("Test%d: unpack(%s, trunc) failed (%s[%d] == %d, not %d)\n", i, format, #format, len, ((char *)data1)[len], 0); data/daemon-0.7/libslack/net.c:6353:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:6378:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:6416:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netz[5]; data/daemon-0.7/libslack/net.c:6442:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netz[5]; data/daemon-0.7/libslack/net.c:6471:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[128]; data/daemon-0.7/libslack/net.c:6536:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[BUFSIZ]; data/daemon-0.7/libslack/net.c:6576:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(pass, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)) == -1 || write(fd, text, strlen(text)) == -1 || close(fd) == -1) data/daemon-0.7/libslack/net.c:6578:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = open(pass, O_RDONLY)) == -1) data/daemon-0.7/libslack/net.c:6634:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[BUFSIZ], ack; data/daemon-0.7/libslack/net.c:6664:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[BUFSIZ]; data/daemon-0.7/libslack/net.c:6728:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[12]; data/daemon-0.7/libslack/net.c:6829:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:6906:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[12]; data/daemon-0.7/libslack/net.c:7003:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:7112:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:7224:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:7257:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:7302:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.c:7334:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test[4]; data/daemon-0.7/libslack/net.h:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[IFNAMSIZ]; /* network interface name, null terminated */ data/daemon-0.7/libslack/prog.c:1588:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[256] = ""; data/daemon-0.7/libslack/prog.c:1631:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buf[MSG_SIZE]; data/daemon-0.7/libslack/prog.c:1632:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opt_buf[MSG_SIZE]; data/daemon-0.7/libslack/prog.c:1676:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MSG_SIZE]; data/daemon-0.7/libslack/prog.c:1770:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MSG_SIZE]; data/daemon-0.7/libslack/prog.c:2223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char optname[256]; data/daemon-0.7/libslack/prog.c:2335:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char help[BUFSIZ]; data/daemon-0.7/libslack/prog.c:2630:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/prog.c:2631:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_buf[BUFSIZ]; data/daemon-0.7/libslack/prog.c:2636:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(name, O_RDONLY)) == -1) data/daemon-0.7/libslack/prog.c:2711:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/prog.c:2732:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_name[32]; data/daemon-0.7/libslack/prog.c:2733:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err_name[32]; data/daemon-0.7/libslack/prog.c:2736:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[3][4] = data/daemon-0.7/libslack/prog.c:2742:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *results[3][2] = data/daemon-0.7/libslack/prop.c:686:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/daemon-0.7/libslack/prop.c:743:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/daemon-0.7/libslack/prop.c:784:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/daemon-0.7/libslack/prop.c:993:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(path, "w"); data/daemon-0.7/libslack/pseudo.c:199:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *group = fopen("/etc/group", "r"); data/daemon-0.7/libslack/pseudo.c:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZ], *gid; data/daemon-0.7/libslack/pseudo.c:208:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ret = atoi(gid + 1); data/daemon-0.7/libslack/pseudo.c:221:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *passwd = fopen("/etc/passwd", "r"); data/daemon-0.7/libslack/pseudo.c:222:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZ], *ptr; data/daemon-0.7/libslack/pseudo.c:228:4: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(ptr + 1) == (int)uid && (ptr = strchr(ptr + 1, ':'))) data/daemon-0.7/libslack/pseudo.c:230:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ret = atoi(ptr + 1); data/daemon-0.7/libslack/pseudo.c:249:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *name = buf; data/daemon-0.7/libslack/pseudo.c:318:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*pty_process_fd = open(pty_device_name, O_RDWR | O_NOCTTY)) == -1) data/daemon-0.7/libslack/pseudo.c:333:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *name = buf; data/daemon-0.7/libslack/pseudo.c:344:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*pty_user_fd = open("/dev/ptmx", O_RDWR | O_NOCTTY)) == -1) data/daemon-0.7/libslack/pseudo.c:389:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*pty_process_fd = open(pty_device_name, O_RDWR | O_NOCTTY)) == -1) data/daemon-0.7/libslack/pseudo.c:432:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *name = buf; data/daemon-0.7/libslack/pseudo.c:443:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*pty_user_fd = open("/dev/ptc", O_RDWR | O_NOCTTY)) == -1) data/daemon-0.7/libslack/pseudo.c:472:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*pty_process_fd = open(name, O_RDWR | O_NOCTTY)) == -1) data/daemon-0.7/libslack/pseudo.c:485:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/daemon-0.7/libslack/pseudo.c:498:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*pty_user_fd = open(buf, O_RDWR | O_NOCTTY)) == -1) data/daemon-0.7/libslack/pseudo.c:504:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*pty_user_fd = open(buf, O_RDWR | O_NOCTTY)) == -1) data/daemon-0.7/libslack/pseudo.c:514:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*pty_process_fd = open(pty_device_name, O_RDWR | O_NOCTTY)) == -1) data/daemon-0.7/libslack/pseudo.c:685:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(PATH_TTY, O_RDWR | O_NOCTTY)) >= 0) data/daemon-0.7/libslack/pseudo.c:699:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(PATH_TTY, O_RDWR | O_NOCTTY)) >= 0) data/daemon-0.7/libslack/pseudo.c:720:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(pty_device_name, O_RDWR)) >= 0) data/daemon-0.7/libslack/pseudo.c:731:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(PATH_TTY, O_RDWR)) == -1) data/daemon-0.7/libslack/pseudo.c:1129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pty_device_name[64]; data/daemon-0.7/libslack/sig.c:432:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * const results[3] = data/daemon-0.7/libslack/sig.c:457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[BUFSIZ]; data/daemon-0.7/libslack/sig.c:496:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/sig.c:501:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(name, O_RDONLY)) == -1) data/daemon-0.7/libslack/snprintf.c:372:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char convert[22]; data/daemon-0.7/libslack/snprintf.c:610:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512], *convert = buf, *p; data/daemon-0.7/libslack/snprintf.c:611:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[1 + 5 + 20 + 1 + 20 + 1 + 1 + 1]; data/daemon-0.7/libslack/snprintf.c:612:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char widstr[21]; data/daemon-0.7/libslack/snprintf.c:664:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(widstr, "%d", width); data/daemon-0.7/libslack/snprintf.c:1872:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[LONG_STRING]; data/daemon-0.7/libslack/snprintf.c:1873:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[LONG_STRING]; data/daemon-0.7/libslack/snprintf.c:1914:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valstr[1024]; \ data/daemon-0.7/libslack/snprintf.c:1931:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valstr[1024]; \ data/daemon-0.7/libslack/snprintf.c:1948:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valstr[1024]; \ data/daemon-0.7/libslack/str.c:833:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/libslack/str.c:1524:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->str + index, src->str, length); data/daemon-0.7/libslack/str.c:1925:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->str + index, src->str, length); data/daemon-0.7/libslack/str.c:2033:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret->str, str->str + index, range); data/daemon-0.7/libslack/str.c:2093:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret->str, str + index, range); data/daemon-0.7/libslack/str.c:2686:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xfrom[CHARSET], xto[CHARSET]; data/daemon-0.7/libslack/str.c:2718:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[CHARSET]; data/daemon-0.7/libslack/str.c:2724:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xfrom, tmp, xf - tmp); data/daemon-0.7/libslack/str.c:4597:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union { char c[4]; int i; } soundex; data/daemon-0.7/libslack/str.c:8072:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tst[BUFSIZ], *t; data/daemon-0.7/libslack/str.c:8205:32: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ACT((test_num), stream = fopen(testfile, "wb")) \ data/daemon-0.7/libslack/str.c:8213:33: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ACT((test_num), stream = fopen(testfile, "r")) \ data/daemon-0.7/libslack/str.c:8252:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ACT(20, stream = fopen(testfile, "wb")) data/daemon-0.7/libslack/str.c:8257:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TEST_ACT(20, stream = fopen(testfile, "rb")) data/daemon-0.7/libslack/vsscanf.c:186:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[513]; data/daemon-0.7/libslack/vsscanf.c:230:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[513]; data/daemon-0.7/libslack/vsscanf.c:370:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[128], b2[128]; data/daemon-0.7/libslack/vsscanf.c:371:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c1[128], c2[128]; data/daemon-0.7/libslack/vsscanf.c:372:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[128], s2[128]; data/daemon-0.7/libslack/vsscanf.c:379:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[512]; data/daemon-0.7/libslack/vsscanf.c:392:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, " abc -12 37 101 3.4e-1 12.34 102.23 xyz %p def ghi jkl %% ", data/daemon-0.7/test/test13.daemon.c:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/daemon-0.7/daemon.c:979:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mode_t umask; /* set umask to this */ data/daemon-0.7/daemon.c:1143:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(spec, ACCEPT_NAME) != strlen(spec)) data/daemon-0.7/daemon.c:1163:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(spec, ACCEPT_PATH) != strlen(spec)) data/daemon-0.7/daemon.c:1193:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(spec, ACCEPT_PATH) != strlen(spec)) data/daemon-0.7/daemon.c:2032:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(tok) + 3; data/daemon-0.7/daemon.c:2316:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(pwd->pw_dir) + 1 + sizeof(CONFIG_PATH_USER) + 1; data/daemon-0.7/daemon.c:2690:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = ((*name == PATH_SEP) ? strlen(name) : sizeof(pid_dir) + 1 + strlen(name) + strlen(suffix)) + 1; data/daemon-0.7/daemon.c:2690:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = ((*name == PATH_SEP) ? strlen(name) : sizeof(pid_dir) + 1 + strlen(name) + strlen(suffix)) + 1; data/daemon-0.7/daemon.c:2690:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = ((*name == PATH_SEP) ? strlen(name) : sizeof(pid_dir) + 1 + strlen(name) + strlen(suffix)) + 1; data/daemon-0.7/daemon.c:2705:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pidfile); data/daemon-0.7/daemon.c:2753:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(clientpid_fd, clientpid, strlen(clientpid)) != strlen(clientpid)) data/daemon-0.7/daemon.c:2753:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(clientpid_fd, clientpid, strlen(clientpid)) != strlen(clientpid)) data/daemon-0.7/daemon.c:2829:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = read(clientpid_fd, buf, BUFSIZ); data/daemon-0.7/daemon.c:3182:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((n = read(g.out, buf, BUFSIZ)) > 0) data/daemon-0.7/daemon.c:3243:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((n = read(g.err, buf, BUFSIZ)) > 0) data/daemon-0.7/daemon.c:3304:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((n = read(g.pty_user_fd, buf, BUFSIZ)) > 0) data/daemon-0.7/daemon.c:3359:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((n = read(STDIN_FILENO, buf, BUFSIZ)) > 0) data/daemon-0.7/daemon.c:3459:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). g.umask, data/daemon-0.7/daemon.c:3550:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = read(fd, intbuf, 256); data/daemon-0.7/daemon.c:3640:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f = s + strlen(s); data/daemon-0.7/daemon.c:3810:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). la = strlen(a); data/daemon-0.7/daemon.c:3811:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lb = strlen(b); data/daemon-0.7/daemon.c:3906:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = read(fd, buf, BUFSIZ); data/daemon-0.7/daemon.c:3949:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(entry->d_name); data/daemon-0.7/daemon.c:4202:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(g.pidfiles) + 1 + strlen(g.name) + strlen(suffix) + 1; data/daemon-0.7/daemon.c:4202:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(g.pidfiles) + 1 + strlen(g.name) + strlen(suffix) + 1; data/daemon-0.7/daemon.c:4202:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(g.pidfiles) + 1 + strlen(g.name) + strlen(suffix) + 1; data/daemon-0.7/daemon.c:4415:37: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). debug((2, "setting umask to %o", g.umask)) data/daemon-0.7/daemon.c:4417:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(g.umask); data/daemon-0.7/daemon.c:4417:10: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(g.umask); data/daemon-0.7/libslack/agent.c:2582:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((rc = read(fd, buf, 1)) == -1) data/daemon-0.7/libslack/agent.c:2785:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((bytes = read(fd, buf, BUFSIZ)) == -1) data/daemon-0.7/libslack/coproc.c:196:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f = s + strlen(s); data/daemon-0.7/libslack/coproc.c:902:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:911:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:920:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:929:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 0) data/daemon-0.7/libslack/coproc.c:963:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:972:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:981:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:990:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 0) data/daemon-0.7/libslack/coproc.c:1024:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:1033:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:1042:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:1051:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 0) data/daemon-0.7/libslack/coproc.c:1085:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:1094:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:1103:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 4) data/daemon-0.7/libslack/coproc.c:1112:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, 4)) != 0) data/daemon-0.7/libslack/coproc.c:1142:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, BUFSIZ)) != 6) data/daemon-0.7/libslack/coproc.c:1151:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, BUFSIZ)) != 0) data/daemon-0.7/libslack/coproc.c:1181:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, BUFSIZ)) != 6) data/daemon-0.7/libslack/coproc.c:1190:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(from, buf, BUFSIZ)) != 0) data/daemon-0.7/libslack/coproc.c:1253:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 5) data/daemon-0.7/libslack/coproc.c:1264:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 5) data/daemon-0.7/libslack/coproc.c:1275:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 5) data/daemon-0.7/libslack/coproc.c:1301:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 5) data/daemon-0.7/libslack/coproc.c:1312:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 5) data/daemon-0.7/libslack/coproc.c:1323:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 5) data/daemon-0.7/libslack/coproc.c:1349:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 5) data/daemon-0.7/libslack/coproc.c:1360:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 5) data/daemon-0.7/libslack/coproc.c:1371:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 5) data/daemon-0.7/libslack/coproc.c:1399:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 7) data/daemon-0.7/libslack/coproc.c:1409:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 0) data/daemon-0.7/libslack/coproc.c:1437:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 7) data/daemon-0.7/libslack/coproc.c:1447:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((bytes = read(pty_user_fd, buf, BUFSIZ)) != 0) data/daemon-0.7/libslack/daemon.c:302:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cwd_len = strlen(cwd); data/daemon-0.7/libslack/daemon.c:303:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cwd_len + 1 + strlen(path) >= lim) data/daemon-0.7/libslack/daemon.c:326:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path_len = strlen(abs_path); data/daemon-0.7/libslack/daemon.c:406:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (sep = path + strlen(path); sep; sep = strrchr(path, PATH_SEP)) data/daemon-0.7/libslack/daemon.c:552:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = start + strlen(start); data/daemon-0.7/libslack/daemon.c:569:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(line); data/daemon-0.7/libslack/daemon.c:609:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = ((*name == PATH_SEP) ? strlen(name) : sizeof(pid_dir) + 1 + strlen(name) + strlen(suffix)) + 1; data/daemon-0.7/libslack/daemon.c:609:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = ((*name == PATH_SEP) ? strlen(name) : sizeof(pid_dir) + 1 + strlen(name) + strlen(suffix)) + 1; data/daemon-0.7/libslack/daemon.c:609:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = ((*name == PATH_SEP) ? strlen(name) : sizeof(pid_dir) + 1 + strlen(name) + strlen(suffix)) + 1; data/daemon-0.7/libslack/daemon.c:761:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(pid_fd, pid, strlen(pid)) != strlen(pid)) data/daemon-0.7/libslack/daemon.c:761:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(pid_fd, pid, strlen(pid)) != strlen(pid)) data/daemon-0.7/libslack/daemon.c:984:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0); data/daemon-0.7/libslack/daemon.c:1133:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = read(pid_fd, buf, BUFSIZ); data/daemon-0.7/libslack/daemon.c:1267:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((bytes = read(pid_fd, pidbuf, 32)) <= 0) data/daemon-0.7/libslack/daemon.c:1570:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "%1023s %1023s", service, port) != 2) data/daemon-0.7/libslack/daemon.c:1600:10: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. words = sscanf(line, "%1023s %1023s %1023s %1023s %1023s %1023s %1023s %1023s", word[0], word[1], word[2], word[3], word[4], word[5], word[6], word[7]); data/daemon-0.7/libslack/daemon.c:1840:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (rc == 0 && strcmp(buf + strlen(buf) - strlen(explanation), explanation)) \ data/daemon-0.7/libslack/daemon.c:1840:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (rc == 0 && strcmp(buf + strlen(buf) - strlen(explanation), explanation)) \ data/daemon-0.7/libslack/daemon.c:1906:11: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mask = umask((mode_t)0); data/daemon-0.7/libslack/daemon.c:1929:4: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(mask); data/daemon-0.7/libslack/daemon.c:1934:10: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mask = umask((mode_t)0); data/daemon-0.7/libslack/daemon.c:1962:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(mask); data/daemon-0.7/libslack/err.c:871:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = read(fd, buf, BUFSIZ); data/daemon-0.7/libslack/fio.c:92:31: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define getc_unlocked(stream) getc(stream) data/daemon-0.7/libslack/fio.c:1000:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0); data/daemon-0.7/libslack/fio.c:1050:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fwrite((contents), 1, strlen(contents), file) != strlen(contents)) \ data/daemon-0.7/libslack/fio.c:1050:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fwrite((contents), 1, strlen(contents), file) != strlen(contents)) \ data/daemon-0.7/libslack/fio.c:1102:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (read(fd, buf, 11) != 11) data/daemon-0.7/libslack/getopt.c:664:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # if (!defined __STDC__ || !__STDC__) && !defined strlen data/daemon-0.7/libslack/getopt.c:667:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extern int strlen (const char *); data/daemon-0.7/libslack/getopt.c:865:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nonoption_flags_max_len = strlen (orig_str); data/daemon-0.7/libslack/getopt.c:1086:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). == (unsigned int) strlen (p->name)) data/daemon-0.7/libslack/getopt.c:1110:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen (nextchar); data/daemon-0.7/libslack/getopt.c:1142:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen (nextchar); data/daemon-0.7/libslack/getopt.c:1158:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen (nextchar); data/daemon-0.7/libslack/getopt.c:1163:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen (nextchar); data/daemon-0.7/libslack/getopt.c:1274:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((unsigned int) (nameend - nextchar) == strlen (p->name)) data/daemon-0.7/libslack/getopt.c:1297:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen (nextchar); data/daemon-0.7/libslack/getopt.c:1317:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen (nextchar); data/daemon-0.7/libslack/getopt.c:1331:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen (nextchar); data/daemon-0.7/libslack/getopt.c:1335:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen (nextchar); data/daemon-0.7/libslack/list.c:3613:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(length[RD], &ack, 1) == -1 && errno == EINTR) data/daemon-0.7/libslack/list.c:3756:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(barrier[RD], &ack, 1) == -1 && errno == EINTR) data/daemon-0.7/libslack/map.c:2418:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(cat); data/daemon-0.7/libslack/map.c:2530:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(size[RD], &ack, 1) == -1 && errno == EINTR) data/daemon-0.7/libslack/map.c:2717:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(barrier[RD], &ack, 1) == -1 && errno == EINTR) data/daemon-0.7/libslack/mem.c:406:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(copy = mem_create(size = strlen(str) + 1, char))) data/daemon-0.7/libslack/msg.c:477:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst->out(dst->data, mesg, strlen(mesg)); data/daemon-0.7/libslack/msg.c:753:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buf); data/daemon-0.7/libslack/msg.c:1708:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = read(fd, buf, MSG_SIZE); data/daemon-0.7/libslack/msg.c:1804:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filtered_mesglen = prefix_filter(&filtered_mesg, mesg, strlen(mesg)); data/daemon-0.7/libslack/net.c:604:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!service || *service != '/' || !service[1] || strlen(service) >= sizeof localany.un.sun_path) data/daemon-0.7/libslack/net.c:856:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!service || *service != '/' || !service[1] || strlen(service) >= sizeof remoteany.un.sun_path) data/daemon-0.7/libslack/net.c:3089:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(data); data/daemon-0.7/libslack/net.c:3257:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp) + 1; data/daemon-0.7/libslack/net.c:3711:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((bytes = read(sockfd, b, count)) == -1) data/daemon-0.7/libslack/net.c:3806:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((bytes = read(sockfd, buf, MSG_SIZE)) <= 0) data/daemon-0.7/libslack/net.c:5325:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read_timeout(s, 5, 0) == -1 || (bytes = read(s, test, 4)) == -1) data/daemon-0.7/libslack/net.c:5353:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (read_timeout(client, 5, 0) == -1 || read(client, test, 4) == -1) data/daemon-0.7/libslack/net.c:5455:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read_timeout(s, 5, 0) == -1 || (bytes = read(s, test, 4)) == -1) data/daemon-0.7/libslack/net.c:5483:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (read_timeout(client, 5, 0) == -1 || read(client, test, 4) == -1) data/daemon-0.7/libslack/net.c:5585:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(z) + 1, z, data/daemon-0.7/libslack/net.c:5586:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(b), b, data/daemon-0.7/libslack/net.c:5587:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(h), h, data/daemon-0.7/libslack/net.c:5604:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). z2 = malloc(strlen(z) + 1); data/daemon-0.7/libslack/net.c:5605:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b2 = malloc(strlen(b) + 1); data/daemon-0.7/libslack/net.c:5606:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h2 = malloc(strlen(h) + 1); data/daemon-0.7/libslack/net.c:5612:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(z) + 1, z2, data/daemon-0.7/libslack/net.c:5613:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(b), b2, data/daemon-0.7/libslack/net.c:5614:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(h), h2, data/daemon-0.7/libslack/net.c:5676:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset(z2, 0, strlen(z) + 1); data/daemon-0.7/libslack/net.c:5688:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(z) + 1, z2, data/daemon-0.7/libslack/net.c:5689:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(b), NULL, data/daemon-0.7/libslack/net.c:5690:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(h), NULL, data/daemon-0.7/libslack/net.c:5875:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). z2 = malloc(strlen(z) + 1); data/daemon-0.7/libslack/net.c:5876:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b2 = malloc(strlen(b) + 1); data/daemon-0.7/libslack/net.c:5877:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h2 = malloc(strlen(h) + 1); data/daemon-0.7/libslack/net.c:6542:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (bytes != strlen(text)) data/daemon-0.7/libslack/net.c:6543:119: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ++errors, printf("Test522: recvfd(s, test, BUFSIZ, 0, &fd) failed (read %d bytes, not %d bytes)\n", bytes, (int)strlen(text)); data/daemon-0.7/libslack/net.c:6544:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (memcmp(test, text, strlen(text))) data/daemon-0.7/libslack/net.c:6548:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (read_timeout(fd, 5, 0) == -1 || (bytes = read(fd, test, BUFSIZ)) == -1) data/daemon-0.7/libslack/net.c:6550:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (bytes != strlen(text)) data/daemon-0.7/libslack/net.c:6551:119: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ++errors, printf("Test526: recvfd(s, test, BUFSIZ, 0, &fd) failed (read %d bytes, not %d bytes)\n", bytes, (int)strlen(text)); data/daemon-0.7/libslack/net.c:6552:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (memcmp(test, text, strlen(text))) data/daemon-0.7/libslack/net.c:6576:92: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((fd = open(pass, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)) == -1 || write(fd, text, strlen(text)) == -1 || close(fd) == -1) data/daemon-0.7/libslack/net.c:6580:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (write_timeout(client, 5, 0) == -1 || sendfd(client, text, strlen(text), 0, fd) == -1) data/daemon-0.7/libslack/net.c:6581:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ++errors, printf("Test532: sendfd(client, text, %d, fd) failed (%s)\n", (int)strlen(text), strerror(errno)); data/daemon-0.7/libslack/net.c:6640:49: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read_timeout(sync[RD], 5, 0) == -1 || read(sync[RD], &ack, 1) != 1) data/daemon-0.7/libslack/net.c:6642:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (write_timeout(server, 5, 0) == -1 || send(server, test, strlen(test), 0) == -1) data/daemon-0.7/libslack/net.c:7115:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read_timeout(s, 5, 0) == -1 || (bytes = read(s, test, 4)) == -1) data/daemon-0.7/libslack/net.c:7119:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (read_timeout(s, 5, 0) == -1 || (bytes = read(s, test, 4)) == -1) data/daemon-0.7/libslack/net.c:7123:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (read_timeout(s, 5, 0) == -1 || (bytes = read(s, test, 4)) == -1) data/daemon-0.7/libslack/net.c:7127:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (read_timeout(s, 5, 0) == -1 || (bytes = read(s, test, 4)) == -1) data/daemon-0.7/libslack/net.c:7131:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (read_timeout(s, 5, 0) == -1 || (bytes = read(s, test, 4)) == -1) data/daemon-0.7/libslack/net.c:7261:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (read_timeout(client, 5, 0) == -1 || read(client, test, 4) == -1) data/daemon-0.7/libslack/prog.c:1645:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg_length = strlen(msg_buf); data/daemon-0.7/libslack/prog.c:1689:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:1691:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:1697:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:1703:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:1709:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:1715:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:1721:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:1727:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:1733:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:1739:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:1745:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:2277:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t indent_width = strlen(indent); data/daemon-0.7/libslack/prog.c:2279:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t leader_width = strlen(leader); data/daemon-0.7/libslack/prog.c:2296:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t width = strlen(opt->name); data/daemon-0.7/libslack/prog.c:2300:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width += 1 + strlen(opt->argname); data/daemon-0.7/libslack/prog.c:2330:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:2351:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). help_length = strlen(help); data/daemon-0.7/libslack/prog.c:2363:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). help_length = strlen(help); data/daemon-0.7/libslack/prog.c:2367:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). help_length = strlen(help); data/daemon-0.7/libslack/prog.c:2372:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (desc = opt->desc; (desc_length = strlen(desc)) > remainder; desc = next) data/daemon-0.7/libslack/prog.c:2378:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). help_length = strlen(help); data/daemon-0.7/libslack/prog.c:2409:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). help_length = strlen(help); data/daemon-0.7/libslack/prog.c:2426:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). help_length = strlen(help); data/daemon-0.7/libslack/prog.c:2435:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buf); data/daemon-0.7/libslack/prog.c:2643:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = read(fd, buf, BUFSIZ); data/daemon-0.7/libslack/prop.c:285:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return g.home = (home && strlen(home)) ? mem_strdup(home) : NULL; data/daemon-0.7/libslack/prop.c:793:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(prop, " %127s ", buf)) data/daemon-0.7/libslack/prop.c:989:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path); data/daemon-0.7/libslack/prop.c:1256:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (home && strlen(home)) ? home : NULL; data/daemon-0.7/libslack/prop.c:1313:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path); data/daemon-0.7/libslack/pseudo.c:483:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int num_minors = strlen(ptyminors); data/daemon-0.7/libslack/pseudo.c:484:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int num_ptys = strlen(ptymajors) * num_minors; data/daemon-0.7/libslack/sig.c:468:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((n = read(STDIN_FILENO, mesg, BUFSIZ)) > 0) data/daemon-0.7/libslack/sig.c:508:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes = read(fd, buf, BUFSIZ); data/daemon-0.7/libslack/sig.c:518:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg1_length = strlen(msg1); data/daemon-0.7/libslack/sig.c:601:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). do { rc = read(sync2[0], &ack, 1); } while (rc == -1 && errno == EINTR); data/daemon-0.7/libslack/sig.c:618:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(sync1[0], &ack, 1); data/daemon-0.7/libslack/socks.h:42:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define read SOCKS_PREFIX ## read data/daemon-0.7/libslack/socks.h:42:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define read SOCKS_PREFIX ## read data/daemon-0.7/libslack/str.c:387:31: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define getc_unlocked(stream) getc(stream) data/daemon-0.7/libslack/str.c:1198:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str->length = strlen(str->str) + 1; data/daemon-0.7/libslack/str.c:2076:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str) + 1; data/daemon-0.7/libslack/str.c:4724:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/daemon-0.7/libslack/str.c:4813:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/daemon-0.7/libslack/str.c:4896:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/daemon-0.7/libslack/str.c:5711:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return do_encode_with_locker(locker, str, strlen(str), uncoded, coded, quote_char, printable); data/daemon-0.7/libslack/str.c:5745:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return do_decode_with_locker(locker, str, strlen(str), uncoded, coded, quote_char, printable); data/daemon-0.7/libslack/str.c:7796:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(length[RD], &ack, 1) == -1 && errno == EINTR) data/daemon-0.7/libslack/str.c:8054:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(barrier[RD], &ack, 1) == -1 && errno == EINTR) data/daemon-0.7/libslack/str.c:8123:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) != (length)) \ data/daemon-0.7/libslack/str.c:8124:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ++errors, printf("Test%d: %s failed: length %u (not %u)\n", (i), (#action), (unsigned int)strlen(str), (unsigned int)(length)); data/daemon-0.7/libslack/str.c:8726:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_print(str, strlen(str)); \ data/daemon-0.7/libslack/str.c:8728:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_print(delim, strlen(delim)); \ data/daemon-0.7/libslack/str.c:9017:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CHECK_STR((i), str_unquote(quoted(str), quotable, quote_char), c, strlen(str), str) \ data/daemon-0.7/libslack/str.c:9026:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CHECK_STR((i), unquote(quoted(str), quotable, quote_char), b, strlen(str), str) \ data/daemon-0.7/libslack/str.c:9050:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CHECK_STR((i), str_decode(encoded(str), uncoded, coded, quote_char, printabtle), c, strlen(str), str) \ data/daemon-0.7/libslack/str.c:9059:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CHECK_STR((i), decode(encoded(str), uncoded, coded, quote_char, printable), b, strlen(str), str) \ data/daemon-0.7/libslack/vsscanf.c:396:8: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. rc1 = sscanf(str, " abc %hd %d %ld %e %le %Le xyz %p %127[^abc ] %3c %127s %hn %n%% %ln", data/daemon-0.7/test/test13.daemon.c:54:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (bytes = read(STDIN_FILENO, buf, BUFSIZ)) data/daemon-0.7/test/test13.daemon.c:74:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (bytes = read(out, buf, BUFSIZ)) data/daemon-0.7/test/test13.daemon.c:93:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (bytes = read(err, buf, BUFSIZ)) data/daemon-0.7/test/test15.client.c:19:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(STDIN_FILENO, &c, 1) == 1) ANALYSIS SUMMARY: Hits = 563 Lines analyzed = 60455 in approximately 2.00 seconds (30252 lines/second) Physical Source Lines of Code (SLOC) = 30264 Hits@level = [0] 1905 [1] 224 [2] 248 [3] 31 [4] 55 [5] 5 Hits@level+ = [0+] 2468 [1+] 563 [2+] 339 [3+] 91 [4+] 60 [5+] 5 Hits/KSLOC@level+ = [0+] 81.549 [1+] 18.603 [2+] 11.2014 [3+] 3.00687 [4+] 1.98255 [5+] 0.165213 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.