Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/deltachat-core-0.45.0+ds/cmdline/cmdline.c Examining data/deltachat-core-0.45.0+ds/cmdline/cmdline.h Examining data/deltachat-core-0.45.0+ds/cmdline/main.c Examining data/deltachat-core-0.45.0+ds/cmdline/stress.c Examining data/deltachat-core-0.45.0+ds/cmdline/stress.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp-extra.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/config-netpgp.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/create.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/crypto.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/defs.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/errors.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/keyring.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/memory.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/netpgpdefs.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/netpgpdigest.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/netpgpsdk.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/openssl11stub.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/packet-parse.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/packet-show.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/packet.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/readerwriter.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/signature.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/types.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/validate.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/version.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/writer.h Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/compress.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/create.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/crypto.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/openssl_crypto.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-show.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/signature.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/validate.c Examining data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c Examining data/deltachat-core-0.45.0+ds/src/dc_aheader.c Examining data/deltachat-core-0.45.0+ds/src/dc_aheader.h Examining data/deltachat-core-0.45.0+ds/src/dc_apeerstate.c Examining data/deltachat-core-0.45.0+ds/src/dc_apeerstate.h Examining data/deltachat-core-0.45.0+ds/src/dc_array.c Examining data/deltachat-core-0.45.0+ds/src/dc_array.h Examining data/deltachat-core-0.45.0+ds/src/dc_chat.c Examining data/deltachat-core-0.45.0+ds/src/dc_chat.h Examining data/deltachat-core-0.45.0+ds/src/dc_chatlist.c Examining data/deltachat-core-0.45.0+ds/src/dc_chatlist.h Examining data/deltachat-core-0.45.0+ds/src/dc_configure.c Examining data/deltachat-core-0.45.0+ds/src/dc_contact.c Examining data/deltachat-core-0.45.0+ds/src/dc_contact.h Examining data/deltachat-core-0.45.0+ds/src/dc_context.c Examining data/deltachat-core-0.45.0+ds/src/dc_context.h Examining data/deltachat-core-0.45.0+ds/src/dc_dehtml.c Examining data/deltachat-core-0.45.0+ds/src/dc_dehtml.h Examining data/deltachat-core-0.45.0+ds/src/dc_e2ee.c Examining data/deltachat-core-0.45.0+ds/src/dc_hash.c Examining data/deltachat-core-0.45.0+ds/src/dc_hash.h Examining data/deltachat-core-0.45.0+ds/src/dc_imap.c Examining data/deltachat-core-0.45.0+ds/src/dc_imap.h Examining data/deltachat-core-0.45.0+ds/src/dc_imex.c Examining data/deltachat-core-0.45.0+ds/src/dc_job.c Examining data/deltachat-core-0.45.0+ds/src/dc_job.h Examining data/deltachat-core-0.45.0+ds/src/dc_jobthread.c Examining data/deltachat-core-0.45.0+ds/src/dc_jobthread.h Examining data/deltachat-core-0.45.0+ds/src/dc_jsmn.c Examining data/deltachat-core-0.45.0+ds/src/dc_jsmn.h Examining data/deltachat-core-0.45.0+ds/src/dc_key.c Examining data/deltachat-core-0.45.0+ds/src/dc_key.h Examining data/deltachat-core-0.45.0+ds/src/dc_keyhistory.c Examining data/deltachat-core-0.45.0+ds/src/dc_keyring.c Examining data/deltachat-core-0.45.0+ds/src/dc_keyring.h Examining data/deltachat-core-0.45.0+ds/src/dc_location.c Examining data/deltachat-core-0.45.0+ds/src/dc_log.c Examining data/deltachat-core-0.45.0+ds/src/dc_loginparam.c Examining data/deltachat-core-0.45.0+ds/src/dc_loginparam.h Examining data/deltachat-core-0.45.0+ds/src/dc_lot.c Examining data/deltachat-core-0.45.0+ds/src/dc_lot.h Examining data/deltachat-core-0.45.0+ds/src/dc_mimefactory.c Examining data/deltachat-core-0.45.0+ds/src/dc_mimefactory.h Examining data/deltachat-core-0.45.0+ds/src/dc_mimeparser.c Examining data/deltachat-core-0.45.0+ds/src/dc_mimeparser.h Examining data/deltachat-core-0.45.0+ds/src/dc_move.c Examining data/deltachat-core-0.45.0+ds/src/dc_msg.c Examining data/deltachat-core-0.45.0+ds/src/dc_msg.h Examining data/deltachat-core-0.45.0+ds/src/dc_oauth2.c Examining data/deltachat-core-0.45.0+ds/src/dc_oauth2.h Examining data/deltachat-core-0.45.0+ds/src/dc_openssl.c Examining data/deltachat-core-0.45.0+ds/src/dc_openssl.h Examining data/deltachat-core-0.45.0+ds/src/dc_param.c Examining data/deltachat-core-0.45.0+ds/src/dc_param.h Examining data/deltachat-core-0.45.0+ds/src/dc_pgp.c Examining data/deltachat-core-0.45.0+ds/src/dc_pgp.h Examining data/deltachat-core-0.45.0+ds/src/dc_qr.c Examining data/deltachat-core-0.45.0+ds/src/dc_receive_imf.c Examining data/deltachat-core-0.45.0+ds/src/dc_saxparser.c Examining data/deltachat-core-0.45.0+ds/src/dc_saxparser.h Examining data/deltachat-core-0.45.0+ds/src/dc_securejoin.c Examining data/deltachat-core-0.45.0+ds/src/dc_simplify.c Examining data/deltachat-core-0.45.0+ds/src/dc_simplify.h Examining data/deltachat-core-0.45.0+ds/src/dc_smtp.c Examining data/deltachat-core-0.45.0+ds/src/dc_smtp.h Examining data/deltachat-core-0.45.0+ds/src/dc_sqlite3.c Examining data/deltachat-core-0.45.0+ds/src/dc_sqlite3.h Examining data/deltachat-core-0.45.0+ds/src/dc_stock.c Examining data/deltachat-core-0.45.0+ds/src/dc_stock.h Examining data/deltachat-core-0.45.0+ds/src/dc_strbuilder.c Examining data/deltachat-core-0.45.0+ds/src/dc_strbuilder.h Examining data/deltachat-core-0.45.0+ds/src/dc_strencode.c Examining data/deltachat-core-0.45.0+ds/src/dc_strencode.h Examining data/deltachat-core-0.45.0+ds/src/dc_token.c Examining data/deltachat-core-0.45.0+ds/src/dc_token.h Examining data/deltachat-core-0.45.0+ds/src/dc_tools.c Examining data/deltachat-core-0.45.0+ds/src/dc_tools.h Examining data/deltachat-core-0.45.0+ds/src/deltachat.h FINAL RESULTS: data/deltachat-core-0.45.0+ds/cmdline/main.c:58:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_RED "[DC_EVENT_ERROR] %s" ANSI_NORMAL "\n", (char*)data2); data/deltachat-core-0.45.0+ds/cmdline/main.c:62:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_RED "[DC_EVENT_ERROR_NETWORK] first=%i, msg=%s" ANSI_NORMAL "\n", (int)data1, (char*)data2); data/deltachat-core-0.45.0+ds/cmdline/main.c:66:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_RED "[DC_EVENT_ERROR_SELF_NOT_IN_GROUP] %s" ANSI_NORMAL "\n", (char*)data2); data/deltachat-core-0.45.0+ds/cmdline/main.c:88:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int error = system(cmd); data/deltachat-core-0.45.0+ds/cmdline/main.c:101:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_YELLOW "{{Received DC_EVENT_IS_OFFLINE()}}\n" ANSI_NORMAL); data/deltachat-core-0.45.0+ds/cmdline/main.c:105:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_YELLOW "{{Received DC_EVENT_MSGS_CHANGED(%i, %i)}}\n" ANSI_NORMAL, (int)data1, (int)data2); data/deltachat-core-0.45.0+ds/cmdline/main.c:109:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_YELLOW "{{Received DC_EVENT_CONTACTS_CHANGED()}}\n" ANSI_NORMAL); data/deltachat-core-0.45.0+ds/cmdline/main.c:113:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_YELLOW "{{Received DC_EVENT_LOCATION_CHANGED(contact=%i)}}\n" ANSI_NORMAL, (int)data1); data/deltachat-core-0.45.0+ds/cmdline/main.c:117:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_YELLOW "{{Received DC_EVENT_CONFIGURE_PROGRESS(%i ‰)}}\n" ANSI_NORMAL, (int)data1); data/deltachat-core-0.45.0+ds/cmdline/main.c:121:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_YELLOW "{{Received DC_EVENT_IMEX_PROGRESS(%i ‰)}}\n" ANSI_NORMAL, (int)data1); data/deltachat-core-0.45.0+ds/cmdline/main.c:125:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_YELLOW "{{Received DC_EVENT_IMEX_FILE_WRITTEN(%s)}}\n" ANSI_NORMAL, (char*)data1); data/deltachat-core-0.45.0+ds/cmdline/main.c:129:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_YELLOW "{{Received DC_EVENT_FILE_COPIED(%s)}}\n" ANSI_NORMAL, (char*)data1); data/deltachat-core-0.45.0+ds/cmdline/main.c:133:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_YELLOW "{{Received DC_EVENT_CHAT_MODIFIED(%i)}}\n" ANSI_NORMAL, (int)data1); data/deltachat-core-0.45.0+ds/cmdline/main.c:137:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ANSI_YELLOW "{{Received DC_EVENT_%i(%i, %i)}}\n" ANSI_NORMAL, (int)event, (int)data1, (int)data2); data/deltachat-core-0.45.0+ds/cmdline/main.c:394:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(syscmd); data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/errors.h:59:50: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define __printflike(n, m) __attribute__((format(printf,n,m))) data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/netpgpsdk.h:38:51: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define __printflike(n, m) __attribute__((format(printf,n,m))) data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:96:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:207:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(comment, maxbuf + 1, fmt, args); data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:1212:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. cc = vsnprintf(buf, sizeof(buf), fmt, args); data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:1234:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void) vsnprintf(&buf[cc], sizeof(buf) - (size_t)cc, fmt, vp); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:145:15: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. while ((p = getpass("netpgp passphrase: ")) == NULL) { data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:90:25: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. std_set_iv(pgp_crypt_t *crypt, const uint8_t *iv) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:97:26: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. std_set_key(pgp_crypt_t *crypt, const uint8_t *key) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:117:25: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. std_finish(pgp_crypt_t *crypt) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:130:25: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. cast5_init(pgp_crypt_t *crypt) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:154:34: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. cast5_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:160:34: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. cast5_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:166:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. cast5_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:174:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. cast5_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:202:24: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. idea_init(pgp_crypt_t *crypt) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:233:33: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. idea_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:239:33: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. idea_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:245:31: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. idea_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:253:31: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. idea_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:283:26: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. aes128_init(pgp_crypt_t *crypt) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:312:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. aes_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:318:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. aes_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:324:30: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. aes_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:332:30: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. aes_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:361:26: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. aes256_init(pgp_crypt_t *crypt) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:418:29: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. tripledes_init(pgp_crypt_t *crypt) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:438:38: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. tripledes_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:447:38: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. tripledes_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:456:36: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. tripledes_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:467:36: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. tripledes_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:500:31: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. camellia128_init(pgp_crypt_t *crypt) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:526:37: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. camellia_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:532:37: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. camellia_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:538:35: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. camellia_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:546:35: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. camellia_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:575:31: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. camellia256_init(pgp_crypt_t *crypt) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:649:28: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pgp_crypt_any(pgp_crypt_t *crypt, pgp_symm_alg_t alg) data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:657:17: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. (void) memset(crypt, 0x0, sizeof(*crypt)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:657:37: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. (void) memset(crypt, 0x0, sizeof(*crypt)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:787:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pgp_encrypt_se_ip(pgp_crypt_t *crypt, void *out, const void *in, data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:794:21: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. crypt->cfb_encrypt(crypt, out, in, count); data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:802:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pgp_decrypt_se_ip(pgp_crypt_t *crypt, void *out, const void *in, data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:809:21: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. crypt->cfb_decrypt(crypt, out, in, count); data/deltachat-core-0.45.0+ds/libs/netpgp/src/validate.c:92:7: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. char* getpass (const char *prompt) data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:934:18: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pgp_crypt_t *crypt; data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:965:48: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pgp_encrypt->crypt->cfb_encrypt(pgp_encrypt->crypt, encbuf, data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:993:21: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. free(pgp_encrypt->crypt); data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1024:18: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pgp_crypt_t *crypt; data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1158:18: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. se_ip->crypt); data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1188:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. if( se_ip->crypt ) { data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1189:39: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. se_ip->crypt->decrypt_finish(se_ip->crypt); // EDIT BY MR - fix memory leak data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1190:15: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. free(se_ip->crypt); data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1499:15: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pgp_crypt_t *crypt; data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1713:37: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pgp_push_enc_crypt(output, se_ip->crypt); data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1757:36: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pgp_push_enc_crypt(output, se_ip->crypt); data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1816:36: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pgp_push_enc_crypt(output, se_ip->crypt); data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1906:12: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. se_ip->crypt); data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1933:38: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. se_ip->crypt->decrypt_finish(se_ip->crypt); data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:1935:14: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. free(se_ip->crypt); data/deltachat-core-0.45.0+ds/src/dc_array.c:570:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ret, sep); \ data/deltachat-core-0.45.0+ds/src/dc_contact.c:461:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(full_name, first_name); data/deltachat-core-0.45.0+ds/src/dc_contact.c:463:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(full_name, last_name); data/deltachat-core-0.45.0+ds/src/dc_log.c:27:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(tempbuf, BUFSIZE, msg_format, va); data/deltachat-core-0.45.0+ds/src/dc_saxparser.c:176:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_ret, r); data/deltachat-core-0.45.0+ds/src/dc_sqlite3.c:866:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(str, "%"SCNd64, &ret); data/deltachat-core-0.45.0+ds/src/dc_strbuilder.c:82:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strbuilder->eos, text); data/deltachat-core-0.45.0+ds/src/dc_strbuilder.c:113:26: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. char_cnt_without_zero = vsnprintf(testbuf, 0, format, argp); data/deltachat-core-0.45.0+ds/src/dc_strbuilder.c:128:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, char_cnt_without_zero+1, format, argp_copy); data/deltachat-core-0.45.0+ds/src/dc_strencode.c:786:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pbuf, PREFIX); data/deltachat-core-0.45.0+ds/src/dc_tools.c:286:26: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. char_cnt_without_zero = vsnprintf(testbuf, 0, format, argp); data/deltachat-core-0.45.0+ds/src/dc_tools.c:299:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, char_cnt_without_zero+1, format, argp_copy); data/deltachat-core-0.45.0+ds/src/dc_tools.c:475:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)p1, ellipse_utf8); data/deltachat-core-0.45.0+ds/src/dc_tools.c:514:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(p, DC_EDITORIAL_ELLIPSE); data/deltachat-core-0.45.0+ds/src/dc_tools.c:581:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o, break_chars); data/deltachat-core-0.45.0+ds/src/dc_pgp.c:417:58: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. user_id = (uint8_t*)dc_mprintf("<%08X@%08X.org>", (int)random(), (int)random()); data/deltachat-core-0.45.0+ds/src/dc_pgp.c:417:73: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. user_id = (uint8_t*)dc_mprintf("<%08X@%08X.org>", (int)random(), (int)random()); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:537:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t msg_id = (uint32_t)atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:559:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ret = dc_continue_key_transfer(context, atoi(arg1), arg2)? COMMAND_SUCCEEDED : COMMAND_FAILED; data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:620:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int bits = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:753:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). context->cmdline_sel_chat_id = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:790:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int contact_id = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:801:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int msg_id = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:840:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int contact_id = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:860:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int contact_id = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:924:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int contact_id = arg1? atoi(arg1) : 0; data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:953:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int seconds = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1119:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int chat_id = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1130:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int chat_id = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1147:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int id = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1169:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t msg_ids[1], chat_id = atoi(arg2); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1170:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msg_ids[0] = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1182:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msg_ids[0] = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1194:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msg_ids[0] = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1206:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ids[0] = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1253:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int contact_id = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1290:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ret = dc_delete_contact(context, atoi(arg1))? COMMAND_SUCCEEDED : COMMAND_FAILED; data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1307:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ret = dc_get_securejoin_qr(context, arg1? atoi(arg1) : 0); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:1324:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int event = atoi(arg1); data/deltachat-core-0.45.0+ds/cmdline/main.c:272:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cmdbuffer[1024]; data/deltachat-core-0.45.0+ds/cmdline/main.c:387:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). char* qrstr = dc_get_securejoin_qr(context, arg1? atoi(arg1) : 0); data/deltachat-core-0.45.0+ds/cmdline/stress.c:370:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). assert( atol("")==0 ); /* we rely on this eg. in dc_sqlite3_get_config() */ data/deltachat-core-0.45.0+ds/cmdline/stress.c:371:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). assert( atoi("")==0 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:935:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bad_data[BAD_DATA_BYTES]; data/deltachat-core-0.45.0+ds/libs/netpgp/include/netpgp/packet.h:744:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/deltachat-core-0.45.0+ds/libs/netpgp/src/compress.c:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in[DECOMPRESS_BUFFER]; data/deltachat-core-0.45.0+ds/libs/netpgp/src/compress.c:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[DECOMPRESS_BUFFER]; data/deltachat-core-0.45.0+ds/libs/netpgp/src/compress.c:195:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&cdest[cc], &z->out[z->offset], len); data/deltachat-core-0.45.0+ds/libs/netpgp/src/compress.c:274:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&cdest[cc], &bz->out[bz->offset], len); data/deltachat-core-0.45.0+ds/libs/netpgp/src/compress.c:477:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(zip->src, data, len); data/deltachat-core-0.45.0+ds/libs/netpgp/src/create.c:416:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&sesskey[i * hashsize], data/deltachat-core-0.45.0+ds/libs/netpgp/src/create.c:988:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(EM + i, M, mLen); data/deltachat-core-0.45.0+ds/libs/netpgp/src/create.c:1101:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sesskey->key, initial_sesskey->key, cipherinfo.keysize); data/deltachat-core-0.45.0+ds/libs/netpgp/src/create.c:1303:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, flags, 0600); data/deltachat-core-0.45.0+ds/libs/netpgp/src/crypto.c:141:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(buf, mpibuf + i, (unsigned)(n - i)); /* XXX - Flexelint */ data/deltachat-core-0.45.0+ds/libs/netpgp/src/crypto.c:183:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(buf, mpibuf + i, (unsigned)(n - i)); /* XXX - Flexelint */ data/deltachat-core-0.45.0+ds/libs/netpgp/src/crypto.c:745:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*recipients_key_ids, data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c:791:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(*dst, src, len); data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c:814:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(dst->raw, src->raw, src->length); data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c:1079:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&keyring->keys[from], &keyring->keys[from+1], data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c:1410:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, src, sizeof(*key)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c:1440:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&key->pubkeyid, pubkeyid, PGP_KEY_ID_SIZE); data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c:1472:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&key->pubkeyid, pubkeyid, PGP_KEY_ID_SIZE); data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c:1628:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(subkeyp->id, subkeyid, PGP_KEY_ID_SIZE); data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c:1652:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&keyring->keys[keyring->keyc], &newring->keys[i], data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:467:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(keyid, bn + n - idlen, idlen); data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:470:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(keyid, data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:807:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(mem->buf + mem->length, src, length); data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:946:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(f, "rb")) == NULL) { data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:1026:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LINELEN + 1]; data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:1133:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *debugv[MAX_DEBUG_NAMES]; data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:1208:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[120 * 1024]; /* XXX - "huge" buffer on stack */ data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:1218:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(*ret, buf, (size_t)cc); data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:1228:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ * 2]; data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:1249:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(cp, s, len); data/deltachat-core-0.45.0+ds/libs/netpgp/src/openssl_crypto.c:607:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[1024]; data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:212:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(dest, &readinfo->virtualpkt[readinfo->virtualoff], n); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:309:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(readinfo->accumulated + readinfo->alength, dest, data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:896:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->contents, src->contents, src->len); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:988:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(dst, src, sizeof(*src)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:993:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(dst->v4_hashed, src->v4_hashed, src->v4_hashlen); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:1318:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(*src)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:1800:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(sig->info.signer_id, pkt.u.ss_issuer, PGP_KEY_ID_SIZE); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:2151:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(pkt.u.sig.info.v4_hashed, data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:2517:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(*src)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:2546:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->checkhash, src->checkhash, PGP_CHECKHASH_SIZE); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:3083:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(pkt.u.pk_sesskey.key, unencoded_m_buf + 1, k); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:3215:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&key[i * hashsize], hashed, (unsigned)size); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:3890:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(cbinfo, &stream->cbinfo, sizeof(*cbinfo)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:1053:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:1444:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(dest, data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:1681:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(se_ip->plaintext, plaintext, sz_plaintext); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:1693:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest_, se_ip->plaintext + se_ip->plaintext_offset, n); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:1842:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, reader->buffer + reader->offset, n); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:1994:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, flags, 0600); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:2036:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_WRONLY | O_APPEND | O_BINARY, 0600); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:2038:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_WRONLY | O_APPEND, 0600); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:2084:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY | O_BINARY); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:2086:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:2240:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key_id, content->get_seckey.pk_sesskey->key_id, sizeof(key_id_t)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:2354:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(dest, &cmem[(int)mem->offset], (unsigned)n); data/deltachat-core-0.45.0+ds/libs/netpgp/src/signature.c:200:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&hashbuf[n], prefix, prefixsize); data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:92:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(crypt->iv, iv, crypt->blocksize); data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:99:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(crypt->key, key, crypt->keysize); data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:111:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(decrypt->civ, decrypt->siv + decrypt->num, data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:690:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(decrypt->civ, decrypt->siv, decrypt->blocksize); data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:711:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(decrypt->siv, decrypt->civ, data/deltachat-core-0.45.0+ds/libs/netpgp/src/symmetric.c:740:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(encrypt->siv, encrypt->civ, data/deltachat-core-0.45.0+ds/libs/netpgp/src/validate.c:736:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/deltachat-core-0.45.0+ds/libs/netpgp/src/validate.c:1014:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[MAXPATHLEN]; data/deltachat-core-0.45.0+ds/libs/netpgp/src/validate.c:1084:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfd = open(outfile, O_WRONLY | O_CREAT, 0666); data/deltachat-core-0.45.0+ds/src/dc_array.c:112:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret->array, array->array, array->count * sizeof(uintptr_t)); data/deltachat-core-0.45.0+ds/src/dc_array.c:572:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&ret[strlen(ret)], "%lu", (unsigned long)(a)[i]); \ data/deltachat-core-0.45.0+ds/src/dc_configure.c:154:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). moz_ac->out->mail_port = atoi(val); data/deltachat-core-0.45.0+ds/src/dc_configure.c:180:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). moz_ac->out->send_port = atoi(val); data/deltachat-core-0.45.0+ds/src/dc_configure.c:885:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(param->send_server, "smtp", 4); data/deltachat-core-0.45.0+ds/src/dc_hash.c:465:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)new_elem->pKey, pKey, nKey); data/deltachat-core-0.45.0+ds/src/dc_imap.c:95:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *uidvalidity = atol(val1); data/deltachat-core-0.45.0+ds/src/dc_imap.c:96:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *lastseenuid = atol(val2); data/deltachat-core-0.45.0+ds/src/dc_imex.c:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passphrase_begin[8]; data/deltachat-core-0.45.0+ds/src/dc_imex.c:772:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/deltachat-core-0.45.0+ds/src/dc_key.c:85:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key->binary, data, bytes); data/deltachat-core-0.45.0+ds/src/dc_location.c:15:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&wanted_struct, gmtime(&utc), sizeof(struct tm)); data/deltachat-core-0.45.0+ds/src/dc_location.c:268:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val[4] = 0; tmval.tm_year = atoi(val) - 1900; data/deltachat-core-0.45.0+ds/src/dc_location.c:269:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val[7] = 0; tmval.tm_mon = atoi(val+5) - 1; data/deltachat-core-0.45.0+ds/src/dc_location.c:270:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val[10] = 0; tmval.tm_mday = atoi(val+8); data/deltachat-core-0.45.0+ds/src/dc_location.c:271:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val[13] = 0; tmval.tm_hour = atoi(val+11); data/deltachat-core-0.45.0+ds/src/dc_location.c:272:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val[16] = 0; tmval.tm_min = atoi(val+14); data/deltachat-core-0.45.0+ds/src/dc_location.c:273:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val[19] = 0; tmval.tm_sec = atoi(val+17); data/deltachat-core-0.45.0+ds/src/dc_log.c:26:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempbuf[BUFSIZE+1]; data/deltachat-core-0.45.0+ds/src/dc_mimefactory.c:309:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&wanted_struct, localtime(&msg->timestamp_sort), sizeof(struct tm)); data/deltachat-core-0.45.0+ds/src/dc_mimeparser.c:1662:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int duration_ms = atoi(field->fld_value); data/deltachat-core-0.45.0+ds/src/dc_oauth2.c:277:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time_t val = atol(expires_in_str); data/deltachat-core-0.45.0+ds/src/dc_param.c:216:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int32_t ret = atol(str); data/deltachat-core-0.45.0+ds/src/dc_pgp.c:435:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pubkey.pubkeyid, seckey.pubkeyid, PGP_KEY_ID_SIZE); data/deltachat-core-0.45.0+ds/src/dc_pgp.c:444:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->id, subkeyid, PGP_KEY_ID_SIZE); data/deltachat-core-0.45.0+ds/src/dc_pgp.c:459:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->id, subkeyid, PGP_KEY_ID_SIZE); data/deltachat-core-0.45.0+ds/src/dc_pgp.c:601:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*ret_fingerprint, rpgp_cvec_data(fingerprint), *ret_fingerprint_bytes); data/deltachat-core-0.45.0+ds/src/dc_pgp.c:641:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*ret_fingerprint, key0->pubkeyfpr.fingerprint, *ret_fingerprint_bytes); data/deltachat-core-0.45.0+ds/src/dc_receive_imf.c:440:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&ret[i*2], "%02x", (int)rpgp_cvec_data(binary_hash)[i]); data/deltachat-core-0.45.0+ds/src/dc_receive_imf.c:462:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&ret[i*2], "%02x", (int)binary_hash[i]); data/deltachat-core-0.45.0+ds/src/dc_smtp.c:69:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, buffer__, size); data/deltachat-core-0.45.0+ds/src/dc_smtp.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[513]; data/deltachat-core-0.45.0+ds/src/dc_sqlite3.c:853:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int32_t ret = atol(str); data/deltachat-core-0.45.0+ds/src/dc_strbuilder.c:104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char testbuf[1]; data/deltachat-core-0.45.0+ds/src/dc_strencode.c:181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex[4]; data/deltachat-core-0.45.0+ds/src/dc_strencode.c:629:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char base64[256]; data/deltachat-core-0.45.0+ds/src/dc_tools.c:55:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return s? atoi(s) : 0; data/deltachat-core-0.45.0+ds/src/dc_tools.c:277:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char testbuf[1]; data/deltachat-core-0.45.0+ds/src/dc_tools.c:815:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&wanted_struct, localtime(&wanted), sizeof(struct tm)); data/deltachat-core-0.45.0+ds/src/dc_tools.c:1318:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[DC_COPY_BUF_SIZE]; data/deltachat-core-0.45.0+ds/src/dc_tools.c:1327:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd_src=open(src_abs, O_RDONLY)) < 0) { data/deltachat-core-0.45.0+ds/src/dc_tools.c:1332:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd_dest=open(dest_abs, O_WRONLY|O_CREAT|O_EXCL, 0666)) < 0) { data/deltachat-core-0.45.0+ds/src/dc_tools.c:1399:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = fopen(pathNfilename_abs, "wb"); data/deltachat-core-0.45.0+ds/src/dc_tools.c:1436:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(pathNfilename_abs, "rb"); data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:225:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name)>=4 && strcmp(&name[strlen(name)-4], ".eml")==0) { data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:225:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name)>=4 && strcmp(&name[strlen(name)-4], ".eml")==0) { data/deltachat-core-0.45.0+ds/cmdline/cmdline.c:603:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && dc_write_file(context, file_name, file_content, strlen(file_content))) { data/deltachat-core-0.45.0+ds/cmdline/main.c:275:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(cmdbuffer)>0 data/deltachat-core-0.45.0+ds/cmdline/main.c:276:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (cmdbuffer[strlen(cmdbuffer)-1]=='\n' || cmdbuffer[strlen(cmdbuffer)-1]==' ')) data/deltachat-core-0.45.0+ds/cmdline/main.c:276:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (cmdbuffer[strlen(cmdbuffer)-1]=='\n' || cmdbuffer[strlen(cmdbuffer)-1]==' ')) data/deltachat-core-0.45.0+ds/cmdline/main.c:278:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmdbuffer[strlen(cmdbuffer)-1] = '\0'; data/deltachat-core-0.45.0+ds/cmdline/main.c:389:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(cmd, "getbadqr")==0 && strlen(qrstr)>40) { data/deltachat-core-0.45.0+ds/cmdline/stress.c:173:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* plain = dc_simplify_simplify(simplify, html, strlen(html), 1, 0); data/deltachat-core-0.45.0+ds/cmdline/stress.c:178:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plain = dc_simplify_simplify(simplify, html, strlen(html), 1, 0); data/deltachat-core-0.45.0+ds/cmdline/stress.c:183:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plain = dc_simplify_simplify(simplify, html, strlen(html), 1, 0); data/deltachat-core-0.45.0+ds/cmdline/stress.c:188:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plain = dc_simplify_simplify(simplify, html, strlen(html), 1, 0); data/deltachat-core-0.45.0+ds/cmdline/stress.c:203:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc_kml_t* kml = dc_kml_parse(context, xml, strlen(xml)); data/deltachat-core-0.45.0+ds/cmdline/stress.c:286:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( mailmime_parse(txt, strlen(txt), &dummy, &mime) == MAIL_NO_ERROR ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:334:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc_mimeparser_parse(mimeparser, raw, strlen(raw)); data/deltachat-core-0.45.0+ds/cmdline/stress.c:534:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(buf1) == DC_CREATE_ID_LEN ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:623:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( dc_utf8_strlen("c")==1 && strlen("c")==1 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:624:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( dc_utf8_strlen("ä")==1 && strlen("ä")==2 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:885:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( setupcodebegin && strlen(setupcodebegin)<strlen(s_em_setupcode) && strncmp(setupcodebegin, s_em_setupcode, strlen(setupcodebegin))==0 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:885:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( setupcodebegin && strlen(setupcodebegin)<strlen(s_em_setupcode) && strncmp(setupcodebegin, s_em_setupcode, strlen(setupcodebegin))==0 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:885:119: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( setupcodebegin && strlen(setupcodebegin)<strlen(s_em_setupcode) && strncmp(setupcodebegin, s_em_setupcode, strlen(setupcodebegin))==0 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:902:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(setupcode) == 44 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:912:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( setupcodebegin && strlen(setupcodebegin)==2 && strncmp(setupcodebegin, setupcode, 2)==0 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:974:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ok = dc_pgp_pk_encrypt(context, original_text, strlen(original_text), keyring, private_key, 1, (void**)&ctext_signed, &ctext_signed_bytes); data/deltachat-core-0.45.0+ds/cmdline/stress.c:980:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok = dc_pgp_pk_encrypt(context, original_text, strlen(original_text), keyring, NULL, 1, (void**)&ctext_unsigned, &ctext_unsigned_bytes); data/deltachat-core-0.45.0+ds/cmdline/stress.c:1005:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strncmp((char*)plain, original_text, strlen(original_text))==0 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:1012:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strncmp((char*)plain, original_text, strlen(original_text))==0 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:1019:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strncmp((char*)plain, original_text, strlen(original_text))==0 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:1027:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strncmp((char*)plain, original_text, strlen(original_text))==0 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:1034:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strncmp((char*)plain, original_text, strlen(original_text))==0 ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:1054:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( plain_bytes == strlen(original_text) ); data/deltachat-core-0.45.0+ds/cmdline/stress.c:1084:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(qr)>55 && strncmp(qr, "OPENPGP4FPR:", 12)==0 && strncmp(&qr[52], "#a=", 3)==0 ); data/deltachat-core-0.45.0+ds/libs/netpgp/src/create.c:141:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgp_write_length(output, (unsigned)strlen((const char *) id)) && data/deltachat-core-0.45.0+ds/libs/netpgp/src/create.c:142:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgp_write(output, id, (unsigned)strlen((const char *) id)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/crypto.c:503:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *suffix = infile + strlen(infile) - suffixlen; data/deltachat-core-0.45.0+ds/libs/netpgp/src/crypto.c:508:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filenamelen = (unsigned)(strlen(infile) - strlen(suffix)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/crypto.c:508:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filenamelen = (unsigned)(strlen(infile) - strlen(suffix)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/crypto.c:514:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(filename, infile, filenamelen); data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c:784:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((const char *) src); data/deltachat-core-0.45.0+ds/libs/netpgp/src/keyring.c:1286:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:399:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash_string(&hash, (const uint8_t *)(const void *)type, (unsigned)strlen(type)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:964:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (cc = (int)read(fileno(fp), &mem->buf[mem->length], data/deltachat-core-0.45.0+ds/libs/netpgp/src/misc.c:1247:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:2748:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passlen = (unsigned)strlen(passphrase); data/deltachat-core-0.45.0+ds/libs/netpgp/src/packet-parse.c:3138:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int passphrase_len = strlen(passphrase); data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:152:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). phrase[strlen(phrase) - 1] = 0x0; data/deltachat-core-0.45.0+ds/libs/netpgp/src/reader.c:1779:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = (int)read(reader->fd, dest, length); data/deltachat-core-0.45.0+ds/libs/netpgp/src/signature.c:487:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). userid_len = strlen((const char *) id); data/deltachat-core-0.45.0+ds/libs/netpgp/src/signature.c:652:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgp_hash_add_int(&sig->hash, (unsigned)strlen((const char *) id), 4); data/deltachat-core-0.45.0+ds/libs/netpgp/src/signature.c:653:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sig->hash.add(&sig->hash, id, (unsigned)strlen((const char *) id)); data/deltachat-core-0.45.0+ds/libs/netpgp/src/signature.c:992:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t rlen = reason ? strlen(reason) : 0; data/deltachat-core-0.45.0+ds/libs/netpgp/src/signature.c:1029:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned flen = (unsigned)(strlen(inname) + 4 + 1); data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:516:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pgp_write(output, hash, (unsigned)strlen(hash)) && data/deltachat-core-0.45.0+ds/libs/netpgp/src/writer.c:755:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return stacked_write(writer, trailer, (unsigned)strlen(trailer), errors); data/deltachat-core-0.45.0+ds/src/dc_array.c:565:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = malloc((c)*(11+strlen(sep))/*sign,10 digits,sep*/+1/*terminating zero*/); \ data/deltachat-core-0.45.0+ds/src/dc_array.c:572:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(&ret[strlen(ret)], "%lu", (unsigned long)(a)[i]); \ data/deltachat-core-0.45.0+ds/src/dc_contact.c:443:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(full_name); data/deltachat-core-0.45.0+ds/src/dc_contact.c:462:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(full_name, " "); data/deltachat-core-0.45.0+ds/src/dc_contact.c:1347:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc_pgp_rand_seed(context, peerstate->addr, strlen(peerstate->addr) /*just some random data*/); data/deltachat-core-0.45.0+ds/src/dc_context.c:451:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ret.buf) > 0) { data/deltachat-core-0.45.0+ds/src/dc_context.c:458:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ret.buf) > 0) { data/deltachat-core-0.45.0+ds/src/dc_dehtml.c:146:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc_strbuilder_init(&dehtml.strbuilder, strlen(buf_terminated)); data/deltachat-core-0.45.0+ds/src/dc_e2ee.c:454:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). struct mailmime* version_mime = new_data_part(version_content, strlen(version_content), "application/pgp-encrypted", MAILMIME_MECHANISM_7BIT); data/deltachat-core-0.45.0+ds/src/dc_e2ee.c:729:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (dc_hash_find(recipients, gossip_header->addr, strlen(gossip_header->addr))) data/deltachat-core-0.45.0+ds/src/dc_e2ee.c:754:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc_hash_insert(gossipped_addr, gossip_header->addr, strlen(gossip_header->addr), (void*)1); data/deltachat-core-0.45.0+ds/src/dc_hash.c:69:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (n<=0) n = strlen(z); data/deltachat-core-0.45.0+ds/src/dc_hash.h:90:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define dc_hash_find_str(H, s) dc_hash_find((H), (s), strlen((s))) data/deltachat-core-0.45.0+ds/src/dc_hash.h:91:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define dc_hash_insert_str(H, s, d) dc_hash_insert((H), (s), strlen((s)), (d)) data/deltachat-core-0.45.0+ds/src/dc_imap.c:195:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int out_len = strlen(out); data/deltachat-core-0.45.0+ds/src/dc_imex.c:97:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strlen(passphrase)<2 || curr_private_key==NULL) { data/deltachat-core-0.45.0+ds/src/dc_imex.c:101:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(passphrase_begin, passphrase, 2); data/deltachat-core-0.45.0+ds/src/dc_imex.c:120:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!dc_pgp_symm_encrypt(context, passphrase, payload_key_asc, strlen(payload_key_asc), &encr_string)) { data/deltachat-core-0.45.0+ds/src/dc_imex.c:215:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mailmime_base64_body_parse(fc_base64, strlen(fc_base64), &indx, &binary/*must be freed using mmap_string_unref()*/, &binary_bytes)!=MAILIMF_NO_ERROR data/deltachat-core-0.45.0+ds/src/dc_imex.c:290:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outlen = strlen(out.buf); data/deltachat-core-0.45.0+ds/src/dc_imex.c:375:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || !dc_write_file(context, setup_file_name, setup_file_content, strlen(setup_file_content))) { data/deltachat-core-0.45.0+ds/src/dc_imex.c:758:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int prefix_len = strlen(DC_BAK_PREFIX); data/deltachat-core-0.45.0+ds/src/dc_imex.c:759:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int suffix_len = strlen(DC_BAK_SUFFIX); data/deltachat-core-0.45.0+ds/src/dc_imex.c:844:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int name_len = strlen(name); data/deltachat-core-0.45.0+ds/src/dc_imex.c:1197:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int prefix_len = strlen(DC_BAK_PREFIX); data/deltachat-core-0.45.0+ds/src/dc_imex.c:1198:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int suffix_len = strlen(DC_BAK_SUFFIX); data/deltachat-core-0.45.0+ds/src/dc_imex.c:1213:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int name_len = strlen(name); data/deltachat-core-0.45.0+ds/src/dc_job.c:502:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(300*1000); data/deltachat-core-0.45.0+ds/src/dc_jobthread.c:77:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(300*1000); data/deltachat-core-0.45.0+ds/src/dc_key.c:123:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mailmime_base64_body_parse(base64, strlen(base64), &indx, &result/*must be freed using mmap_string_unref()*/, &result_len)!=MAILIMF_NO_ERROR data/deltachat-core-0.45.0+ds/src/dc_key.c:410:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!dc_write_file(context, file, file_content, strlen(file_content))) { data/deltachat-core-0.45.0+ds/src/dc_key.c:427:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int fingerprint_len = strlen(fingerprint); data/deltachat-core-0.45.0+ds/src/dc_location.c:263:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (kml->tag&TAG_WHEN && strlen(val)>=19) { data/deltachat-core-0.45.0+ds/src/dc_mimefactory.c:284:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mailmime_set_body_text(message_part, text, strlen(text)); data/deltachat-core-0.45.0+ds/src/dc_mimefactory.c:712:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mailmime_set_body_text(kml_mime_part, kml_file, strlen(kml_file)); data/deltachat-core-0.45.0+ds/src/dc_mimefactory.c:728:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mailmime_set_body_text(kml_mime_part, kml_file, strlen(kml_file)); data/deltachat-core-0.45.0+ds/src/dc_mimefactory.c:781:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mailmime_set_body_text(mach_mime_part, message_text2, strlen(message_text2)); data/deltachat-core-0.45.0+ds/src/dc_mimeparser.c:411:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc_hash_insert(recipients, addr_norm, strlen(addr_norm), (void*)1); data/deltachat-core-0.45.0+ds/src/dc_mimeparser.c:1175:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename_parts.buf)) { data/deltachat-core-0.45.0+ds/src/dc_mimeparser.c:1201:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strncmp(desired_filename+strlen(desired_filename)-4, ".kml", 4)==0) { data/deltachat-core-0.45.0+ds/src/dc_mimeparser.c:1208:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strncmp(desired_filename+strlen(desired_filename)-4, ".kml", 4)==0) { data/deltachat-core-0.45.0+ds/src/dc_mimeparser.c:1461:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int key_len = strlen(key); data/deltachat-core-0.45.0+ds/src/dc_mimeparser.c:1678:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mailimf_mailbox_list_parse(dn_field->fld_value, strlen(dn_field->fld_value), &index, &mb_list)==MAILIMF_NO_ERROR && mb_list) data/deltachat-core-0.45.0+ds/src/dc_oauth2.c:96:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tok->type == JSMN_STRING && (int) strlen(s) == tok->end - tok->start && data/deltachat-core-0.45.0+ds/src/dc_oauth2.c:261:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tok_cnt = jsmn_parse(&parser, json, strlen(json), tok, sizeof(tok)/sizeof(tok[0])); data/deltachat-core-0.45.0+ds/src/dc_oauth2.c:369:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tok_cnt = jsmn_parse(&parser, json, strlen(json), tok, sizeof(tok)/sizeof(tok[0])); data/deltachat-core-0.45.0+ds/src/dc_param.c:32:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p2 = &p1[strlen(p1)]; data/deltachat-core-0.45.0+ds/src/dc_pgp.c:113:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(line, "-----BEGIN ", 11)==0 && strncmp(&line[strlen(line)-5], "-----", 5)==0) { data/deltachat-core-0.45.0+ds/src/dc_pgp.c:120:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strspn(line, PGP_WS)==strlen(line)) { data/deltachat-core-0.45.0+ds/src/dc_pgp.c:168:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strncmp(p1+9, headerline+11, strlen(headerline+11))!=0) { data/deltachat-core-0.45.0+ds/src/dc_pgp.c:1065:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc_hash_insert(ret_signature_fingerprints, fingerprint_hex, strlen(fingerprint_hex), (void*)1); data/deltachat-core-0.45.0+ds/src/dc_pgp.c:1167:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc_hash_insert(ret_signature_fingerprints, fingerprint_hex, strlen(fingerprint_hex), (void*)1); data/deltachat-core-0.45.0+ds/src/dc_qr.c:63:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp(qr, DC_OPENPGP4FPR_SCHEME, strlen(DC_OPENPGP4FPR_SCHEME))==0) data/deltachat-core-0.45.0+ds/src/dc_qr.c:68:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). payload = dc_strdup(&qr[strlen(DC_OPENPGP4FPR_SCHEME)]); data/deltachat-core-0.45.0+ds/src/dc_qr.c:105:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncasecmp(qr, MAILTO_SCHEME, strlen(MAILTO_SCHEME))==0) data/deltachat-core-0.45.0+ds/src/dc_qr.c:108:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). payload = dc_strdup(&qr[strlen(MAILTO_SCHEME)]); data/deltachat-core-0.45.0+ds/src/dc_qr.c:115:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncasecmp(qr, SMTP_SCHEME, strlen(SMTP_SCHEME))==0) data/deltachat-core-0.45.0+ds/src/dc_qr.c:118:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). payload = dc_strdup(&qr[strlen(SMTP_SCHEME)]); data/deltachat-core-0.45.0+ds/src/dc_qr.c:125:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncasecmp(qr, MATMSG_SCHEME, strlen(MATMSG_SCHEME))==0) data/deltachat-core-0.45.0+ds/src/dc_qr.c:140:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncasecmp(qr, VCARD_BEGIN, strlen(VCARD_BEGIN))==0) data/deltachat-core-0.45.0+ds/src/dc_qr.c:181:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fingerprint) != 40) { data/deltachat-core-0.45.0+ds/src/dc_receive_imf.c:429:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rpgp_cvec* binary_hash = rpgp_hash_sha256((const uint8_t*)member_cs.buf, strlen(member_cs.buf)); data/deltachat-core-0.45.0+ds/src/dc_receive_imf.c:450:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hasher.add(&hasher, (const uint8_t*)member_cs.buf, strlen(member_cs.buf)); data/deltachat-core-0.45.0+ds/src/dc_receive_imf.c:907:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (X_MrGrpNameChanged && grpname && strlen(grpname) < 200) data/deltachat-core-0.45.0+ds/src/dc_receive_imf.c:1562:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mailimf_msg_id_parse(of_org_msgid->fld_value, strlen(of_org_msgid->fld_value), &dummy, &rfc724_mid)==MAIL_NO_ERROR data/deltachat-core-0.45.0+ds/src/dc_saxparser.c:135:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*s == '\n') memmove(s, (s + 1), strlen(s)); data/deltachat-core-0.45.0+ds/src/dc_saxparser.c:161:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(s, strchr(s, ';') + 1, strlen(strchr(s, ';'))); data/deltachat-core-0.45.0+ds/src/dc_saxparser.c:167:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (b = 0; s_ent[b] && strncmp(s + 1, s_ent[b], strlen(s_ent[b])); b += 2) data/deltachat-core-0.45.0+ds/src/dc_saxparser.c:171:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((c = strlen(s_ent[b])) - 1 > (e = strchr(s, ';')) - s) { data/deltachat-core-0.45.0+ds/src/dc_saxparser.c:173:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = (d = (s - r)) + c + strlen(e); /* new length */ data/deltachat-core-0.45.0+ds/src/dc_saxparser.c:186:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(s + c, e + 1, strlen(e)); /* shift rest of string */ data/deltachat-core-0.45.0+ds/src/dc_saxparser.c:187:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s, s_ent[b], c); /* copy in replacement text */ data/deltachat-core-0.45.0+ds/src/dc_saxparser.c:354:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). call_text_cb(saxparser, text_beg, strlen(text_beg), 'c'); /* CDATA not closed, add all remaining text */ data/deltachat-core-0.45.0+ds/src/dc_securejoin.c:469:3: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(300*1000); // 0.3 seconds data/deltachat-core-0.45.0+ds/src/dc_simplify.c:45:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buf_len = strlen(buf); data/deltachat-core-0.45.0+ds/src/dc_simplify.c:234:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dc_strbuilder_init(&ret, strlen(buf_terminated)); data/deltachat-core-0.45.0+ds/src/dc_sqlite3.c:987:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int name_len = strlen(name); data/deltachat-core-0.45.0+ds/src/dc_sqlite3.c:988:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int namespc_len = strlen(namespc); data/deltachat-core-0.45.0+ds/src/dc_sqlite3.c:1053:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int name_len = strlen(name); data/deltachat-core-0.45.0+ds/src/dc_stock.c:140:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(action) && action[strlen(action)-1]=='.') { data/deltachat-core-0.45.0+ds/src/dc_stock.c:140:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(action) && action[strlen(action)-1]=='.') { data/deltachat-core-0.45.0+ds/src/dc_stock.c:141:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). action[strlen(action)-1] = 0; data/deltachat-core-0.45.0+ds/src/dc_strbuilder.c:63:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(text); data/deltachat-core-0.45.0+ds/src/dc_strencode.c:49:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *buf = malloc(strlen(to_encode) * 3 + 1), *pbuf = buf; data/deltachat-core-0.45.0+ds/src/dc_strencode.c:94:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *buf = malloc(strlen(to_decode) + 1), *pbuf = buf; data/deltachat-core-0.45.0+ds/src/dc_strencode.c:440:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int r = mailmime_encoded_phrase_parse(DEF_INCOMING_CHARSET, in, strlen(in), &cur_token, DEF_DISPLAY_CHARSET, &out); data/deltachat-core-0.45.0+ds/src/dc_strencode.c:498:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = (char*)malloc(2*strlen(to_encode)+1); data/deltachat-core-0.45.0+ds/src/dc_strencode.c:638:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = (char*)malloc(4*strlen(to_decode)+1); data/deltachat-core-0.45.0+ds/src/dc_strencode.c:780:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *buf = malloc(strlen(PREFIX) + strlen(to_encode) * 3 + 1); data/deltachat-core-0.45.0+ds/src/dc_strencode.c:780:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *buf = malloc(strlen(PREFIX) + strlen(to_encode) * 3 + 1); data/deltachat-core-0.45.0+ds/src/dc_strencode.c:787:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pbuf += strlen(pbuf); data/deltachat-core-0.45.0+ds/src/dc_strencode.c:847:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int r = charconv("utf-8", charset, decoded, strlen(decoded), &converted); data/deltachat-core-0.45.0+ds/src/dc_tools.c:95:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/deltachat-core-0.45.0+ds/src/dc_tools.c:115:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/deltachat-core-0.45.0+ds/src/dc_tools.c:170:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). needle_len = strlen(needle); data/deltachat-core-0.45.0+ds/src/dc_tools.c:171:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). replacement_len = replacement? strlen(replacement) : 0; data/deltachat-core-0.45.0+ds/src/dc_tools.c:232:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out, in, bytes); data/deltachat-core-0.45.0+ds/src/dc_tools.c:382:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int p1len = strlen(buf); data/deltachat-core-0.45.0+ds/src/dc_tools.c:473:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buf_bytes = strlen(buf); data/deltachat-core-0.45.0+ds/src/dc_tools.c:474:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf_bytes-used_bytes >= strlen(ellipse_utf8) /* check if we have room for the ellipse */) { data/deltachat-core-0.45.0+ds/src/dc_tools.c:502:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (approx_chars > 0 && strlen(buf) > approx_chars+strlen(DC_EDITORIAL_ELLIPSE)) data/deltachat-core-0.45.0+ds/src/dc_tools.c:502:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (approx_chars > 0 && strlen(buf) > approx_chars+strlen(DC_EDITORIAL_ELLIPSE)) data/deltachat-core-0.45.0+ds/src/dc_tools.c:566:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int out_len = strlen(in); data/deltachat-core-0.45.0+ds/src/dc_tools.c:568:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int break_chars_len = strlen(break_chars); data/deltachat-core-0.45.0+ds/src/dc_tools.c:624:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (str && delimiter && strlen(delimiter)>=1) { data/deltachat-core-0.45.0+ds/src/dc_tools.c:634:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p1 = p2+strlen(delimiter); data/deltachat-core-0.45.0+ds/src/dc_tools.c:661:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int str_len = strlen(str_lower); data/deltachat-core-0.45.0+ds/src/dc_tools.c:1039:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mid==NULL || strlen(mid)<8 || mid[0]!='G' || mid[1]!='r' || mid[2]!='.') { data/deltachat-core-0.45.0+ds/src/dc_tools.c:1052:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). grpid_len = strlen(grpid); data/deltachat-core-0.45.0+ds/src/dc_tools.c:1091:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int path_len = strlen(pathNfilename); data/deltachat-core-0.45.0+ds/src/dc_tools.c:1337:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((bytes_read=read(fd_src, buf, DC_COPY_BUF_SIZE)) > 0) { data/deltachat-core-0.45.0+ds/src/dc_tools.c:1515:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(*path, context->blobdir, strlen(context->blobdir))==0) { data/deltachat-core-0.45.0+ds/src/dc_tools.c:1528:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strncmp(path, context->blobdir, strlen(context->blobdir))==0) ANALYSIS SUMMARY: Hits = 397 Lines analyzed = 60528 in approximately 1.57 seconds (38469 lines/second) Physical Source Lines of Code (SLOC) = 40181 Hits@level = [0] 454 [1] 167 [2] 138 [3] 2 [4] 90 [5] 0 Hits@level+ = [0+] 851 [1+] 397 [2+] 230 [3+] 92 [4+] 90 [5+] 0 Hits/KSLOC@level+ = [0+] 21.1792 [1+] 9.88029 [2+] 5.7241 [3+] 2.28964 [4+] 2.23986 [5+] 0 Dot directories skipped = 4 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.