Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dmitry-1.3a/src/includes/file.h
Examining data/dmitry-1.3a/src/includes/netcraft.h
Examining data/dmitry-1.3a/src/includes/iwhois.h
Examining data/dmitry-1.3a/src/includes/portscan.h
Examining data/dmitry-1.3a/src/includes/nwhois.h
Examining data/dmitry-1.3a/src/includes/resolve.h
Examining data/dmitry-1.3a/src/includes/global.h
Examining data/dmitry-1.3a/src/includes/dmitry.h
Examining data/dmitry-1.3a/src/includes/port_sock.h
Examining data/dmitry-1.3a/src/includes/dmitrybot.h
Examining data/dmitry-1.3a/src/includes/mailsearch.h
Examining data/dmitry-1.3a/src/includes/output.h
Examining data/dmitry-1.3a/src/includes/subsearch.h
Examining data/dmitry-1.3a/src/includes/config.h
Examining data/dmitry-1.3a/src/includes/tcp_sock.h
Examining data/dmitry-1.3a/src/file.c
Examining data/dmitry-1.3a/src/subsearch.c
Examining data/dmitry-1.3a/src/mailsearch.c
Examining data/dmitry-1.3a/src/netcraft.c
Examining data/dmitry-1.3a/src/port_sock.c
Examining data/dmitry-1.3a/src/portscan.c
Examining data/dmitry-1.3a/src/resolve.c
Examining data/dmitry-1.3a/src/tcp_sock.c
Examining data/dmitry-1.3a/src/dmitry.c
Examining data/dmitry-1.3a/src/output.c
Examining data/dmitry-1.3a/src/nwhois.c
Examining data/dmitry-1.3a/src/iwhois.c
FINAL RESULTS:
data/dmitry-1.3a/src/dmitry.c:98:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outputfile, optarg);
data/dmitry-1.3a/src/dmitry.c:145:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host_name, argv[argc - 1]);
data/dmitry-1.3a/src/dmitry.c:152:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(host_ip, argv[argc - 1]);
data/dmitry-1.3a/src/mailsearch.c:23:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(hostwww, host);
data/dmitry-1.3a/src/mailsearch.c:177:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(emailbuff[emailcount], email);
data/dmitry-1.3a/src/nwhois.c:23:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(fhost, host);
data/dmitry-1.3a/src/nwhois.c:37:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
} else strcpy(server, nic_whois_hosts[hostn - 1]);
data/dmitry-1.3a/src/output.c:19:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sendbuff, string2);
data/dmitry-1.3a/src/output.c:29:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(string, string2);
data/dmitry-1.3a/src/subsearch.c:23:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(hostwww, host);
data/dmitry-1.3a/src/subsearch.c:172:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(subbuff[subcount], sub);
data/dmitry-1.3a/src/dmitry.c:41:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( ( optchar = getopt(argc, argv, "viwenspbfo:t:") ) != -1 ){
data/dmitry-1.3a/src/dmitry.c:21:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_ip[MAXIPLEN];
data/dmitry-1.3a/src/dmitry.c:22:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_name[MAXNAMELEN];
data/dmitry-1.3a/src/file.c:5:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(wfp = fopen(outputfile, "w" ) )) {
data/dmitry-1.3a/src/file.c:16:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!( wfp = fopen(outputfile, "a+" ) )) {
data/dmitry-1.3a/src/includes/dmitry.h:15:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputfile[64];
data/dmitry-1.3a/src/includes/dmitrybot.h:2:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_ip[128];
data/dmitry-1.3a/src/includes/dmitrybot.h:3:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_name[255];
data/dmitry-1.3a/src/includes/dmitrybot.h:13:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputfile[64];
data/dmitry-1.3a/src/includes/file.h:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[64];
data/dmitry-1.3a/src/includes/file.h:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char outputfile[64];
data/dmitry-1.3a/src/includes/global.h:3:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[10];
data/dmitry-1.3a/src/includes/iwhois.h:17:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netb[64];
data/dmitry-1.3a/src/includes/iwhois.h:18:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filebuff[1024];
data/dmitry-1.3a/src/includes/iwhois.h:19:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recvbuff[128];
data/dmitry-1.3a/src/includes/iwhois.h:20:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuff[255];
data/dmitry-1.3a/src/includes/iwhois.h:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[26];
data/dmitry-1.3a/src/includes/iwhois.h:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char outputfile[64];
data/dmitry-1.3a/src/includes/mailsearch.h:10:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char outputfile[64];
data/dmitry-1.3a/src/includes/mailsearch.h:21:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagestring[32]; /* The string to request a new page */
data/dmitry-1.3a/src/includes/netcraft.h:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char write_l[128];
data/dmitry-1.3a/src/includes/netcraft.h:6:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uptime[128];
data/dmitry-1.3a/src/includes/netcraft.h:7:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char os[32];
data/dmitry-1.3a/src/includes/netcraft.h:8:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recvbuff[128];
data/dmitry-1.3a/src/includes/netcraft.h:9:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuff[255];
data/dmitry-1.3a/src/includes/netcraft.h:10:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024];
data/dmitry-1.3a/src/includes/netcraft.h:21:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char outputfile[64];
data/dmitry-1.3a/src/includes/nwhois.h:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char td[10];
data/dmitry-1.3a/src/includes/nwhois.h:15:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[128];
data/dmitry-1.3a/src/includes/nwhois.h:17:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char outputfile[64];
data/dmitry-1.3a/src/includes/output.h:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char user[10];
data/dmitry-1.3a/src/includes/output.h:10:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char outputfile[64];
data/dmitry-1.3a/src/includes/portscan.h:3:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recvbuff[128];
data/dmitry-1.3a/src/includes/portscan.h:4:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filebuff[255];
data/dmitry-1.3a/src/includes/subsearch.h:11:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char outputfile[64];
data/dmitry-1.3a/src/includes/subsearch.h:22:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pagestring[32]; /* The string to request a new page */
data/dmitry-1.3a/src/includes/tcp_sock.h:16:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char print[512];
data/dmitry-1.3a/src/iwhois.c:6:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuff[128];
data/dmitry-1.3a/src/iwhois.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/dmitry-1.3a/src/iwhois.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frmtdbuff[256]; /* This is the buffer containing formatted lines */
data/dmitry-1.3a/src/mailsearch.c:5:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostwww[64];
data/dmitry-1.3a/src/mailsearch.c:6:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuff[256];
data/dmitry-1.3a/src/mailsearch.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuff[2048];
data/dmitry-1.3a/src/mailsearch.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flippedemail[NCOL];
data/dmitry-1.3a/src/mailsearch.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char email[NCOL];
data/dmitry-1.3a/src/mailsearch.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[128];
data/dmitry-1.3a/src/netcraft.c:70:40: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ( temp[strlen(temp) - 2] == 45 ) strcat(uptime, " - \tRecord Max (days)\n");
data/dmitry-1.3a/src/netcraft.c:71:54: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ( temp[31] == 'd' && (strlen(temp) - 2 == 31)) strcat(uptime, " - \tLatest (days)\n");
data/dmitry-1.3a/src/netcraft.c:72:92: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ( temp[22] != ' ' && temp[strlen(temp) -6] == ' ' && temp[strlen(temp) - 5] == '<' ) strcat(uptime, "\t - \tNo. Samples\n");
data/dmitry-1.3a/src/nwhois.c:6:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fhost[128]; /* Host with www removed */
data/dmitry-1.3a/src/nwhois.c:7:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuff[128];
data/dmitry-1.3a/src/nwhois.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[64];
data/dmitry-1.3a/src/nwhois.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/dmitry-1.3a/src/nwhois.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frmtdbuff[128]; /* This is the buffer containing formatted lines */
data/dmitry-1.3a/src/output.c:7:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuff[255];
data/dmitry-1.3a/src/output.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuff[5];
data/dmitry-1.3a/src/output.c:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuff2[5];
data/dmitry-1.3a/src/portscan.c:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char outputfile[64];
data/dmitry-1.3a/src/resolve.c:10:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char outputfile[64];
data/dmitry-1.3a/src/resolve.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char www[128];
data/dmitry-1.3a/src/subsearch.c:5:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostwww[64];
data/dmitry-1.3a/src/subsearch.c:6:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuff[128];
data/dmitry-1.3a/src/subsearch.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuff[2048];
data/dmitry-1.3a/src/subsearch.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flippedsub[NCOL];
data/dmitry-1.3a/src/subsearch.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub[NCOL];
data/dmitry-1.3a/src/subsearch.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[128];
data/dmitry-1.3a/src/subsearch.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_ip[MAXIPLEN];
data/dmitry-1.3a/src/tcp_sock.c:30:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sock.sin_addr, *pptr, sizeof(struct in_addr));
data/dmitry-1.3a/src/dmitry.c:135:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_prep();
data/dmitry-1.3a/src/dmitry.c:136:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_open();
data/dmitry-1.3a/src/dmitry.c:157:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_close();
data/dmitry-1.3a/src/dmitry.c:160:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( options[0] && strlen(host_ip)) get_iwhois(host_ip);
data/dmitry-1.3a/src/dmitry.c:161:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( options[1] && strlen(host_name)) get_nwhois(host_name);
data/dmitry-1.3a/src/dmitry.c:162:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( options[2] && strlen(host_name)) get_netcraft(host_name);
data/dmitry-1.3a/src/dmitry.c:163:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( options[4] && strlen(host_name)) get_subdomains(host_name);
data/dmitry-1.3a/src/dmitry.c:164:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( options[5] && strlen(host_name)) get_emails(host_name);
data/dmitry-1.3a/src/dmitry.c:165:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( options[3] >= 1 && strlen(host_ip)) portscan(host_ip, ttl, options[3]);
data/dmitry-1.3a/src/file.c:4:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outputfile[strlen(outputfile)] = '\0';
data/dmitry-1.3a/src/iwhois.c:8:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_open(); /* Are we outputting to a file? */
data/dmitry-1.3a/src/iwhois.c:19:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_close();
data/dmitry-1.3a/src/iwhois.c:29:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_close();
data/dmitry-1.3a/src/iwhois.c:37:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_close();
data/dmitry-1.3a/src/iwhois.c:48:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendData(query, strlen(query));
data/dmitry-1.3a/src/iwhois.c:96:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
frmtdbuff[strlen(frmtdbuff)] = buff[ctr];
data/dmitry-1.3a/src/iwhois.c:99:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(frmtdbuff) ) linetodo = 1;
data/dmitry-1.3a/src/mailsearch.c:15:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( host[0] == 'w' && host[1] == 'w' && host[2] == 'w' && host[3] == '.' && strlen(host) > 9 ) {
data/dmitry-1.3a/src/mailsearch.c:21:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostwww[strlen(hostwww)] = '\0';
data/dmitry-1.3a/src/mailsearch.c:25:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outputfile)) file_open();
data/dmitry-1.3a/src/mailsearch.c:59:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendData(sendbuff, strlen(sendbuff));
data/dmitry-1.3a/src/mailsearch.c:80:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outputfile)) file_close();
data/dmitry-1.3a/src/mailsearch.c:96:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(crpos=0;readbuff[crpos + 1] != '\0' && crpos < (int)strlen(readbuff);crpos++){
data/dmitry-1.3a/src/mailsearch.c:97:145: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( readbuff[crpos] == '<' && readbuff[crpos + 1] == '/' && readbuff[crpos + 2] == 'b' && readbuff[crpos + 3] == '>' && (crpos + 5) < (int)strlen(readbuff) ) crpos += 4;
data/dmitry-1.3a/src/mailsearch.c:98:115: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( readbuff[crpos] == '<' && readbuff[crpos + 1] == 'b' && readbuff[crpos + 2] == '>' && (crpos + 4) < (int)strlen(readbuff)) crpos += 3;
data/dmitry-1.3a/src/mailsearch.c:104:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ckpos == (int) strlen(host) && ( readbuff[(crpos-ckpos) - 10] == '@' || readbuff[(crpos-ckpos) - 10] == '.' )){
data/dmitry-1.3a/src/mailsearch.c:108:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ckpos == (int) strlen(host) && ( readbuff[crpos-ckpos] == '@' || readbuff[crpos-ckpos] == '.' )) {
data/dmitry-1.3a/src/mailsearch.c:115:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while(strlen(readbuff) > 0 );
data/dmitry-1.3a/src/mailsearch.c:147:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(flippedemail) >= NCOL) return 0;
data/dmitry-1.3a/src/mailsearch.c:149:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(ctr=(int)strlen(flippedemail);ctr >= 0;ctr--){
data/dmitry-1.3a/src/mailsearch.c:150:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
email[strlen(email)] = flippedemail[ctr];
data/dmitry-1.3a/src/mailsearch.c:152:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! strlen(email) || strlen(email) >= NCOL || email[0] == '@' || !strstr(email, "@")) return 0;
data/dmitry-1.3a/src/mailsearch.c:152:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! strlen(email) || strlen(email) >= NCOL || email[0] == '@' || !strstr(email, "@")) return 0;
data/dmitry-1.3a/src/netcraft.c:8:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ch != '\n' ) temp[strlen(temp)] = ch;
data/dmitry-1.3a/src/netcraft.c:60:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
os[strlen(os)] = '\n';
data/dmitry-1.3a/src/netcraft.c:65:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ( temp[ctr3] != '\0' && temp[ctr3] != '<' && ctr3 <= strlen(temp)){
data/dmitry-1.3a/src/netcraft.c:68:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( temp[ctr3] != '\0' && temp[ctr3] != '<') uptime[strlen(uptime)] = temp[ctr3];
data/dmitry-1.3a/src/netcraft.c:70:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( temp[strlen(temp) - 2] == 45 ) strcat(uptime, " - \tRecord Max (days)\n");
data/dmitry-1.3a/src/netcraft.c:71:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( temp[31] == 'd' && (strlen(temp) - 2 == 31)) strcat(uptime, " - \tLatest (days)\n");
data/dmitry-1.3a/src/netcraft.c:72:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( temp[22] != ' ' && temp[strlen(temp) -6] == ' ' && temp[strlen(temp) - 5] == '<' ) strcat(uptime, "\t - \tNo. Samples\n");
data/dmitry-1.3a/src/netcraft.c:72:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( temp[22] != ' ' && temp[strlen(temp) -6] == ' ' && temp[strlen(temp) - 5] == '<' ) strcat(uptime, "\t - \tNo. Samples\n");
data/dmitry-1.3a/src/netcraft.c:93:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_open();
data/dmitry-1.3a/src/netcraft.c:106:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendData(sendbuff, strlen(sendbuff));
data/dmitry-1.3a/src/netcraft.c:118:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_close();
data/dmitry-1.3a/src/nwhois.c:12:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_open();
data/dmitry-1.3a/src/nwhois.c:16:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( host[0] == 'w' && host[1] == 'w' && host[2] == 'w' && host[3] == '.'&& strlen(host) > 9 ) {
data/dmitry-1.3a/src/nwhois.c:43:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_close();
data/dmitry-1.3a/src/nwhois.c:54:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendData(query, strlen(query));
data/dmitry-1.3a/src/nwhois.c:82:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctr = strlen(host) - 1;
data/dmitry-1.3a/src/nwhois.c:90:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
td[strlen(td)] = host[ctr];
data/dmitry-1.3a/src/nwhois.c:138:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
frmtdbuff[strlen(frmtdbuff)] = buff[ctr];
data/dmitry-1.3a/src/nwhois.c:141:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(frmtdbuff) ) linetodo = 1;
data/dmitry-1.3a/src/output.c:13:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ){
data/dmitry-1.3a/src/output.c:22:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendbuff[strlen(sendbuff)] = string[ctr];
data/dmitry-1.3a/src/port_sock.c:53:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read((int) tcp_sock, (char *) readbuff, (int) readsize);
data/dmitry-1.3a/src/portscan.c:19:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) file_open();
data/dmitry-1.3a/src/portscan.c:25:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) fputs(filebuff, wfp);
data/dmitry-1.3a/src/portscan.c:32:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) fputs(filebuff, wfp);
data/dmitry-1.3a/src/portscan.c:36:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( recvbuff[strlen(recvbuff) - 1] != '\n' ) recvbuff[strlen(recvbuff) - 1] = '\n';
data/dmitry-1.3a/src/portscan.c:36:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( recvbuff[strlen(recvbuff) - 1] != '\n' ) recvbuff[strlen(recvbuff) - 1] = '\n';
data/dmitry-1.3a/src/portscan.c:37:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) fputs(recvbuff, wfp);
data/dmitry-1.3a/src/portscan.c:48:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ) fputs(filebuff, wfp);
data/dmitry-1.3a/src/portscan.c:56:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(outputfile) ){
data/dmitry-1.3a/src/subsearch.c:15:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( host[0] == 'w' && host[1] == 'w' && host[2] == 'w' && host[3] == '.'&& strlen(host) > 9 ) {
data/dmitry-1.3a/src/subsearch.c:21:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostwww[strlen(hostwww)] = '\0';
data/dmitry-1.3a/src/subsearch.c:25:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outputfile)) file_open();
data/dmitry-1.3a/src/subsearch.c:59:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendData(sendbuff, strlen(sendbuff));
data/dmitry-1.3a/src/subsearch.c:78:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outputfile)) file_close();
data/dmitry-1.3a/src/subsearch.c:94:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(crpos=0;readbuff[crpos + 1] != '\0' && crpos < (int)strlen(readbuff);crpos++){
data/dmitry-1.3a/src/subsearch.c:95:145: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( readbuff[crpos] == '<' && readbuff[crpos + 1] == '/' && readbuff[crpos + 2] == 'b' && readbuff[crpos + 3] == '>' && (crpos + 5) < (int)strlen(readbuff) ) crpos += 4;
data/dmitry-1.3a/src/subsearch.c:96:115: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( readbuff[crpos] == '<' && readbuff[crpos + 1] == 'b' && readbuff[crpos + 2] == '>' && (crpos + 4) < (int)strlen(readbuff)) crpos += 3;
data/dmitry-1.3a/src/subsearch.c:99:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ckpos == (int) strlen(host) && readbuff[(crpos-ckpos) - 10] == '.' ){
data/dmitry-1.3a/src/subsearch.c:103:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ckpos == (int) strlen(host) && readbuff[crpos-ckpos] == '.' ) {
data/dmitry-1.3a/src/subsearch.c:109:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while(strlen(readbuff) > 0 );
data/dmitry-1.3a/src/subsearch.c:139:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(ctr=(int)strlen(flippedsub);ctr >= 0;ctr--){
data/dmitry-1.3a/src/subsearch.c:140:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sub[strlen(sub)] = flippedsub[ctr];
data/dmitry-1.3a/src/subsearch.c:142:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! strlen(sub) || strlen(sub) > NCOL || sub[0] == '.') return 0;
data/dmitry-1.3a/src/subsearch.c:142:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! strlen(sub) || strlen(sub) > NCOL || sub[0] == '.') return 0;
data/dmitry-1.3a/src/tcp_sock.c:74:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read((int) tcp_sock, (char *) readbuff, (int) readsize);
ANALYSIS SUMMARY:
Hits = 158
Lines analyzed = 1670 in approximately 0.10 seconds (16132 lines/second)
Physical Source Lines of Code (SLOC) = 1299
Hits@level = [0] 59 [1] 79 [2] 67 [3] 1 [4] 11 [5] 0
Hits@level+ = [0+] 217 [1+] 158 [2+] 79 [3+] 12 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 167.052 [1+] 121.632 [2+] 60.816 [3+] 9.23788 [4+] 8.46805 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.