Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dmitry-1.3a/src/includes/file.h Examining data/dmitry-1.3a/src/includes/netcraft.h Examining data/dmitry-1.3a/src/includes/iwhois.h Examining data/dmitry-1.3a/src/includes/portscan.h Examining data/dmitry-1.3a/src/includes/nwhois.h Examining data/dmitry-1.3a/src/includes/resolve.h Examining data/dmitry-1.3a/src/includes/global.h Examining data/dmitry-1.3a/src/includes/dmitry.h Examining data/dmitry-1.3a/src/includes/port_sock.h Examining data/dmitry-1.3a/src/includes/dmitrybot.h Examining data/dmitry-1.3a/src/includes/mailsearch.h Examining data/dmitry-1.3a/src/includes/output.h Examining data/dmitry-1.3a/src/includes/subsearch.h Examining data/dmitry-1.3a/src/includes/config.h Examining data/dmitry-1.3a/src/includes/tcp_sock.h Examining data/dmitry-1.3a/src/file.c Examining data/dmitry-1.3a/src/subsearch.c Examining data/dmitry-1.3a/src/mailsearch.c Examining data/dmitry-1.3a/src/netcraft.c Examining data/dmitry-1.3a/src/port_sock.c Examining data/dmitry-1.3a/src/portscan.c Examining data/dmitry-1.3a/src/resolve.c Examining data/dmitry-1.3a/src/tcp_sock.c Examining data/dmitry-1.3a/src/dmitry.c Examining data/dmitry-1.3a/src/output.c Examining data/dmitry-1.3a/src/nwhois.c Examining data/dmitry-1.3a/src/iwhois.c FINAL RESULTS: data/dmitry-1.3a/src/dmitry.c:98:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outputfile, optarg); data/dmitry-1.3a/src/dmitry.c:145:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(host_name, argv[argc - 1]); data/dmitry-1.3a/src/dmitry.c:152:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(host_ip, argv[argc - 1]); data/dmitry-1.3a/src/mailsearch.c:23:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(hostwww, host); data/dmitry-1.3a/src/mailsearch.c:177:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(emailbuff[emailcount], email); data/dmitry-1.3a/src/nwhois.c:23:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(fhost, host); data/dmitry-1.3a/src/nwhois.c:37:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). } else strcpy(server, nic_whois_hosts[hostn - 1]); data/dmitry-1.3a/src/output.c:19:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sendbuff, string2); data/dmitry-1.3a/src/output.c:29:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(string, string2); data/dmitry-1.3a/src/subsearch.c:23:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(hostwww, host); data/dmitry-1.3a/src/subsearch.c:172:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(subbuff[subcount], sub); data/dmitry-1.3a/src/dmitry.c:41:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ( ( optchar = getopt(argc, argv, "viwenspbfo:t:") ) != -1 ){ data/dmitry-1.3a/src/dmitry.c:21:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_ip[MAXIPLEN]; data/dmitry-1.3a/src/dmitry.c:22:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_name[MAXNAMELEN]; data/dmitry-1.3a/src/file.c:5:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(wfp = fopen(outputfile, "w" ) )) { data/dmitry-1.3a/src/file.c:16:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!( wfp = fopen(outputfile, "a+" ) )) { data/dmitry-1.3a/src/includes/dmitry.h:15:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputfile[64]; data/dmitry-1.3a/src/includes/dmitrybot.h:2:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_ip[128]; data/dmitry-1.3a/src/includes/dmitrybot.h:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_name[255]; data/dmitry-1.3a/src/includes/dmitrybot.h:13:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outputfile[64]; data/dmitry-1.3a/src/includes/file.h:5:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[64]; data/dmitry-1.3a/src/includes/file.h:6:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char outputfile[64]; data/dmitry-1.3a/src/includes/global.h:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[10]; data/dmitry-1.3a/src/includes/iwhois.h:17:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netb[64]; data/dmitry-1.3a/src/includes/iwhois.h:18:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filebuff[1024]; data/dmitry-1.3a/src/includes/iwhois.h:19:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recvbuff[128]; data/dmitry-1.3a/src/includes/iwhois.h:20:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sendbuff[255]; data/dmitry-1.3a/src/includes/iwhois.h:30:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[26]; data/dmitry-1.3a/src/includes/iwhois.h:31:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char outputfile[64]; data/dmitry-1.3a/src/includes/mailsearch.h:10:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char outputfile[64]; data/dmitry-1.3a/src/includes/mailsearch.h:21:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pagestring[32]; /* The string to request a new page */ data/dmitry-1.3a/src/includes/netcraft.h:5:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char write_l[128]; data/dmitry-1.3a/src/includes/netcraft.h:6:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[128]; data/dmitry-1.3a/src/includes/netcraft.h:7:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char os[32]; data/dmitry-1.3a/src/includes/netcraft.h:8:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recvbuff[128]; data/dmitry-1.3a/src/includes/netcraft.h:9:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sendbuff[255]; data/dmitry-1.3a/src/includes/netcraft.h:10:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1024]; data/dmitry-1.3a/src/includes/netcraft.h:21:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char outputfile[64]; data/dmitry-1.3a/src/includes/nwhois.h:14:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char td[10]; data/dmitry-1.3a/src/includes/nwhois.h:15:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[128]; data/dmitry-1.3a/src/includes/nwhois.h:17:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char outputfile[64]; data/dmitry-1.3a/src/includes/output.h:6:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char user[10]; data/dmitry-1.3a/src/includes/output.h:10:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char outputfile[64]; data/dmitry-1.3a/src/includes/portscan.h:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recvbuff[128]; data/dmitry-1.3a/src/includes/portscan.h:4:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filebuff[255]; data/dmitry-1.3a/src/includes/subsearch.h:11:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char outputfile[64]; data/dmitry-1.3a/src/includes/subsearch.h:22:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pagestring[32]; /* The string to request a new page */ data/dmitry-1.3a/src/includes/tcp_sock.h:16:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char print[512]; data/dmitry-1.3a/src/iwhois.c:6:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuff[128]; data/dmitry-1.3a/src/iwhois.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; data/dmitry-1.3a/src/iwhois.c:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frmtdbuff[256]; /* This is the buffer containing formatted lines */ data/dmitry-1.3a/src/mailsearch.c:5:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostwww[64]; data/dmitry-1.3a/src/mailsearch.c:6:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sendbuff[256]; data/dmitry-1.3a/src/mailsearch.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char readbuff[2048]; data/dmitry-1.3a/src/mailsearch.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flippedemail[NCOL]; data/dmitry-1.3a/src/mailsearch.c:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char email[NCOL]; data/dmitry-1.3a/src/mailsearch.c:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output[128]; data/dmitry-1.3a/src/netcraft.c:70:40: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if ( temp[strlen(temp) - 2] == 45 ) strcat(uptime, " - \tRecord Max (days)\n"); data/dmitry-1.3a/src/netcraft.c:71:54: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if ( temp[31] == 'd' && (strlen(temp) - 2 == 31)) strcat(uptime, " - \tLatest (days)\n"); data/dmitry-1.3a/src/netcraft.c:72:92: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if ( temp[22] != ' ' && temp[strlen(temp) -6] == ' ' && temp[strlen(temp) - 5] == '<' ) strcat(uptime, "\t - \tNo. Samples\n"); data/dmitry-1.3a/src/nwhois.c:6:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fhost[128]; /* Host with www removed */ data/dmitry-1.3a/src/nwhois.c:7:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuff[128]; data/dmitry-1.3a/src/nwhois.c:8:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char server[64]; data/dmitry-1.3a/src/nwhois.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; data/dmitry-1.3a/src/nwhois.c:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frmtdbuff[128]; /* This is the buffer containing formatted lines */ data/dmitry-1.3a/src/output.c:7:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sendbuff[255]; data/dmitry-1.3a/src/output.c:8:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuff[5]; data/dmitry-1.3a/src/output.c:9:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuff2[5]; data/dmitry-1.3a/src/portscan.c:6:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char outputfile[64]; data/dmitry-1.3a/src/resolve.c:10:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char outputfile[64]; data/dmitry-1.3a/src/resolve.c:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char www[128]; data/dmitry-1.3a/src/subsearch.c:5:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostwww[64]; data/dmitry-1.3a/src/subsearch.c:6:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sendbuff[128]; data/dmitry-1.3a/src/subsearch.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char readbuff[2048]; data/dmitry-1.3a/src/subsearch.c:117:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flippedsub[NCOL]; data/dmitry-1.3a/src/subsearch.c:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sub[NCOL]; data/dmitry-1.3a/src/subsearch.c:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output[128]; data/dmitry-1.3a/src/subsearch.c:151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_ip[MAXIPLEN]; data/dmitry-1.3a/src/tcp_sock.c:30:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sock.sin_addr, *pptr, sizeof(struct in_addr)); data/dmitry-1.3a/src/dmitry.c:135:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_prep(); data/dmitry-1.3a/src/dmitry.c:136:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_open(); data/dmitry-1.3a/src/dmitry.c:157:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_close(); data/dmitry-1.3a/src/dmitry.c:160:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( options[0] && strlen(host_ip)) get_iwhois(host_ip); data/dmitry-1.3a/src/dmitry.c:161:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( options[1] && strlen(host_name)) get_nwhois(host_name); data/dmitry-1.3a/src/dmitry.c:162:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( options[2] && strlen(host_name)) get_netcraft(host_name); data/dmitry-1.3a/src/dmitry.c:163:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( options[4] && strlen(host_name)) get_subdomains(host_name); data/dmitry-1.3a/src/dmitry.c:164:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( options[5] && strlen(host_name)) get_emails(host_name); data/dmitry-1.3a/src/dmitry.c:165:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( options[3] >= 1 && strlen(host_ip)) portscan(host_ip, ttl, options[3]); data/dmitry-1.3a/src/file.c:4:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outputfile[strlen(outputfile)] = '\0'; data/dmitry-1.3a/src/iwhois.c:8:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_open(); /* Are we outputting to a file? */ data/dmitry-1.3a/src/iwhois.c:19:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_close(); data/dmitry-1.3a/src/iwhois.c:29:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_close(); data/dmitry-1.3a/src/iwhois.c:37:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_close(); data/dmitry-1.3a/src/iwhois.c:48:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendData(query, strlen(query)); data/dmitry-1.3a/src/iwhois.c:96:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). frmtdbuff[strlen(frmtdbuff)] = buff[ctr]; data/dmitry-1.3a/src/iwhois.c:99:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(frmtdbuff) ) linetodo = 1; data/dmitry-1.3a/src/mailsearch.c:15:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( host[0] == 'w' && host[1] == 'w' && host[2] == 'w' && host[3] == '.' && strlen(host) > 9 ) { data/dmitry-1.3a/src/mailsearch.c:21:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hostwww[strlen(hostwww)] = '\0'; data/dmitry-1.3a/src/mailsearch.c:25:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(outputfile)) file_open(); data/dmitry-1.3a/src/mailsearch.c:59:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendData(sendbuff, strlen(sendbuff)); data/dmitry-1.3a/src/mailsearch.c:80:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(outputfile)) file_close(); data/dmitry-1.3a/src/mailsearch.c:96:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(crpos=0;readbuff[crpos + 1] != '\0' && crpos < (int)strlen(readbuff);crpos++){ data/dmitry-1.3a/src/mailsearch.c:97:145: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( readbuff[crpos] == '<' && readbuff[crpos + 1] == '/' && readbuff[crpos + 2] == 'b' && readbuff[crpos + 3] == '>' && (crpos + 5) < (int)strlen(readbuff) ) crpos += 4; data/dmitry-1.3a/src/mailsearch.c:98:115: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( readbuff[crpos] == '<' && readbuff[crpos + 1] == 'b' && readbuff[crpos + 2] == '>' && (crpos + 4) < (int)strlen(readbuff)) crpos += 3; data/dmitry-1.3a/src/mailsearch.c:104:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ckpos == (int) strlen(host) && ( readbuff[(crpos-ckpos) - 10] == '@' || readbuff[(crpos-ckpos) - 10] == '.' )){ data/dmitry-1.3a/src/mailsearch.c:108:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ckpos == (int) strlen(host) && ( readbuff[crpos-ckpos] == '@' || readbuff[crpos-ckpos] == '.' )) { data/dmitry-1.3a/src/mailsearch.c:115:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while(strlen(readbuff) > 0 ); data/dmitry-1.3a/src/mailsearch.c:147:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(flippedemail) >= NCOL) return 0; data/dmitry-1.3a/src/mailsearch.c:149:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(ctr=(int)strlen(flippedemail);ctr >= 0;ctr--){ data/dmitry-1.3a/src/mailsearch.c:150:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). email[strlen(email)] = flippedemail[ctr]; data/dmitry-1.3a/src/mailsearch.c:152:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! strlen(email) || strlen(email) >= NCOL || email[0] == '@' || !strstr(email, "@")) return 0; data/dmitry-1.3a/src/mailsearch.c:152:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! strlen(email) || strlen(email) >= NCOL || email[0] == '@' || !strstr(email, "@")) return 0; data/dmitry-1.3a/src/netcraft.c:8:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ch != '\n' ) temp[strlen(temp)] = ch; data/dmitry-1.3a/src/netcraft.c:60:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). os[strlen(os)] = '\n'; data/dmitry-1.3a/src/netcraft.c:65:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while ( temp[ctr3] != '\0' && temp[ctr3] != '<' && ctr3 <= strlen(temp)){ data/dmitry-1.3a/src/netcraft.c:68:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( temp[ctr3] != '\0' && temp[ctr3] != '<') uptime[strlen(uptime)] = temp[ctr3]; data/dmitry-1.3a/src/netcraft.c:70:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( temp[strlen(temp) - 2] == 45 ) strcat(uptime, " - \tRecord Max (days)\n"); data/dmitry-1.3a/src/netcraft.c:71:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( temp[31] == 'd' && (strlen(temp) - 2 == 31)) strcat(uptime, " - \tLatest (days)\n"); data/dmitry-1.3a/src/netcraft.c:72:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( temp[22] != ' ' && temp[strlen(temp) -6] == ' ' && temp[strlen(temp) - 5] == '<' ) strcat(uptime, "\t - \tNo. Samples\n"); data/dmitry-1.3a/src/netcraft.c:72:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( temp[22] != ' ' && temp[strlen(temp) -6] == ' ' && temp[strlen(temp) - 5] == '<' ) strcat(uptime, "\t - \tNo. Samples\n"); data/dmitry-1.3a/src/netcraft.c:93:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_open(); data/dmitry-1.3a/src/netcraft.c:106:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendData(sendbuff, strlen(sendbuff)); data/dmitry-1.3a/src/netcraft.c:118:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_close(); data/dmitry-1.3a/src/nwhois.c:12:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_open(); data/dmitry-1.3a/src/nwhois.c:16:85: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( host[0] == 'w' && host[1] == 'w' && host[2] == 'w' && host[3] == '.'&& strlen(host) > 9 ) { data/dmitry-1.3a/src/nwhois.c:43:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_close(); data/dmitry-1.3a/src/nwhois.c:54:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendData(query, strlen(query)); data/dmitry-1.3a/src/nwhois.c:82:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctr = strlen(host) - 1; data/dmitry-1.3a/src/nwhois.c:90:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). td[strlen(td)] = host[ctr]; data/dmitry-1.3a/src/nwhois.c:138:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). frmtdbuff[strlen(frmtdbuff)] = buff[ctr]; data/dmitry-1.3a/src/nwhois.c:141:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(frmtdbuff) ) linetodo = 1; data/dmitry-1.3a/src/output.c:13:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ){ data/dmitry-1.3a/src/output.c:22:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendbuff[strlen(sendbuff)] = string[ctr]; data/dmitry-1.3a/src/port_sock.c:53:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read((int) tcp_sock, (char *) readbuff, (int) readsize); data/dmitry-1.3a/src/portscan.c:19:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) file_open(); data/dmitry-1.3a/src/portscan.c:25:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) fputs(filebuff, wfp); data/dmitry-1.3a/src/portscan.c:32:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) fputs(filebuff, wfp); data/dmitry-1.3a/src/portscan.c:36:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( recvbuff[strlen(recvbuff) - 1] != '\n' ) recvbuff[strlen(recvbuff) - 1] = '\n'; data/dmitry-1.3a/src/portscan.c:36:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( recvbuff[strlen(recvbuff) - 1] != '\n' ) recvbuff[strlen(recvbuff) - 1] = '\n'; data/dmitry-1.3a/src/portscan.c:37:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) fputs(recvbuff, wfp); data/dmitry-1.3a/src/portscan.c:48:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ) fputs(filebuff, wfp); data/dmitry-1.3a/src/portscan.c:56:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(outputfile) ){ data/dmitry-1.3a/src/subsearch.c:15:85: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( host[0] == 'w' && host[1] == 'w' && host[2] == 'w' && host[3] == '.'&& strlen(host) > 9 ) { data/dmitry-1.3a/src/subsearch.c:21:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hostwww[strlen(hostwww)] = '\0'; data/dmitry-1.3a/src/subsearch.c:25:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(outputfile)) file_open(); data/dmitry-1.3a/src/subsearch.c:59:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendData(sendbuff, strlen(sendbuff)); data/dmitry-1.3a/src/subsearch.c:78:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(outputfile)) file_close(); data/dmitry-1.3a/src/subsearch.c:94:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(crpos=0;readbuff[crpos + 1] != '\0' && crpos < (int)strlen(readbuff);crpos++){ data/dmitry-1.3a/src/subsearch.c:95:145: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( readbuff[crpos] == '<' && readbuff[crpos + 1] == '/' && readbuff[crpos + 2] == 'b' && readbuff[crpos + 3] == '>' && (crpos + 5) < (int)strlen(readbuff) ) crpos += 4; data/dmitry-1.3a/src/subsearch.c:96:115: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( readbuff[crpos] == '<' && readbuff[crpos + 1] == 'b' && readbuff[crpos + 2] == '>' && (crpos + 4) < (int)strlen(readbuff)) crpos += 3; data/dmitry-1.3a/src/subsearch.c:99:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ckpos == (int) strlen(host) && readbuff[(crpos-ckpos) - 10] == '.' ){ data/dmitry-1.3a/src/subsearch.c:103:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ckpos == (int) strlen(host) && readbuff[crpos-ckpos] == '.' ) { data/dmitry-1.3a/src/subsearch.c:109:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while(strlen(readbuff) > 0 ); data/dmitry-1.3a/src/subsearch.c:139:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(ctr=(int)strlen(flippedsub);ctr >= 0;ctr--){ data/dmitry-1.3a/src/subsearch.c:140:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sub[strlen(sub)] = flippedsub[ctr]; data/dmitry-1.3a/src/subsearch.c:142:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! strlen(sub) || strlen(sub) > NCOL || sub[0] == '.') return 0; data/dmitry-1.3a/src/subsearch.c:142:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! strlen(sub) || strlen(sub) > NCOL || sub[0] == '.') return 0; data/dmitry-1.3a/src/tcp_sock.c:74:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read((int) tcp_sock, (char *) readbuff, (int) readsize); ANALYSIS SUMMARY: Hits = 158 Lines analyzed = 1670 in approximately 0.10 seconds (16132 lines/second) Physical Source Lines of Code (SLOC) = 1299 Hits@level = [0] 59 [1] 79 [2] 67 [3] 1 [4] 11 [5] 0 Hits@level+ = [0+] 217 [1+] 158 [2+] 79 [3+] 12 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 167.052 [1+] 121.632 [2+] 60.816 [3+] 9.23788 [4+] 8.46805 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.