Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gconf-3.2.6/gsettings/gconfsettingsbackend.c Examining data/gconf-3.2.6/gsettings/gconfsettingsbackend.h Examining data/gconf-3.2.6/gsettings/gconfsettingsbackend-module.c Examining data/gconf-3.2.6/gsettings/gsettings-data-convert.c Examining data/gconf-3.2.6/tests/testunique.c Examining data/gconf-3.2.6/tests/testencode.c Examining data/gconf-3.2.6/tests/testpersistence.c Examining data/gconf-3.2.6/tests/testdirlist.c Examining data/gconf-3.2.6/tests/testaddress.c Examining data/gconf-3.2.6/tests/testbackend.c Examining data/gconf-3.2.6/tests/testchangeset.c Examining data/gconf-3.2.6/tests/testschemas.c Examining data/gconf-3.2.6/tests/testlisteners.c Examining data/gconf-3.2.6/tests/testgconf.c Examining data/gconf-3.2.6/backends/evoldap-backend.c Examining data/gconf-3.2.6/backends/xml-test.c Examining data/gconf-3.2.6/backends/markup-backend.c Examining data/gconf-3.2.6/backends/xml-dir.h Examining data/gconf-3.2.6/backends/xml-cache.h Examining data/gconf-3.2.6/backends/xml-cache.c Examining data/gconf-3.2.6/backends/markup-tree.h Examining data/gconf-3.2.6/backends/xml-entry.c Examining data/gconf-3.2.6/backends/xml-backend.c Examining data/gconf-3.2.6/backends/xml-entry.h Examining data/gconf-3.2.6/backends/gconf-merge-tree.c Examining data/gconf-3.2.6/backends/markup-tree.c Examining data/gconf-3.2.6/backends/xml-dir.c Examining data/gconf-3.2.6/examples/basic-gconf-app.c Examining data/gconf-3.2.6/examples/simple-controller.c Examining data/gconf-3.2.6/examples/simple-view.c Examining data/gconf-3.2.6/defaults/gconf-defaults-glue.h Examining data/gconf-3.2.6/defaults/gconf-defaults.h Examining data/gconf-3.2.6/defaults/gconf-defaults-main.c Examining data/gconf-3.2.6/defaults/gconf-defaults.c Examining data/gconf-3.2.6/gconf/gconfd-dbus.h Examining data/gconf-3.2.6/gconf/gconf-sources.h Examining data/gconf-3.2.6/gconf/gconfd.h Examining data/gconf-3.2.6/gconf/gconf-internals.c Examining data/gconf-3.2.6/gconf/gconf-error.c Examining data/gconf-3.2.6/gconf/gconf-database-dbus.c Examining data/gconf-3.2.6/gconf/gconf-engine.h Examining data/gconf-3.2.6/gconf/gconf-value.c Examining data/gconf-3.2.6/gconf/gconf-internals.h Examining data/gconf-3.2.6/gconf/gconf-enum-types.h Examining data/gconf-3.2.6/gconf/gconf-dbus-utils.h Examining data/gconf-3.2.6/gconf/gconf-database-dbus.h Examining data/gconf-3.2.6/gconf/gconf.c Examining data/gconf-3.2.6/gconf/gconf-changeset.h Examining data/gconf-3.2.6/gconf/gconf-listeners.h Examining data/gconf-3.2.6/gconf/gconf-dbus-utils.c Examining data/gconf-3.2.6/gconf/gconf-schema.h Examining data/gconf-3.2.6/gconf/gconf-error.h Examining data/gconf-3.2.6/gconf/gconf-schema.c Examining data/gconf-3.2.6/gconf/gconfd-dbus.c Examining data/gconf-3.2.6/gconf/gconf-listeners.c Examining data/gconf-3.2.6/gconf/gconf-changeset.c Examining data/gconf-3.2.6/gconf/gconf-sources.c Examining data/gconf-3.2.6/gconf/gconf-database.h Examining data/gconf-3.2.6/gconf/gconf-database.c Examining data/gconf-3.2.6/gconf/gconf.h Examining data/gconf-3.2.6/gconf/gconf-enum-types.c Examining data/gconf-3.2.6/gconf/gconf-backend.c Examining data/gconf-3.2.6/gconf/gconf-locale.h Examining data/gconf-3.2.6/gconf/gconf-backend.h Examining data/gconf-3.2.6/gconf/gconftool.c Examining data/gconf-3.2.6/gconf/gconf-locale.c Examining data/gconf-3.2.6/gconf/dllmain.c Examining data/gconf-3.2.6/gconf/gconf-client.h Examining data/gconf-3.2.6/gconf/gconfd.c Examining data/gconf-3.2.6/gconf/gconf-client.c Examining data/gconf-3.2.6/gconf/gconf-value.h Examining data/gconf-3.2.6/gconf/gconf-dbus.c FINAL RESULTS: data/gconf-3.2.6/backends/markup-tree.c:4525:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (new_filename, st.st_mode); data/gconf-3.2.6/backends/markup-tree.c:4526:11: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown (new_filename, st.st_uid, st.st_gid) < 0) data/gconf-3.2.6/backends/markup-tree.c:4529:11: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown (new_filename, -1, st.st_gid); data/gconf-3.2.6/backends/markup-tree.c:4530:11: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown (new_filename, st.st_uid, -1); data/gconf-3.2.6/backends/markup-tree.c:4532:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (new_filename, st.st_mode); data/gconf-3.2.6/backends/xml-dir.c:524:11: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod (tmp_filename, d->file_mode) != 0) data/gconf-3.2.6/backends/evoldap-backend.c:341:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (&retval[pos], varval); data/gconf-3.2.6/backends/markup-tree.c:672:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (fullpath, markup_dir); data/gconf-3.2.6/backends/markup-tree.c:697:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (fullpath_end, dent); data/gconf-3.2.6/backends/xml-dir.c:878:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullpath, d->fs_dirname); data/gconf-3.2.6/backends/xml-dir.c:895:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullpath_end, dent); data/gconf-3.2.6/gconf/gconf-internals.c:853:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&retval[pos], varval); data/gconf-3.2.6/gconf/gconf-internals.c:1063:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(retval, dir); data/gconf-3.2.6/gconf/gconf-internals.c:1071:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((retval+dirlen), key); data/gconf-3.2.6/gconf/gconf-internals.c:1084:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest, key); data/gconf-3.2.6/gconf/gconf-value.c:615:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&buf[cur], elem); data/gconf-3.2.6/gsettings/gsettings-data-convert.c:74:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (copy + (match - address) + 10, match + 11); data/gconf-3.2.6/gconf/gconf-internals.c:707:25: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home_copy = g_strdup (g_get_home_dir ()); data/gconf-3.2.6/gconf/gconf-internals.c:734:36: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. path_old = g_build_filename (g_get_home_dir (), ".gconf", NULL); data/gconf-3.2.6/gconf/gconf-internals.c:763:14: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return g_get_home_dir (); data/gconf-3.2.6/gconf/gconf-internals.c:2849:18: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmpdir = g_get_tmp_dir (); data/gconf-3.2.6/gconf/gconf-internals.c:2860:26: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *home = g_get_home_dir (); data/gconf-3.2.6/backends/evoldap-backend.c:219:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer [512]; data/gconf-3.2.6/backends/markup-tree.c:1769:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *fallback_locales[2] = { data/gconf-3.2.6/backends/markup-tree.c:3645:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[4096]; data/gconf-3.2.6/gconf/dllmain.c:74:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wcbfr[1000]; data/gconf-3.2.6/gconf/gconf-backend.c:273:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vtable_copy, vtable, MIN(vtable->vtable_size, sizeof(GConfBackendVTable))); data/gconf-3.2.6/gconf/gconf-internals.c:1003:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delim [2] = { GCONF_DATABASE_LIST_DELIM, '\0' }; data/gconf-3.2.6/gconf/gconf-internals.c:1123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[G_ASCII_DTOSTR_BUF_SIZE]; data/gconf-3.2.6/gconf/gconf-internals.c:1855:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gconf_value_set_int(val, atoi(s)); data/gconf-3.2.6/gconf/gconf-internals.c:2319:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (uniquefile, O_WRONLY | O_CREAT, 0700); data/gconf-3.2.6/gconf/gconf-internals.c:2417:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_RDWR, 0700); data/gconf-3.2.6/gconf/gconf-internals.c:2978:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (l && atoi (l) == 1) data/gconf-3.2.6/gconf/gconf-sources.c:888:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *locales[2] = { NULL, NULL }; data/gconf-3.2.6/gconf/gconfd.c:811:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). write_byte_fd = atoi (argv[1]); data/gconf-3.2.6/gconf/gconfd.c:827:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dev_null_fd = open (DEV_NULL, O_RDWR); data/gconf-3.2.6/gconf/gconfd.c:971:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1] = { 'g' }; data/gconf-3.2.6/gconf/gconfd.c:1856:16: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). fd = g_open (tmpfile, O_WRONLY | O_CREAT | O_TRUNC, 0700); data/gconf-3.2.6/gconf/gconfd.c:1862:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile, g_strerror (errno)); data/gconf-3.2.6/gconf/gconfd.c:1876:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile, fd, g_strerror (errno)); data/gconf-3.2.6/gconf/gconfd.c:1885:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile, g_strerror (errno)); data/gconf-3.2.6/gconf/gconfd.c:1892:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile, g_strerror (errno)); data/gconf-3.2.6/gconf/gconfd.c:1912:17: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (g_rename (tmpfile, logfile) < 0) data/gconf-3.2.6/gconf/gconfd.c:1942:11: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). g_free (tmpfile); data/gconf-3.2.6/gconf/gconfd.c:2443:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE] = { '\0' }; data/gconf-3.2.6/gconf/gconftool.c:2340:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). idx = atoi (args[1]); data/gconf-3.2.6/gsettings/gsettings-data-convert.c:72:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (copy, address, match - address); data/gconf-3.2.6/gsettings/gsettings-data-convert.c:73:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (copy + (match - address), ":readonly:", 10); data/gconf-3.2.6/backends/evoldap-backend.c:297:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval_len = strlen (src) + 1; data/gconf-3.2.6/backends/evoldap-backend.c:333:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). varval_len = strlen (varval); data/gconf-3.2.6/backends/markup-backend.c:232:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (root_dir); data/gconf-3.2.6/backends/markup-tree.c:499:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dent_len = strlen (dent); data/gconf-3.2.6/backends/markup-tree.c:667:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (markup_dir); data/gconf-3.2.6/backends/markup-tree.c:693:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (dent); data/gconf-3.2.6/backends/markup-tree.c:698:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy (fullpath_end+len, "/%gconf.xml", subdir_len - len); data/gconf-3.2.6/backends/markup-tree.c:705:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy (fullpath_end+len, "/%gconf-tree.xml", subdir_len - len); data/gconf-3.2.6/backends/xml-backend.c:294:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (root_dir); data/gconf-3.2.6/backends/xml-dir.c:144:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d->root_dir_len = strlen(xml_root_dir); data/gconf-3.2.6/backends/xml-dir.c:214:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d->root_dir_len = strlen(xml_root_dir); data/gconf-3.2.6/backends/xml-dir.c:874:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(d->fs_dirname); data/gconf-3.2.6/backends/xml-dir.c:891:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dent); data/gconf-3.2.6/backends/xml-dir.c:896:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(fullpath_end+len, "/%gconf.xml", subdir_len - len); data/gconf-3.2.6/backends/xml-dir.c:1229:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dir) > root_dir_len) data/gconf-3.2.6/gconf/dllmain.c:43:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp (configure_time_path, PREFIX "/", strlen (PREFIX) + 1) == 0) data/gconf-3.2.6/gconf/dllmain.c:46:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). configure_time_path + strlen (PREFIX), data/gconf-3.2.6/gconf/dllmain.c:131:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). locale_dir = g_strconcat (cp_prefix, GCONF_LOCALE_DIR + strlen (PREFIX), NULL); data/gconf-3.2.6/gconf/gconf-backend.c:92:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(retval, address, len-1); data/gconf-3.2.6/gconf/gconf-client.c:916:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = parent + strlen (parent); data/gconf-3.2.6/gconf/gconf-client.c:1297:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen (dir); data/gconf-3.2.6/gconf/gconf-internals.c:109:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(retval, key, len); data/gconf-3.2.6/gconf/gconf-internals.c:808:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval_len = strlen(src) + 1; data/gconf-3.2.6/gconf/gconf-internals.c:845:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). varval_len = strlen(varval); data/gconf-3.2.6/gconf/gconf-internals.c:1058:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen(dir); data/gconf-3.2.6/gconf/gconf-internals.c:1059:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keylen = strlen(key); data/gconf-3.2.6/gconf/gconf-internals.c:1582:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dest = g_malloc0(strlen(src)*2+4); data/gconf-3.2.6/gconf/gconf-internals.c:2630:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval = write (lock->lock_fd, s, strlen (s)); data/gconf-3.2.6/gconf/gconf-internals.c:2641:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval = write (lock->lock_fd, ior, strlen (ior)); data/gconf-3.2.6/gconf/gconf-locale.c:230:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). at_pos = locale + strlen (locale); data/gconf-3.2.6/gconf/gconf-locale.c:236:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (*codeset, dot_pos, at_pos - dot_pos); data/gconf-3.2.6/gconf/gconf-locale.c:246:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (*territory, uscore_pos, dot_pos - uscore_pos); data/gconf-3.2.6/gconf/gconf-locale.c:253:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (*language, locale, uscore_pos - locale); data/gconf-3.2.6/gconf/gconf-locale.c:347:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). orig_category_memory = category_memory = g_malloc (strlen (locale)+1); data/gconf-3.2.6/gconf/gconf-value.c:267:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/gconf-3.2.6/gconf/gconf-value.c:409:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/gconf-3.2.6/gconf/gconf-value.c:605:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(elem); data/gconf-3.2.6/gconf/gconf.c:62:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remaining_bytes = strlen (name); data/gconf-3.2.6/gconf/gconf.c:2817:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (arbitrary_text); data/gconf-3.2.6/gconf/gconf.c:2861:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (escaped_key); data/gconf-3.2.6/gconf/gconf.c:2908:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (above); data/gconf-3.2.6/gconf/gconfd.c:879:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (022); data/gconf-3.2.6/gconf/gconfd.c:1679:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return guid + strlen ("guid="); data/gconf-3.2.6/gconf/gconfd.c:2460:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (buf); data/gconf-3.2.6/gconf/gconftool.c:1038:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (022); data/gconf-3.2.6/gconf/gconftool.c:1050:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (022); data/gconf-3.2.6/gsettings/gconfsettingsbackend.c:795:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[strlen(name) - 1] == '/') data/gconf-3.2.6/gsettings/gconfsettingsbackend.c:812:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name[strlen(name) - 1] != '/') data/gconf-3.2.6/gsettings/gconfsettingsbackend.c:820:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return g_strndup (name, strlen(name) - 1); data/gconf-3.2.6/gsettings/gsettings-data-convert.c:71:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copy = g_malloc (strlen (address) - 1 + 1); data/gconf-3.2.6/tests/testlisteners.c:297:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strncmp(changed_key, listener_watchpoint, strlen(listener_watchpoint)) == 0; ANALYSIS SUMMARY: Hits = 99 Lines analyzed = 54630 in approximately 1.03 seconds (52966 lines/second) Physical Source Lines of Code (SLOC) = 39894 Hits@level = [0] 160 [1] 51 [2] 26 [3] 5 [4] 11 [5] 6 Hits@level+ = [0+] 259 [1+] 99 [2+] 48 [3+] 22 [4+] 17 [5+] 6 Hits/KSLOC@level+ = [0+] 6.4922 [1+] 2.48158 [2+] 1.20319 [3+] 0.551461 [4+] 0.426129 [5+] 0.150399 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.