Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c
Examining data/globus-gram-protocol-13.2/globus_gram_protocol.h
Examining data/globus-gram-protocol-13.2/globus_gram_protocol_constants.h
Examining data/globus-gram-protocol-13.2/test/delegation-test.c
Examining data/globus-gram-protocol-13.2/test/unpack-with-extensions-test.c
Examining data/globus-gram-protocol-13.2/test/pack-with-extensions-test.c
Examining data/globus-gram-protocol-13.2/test/create-extensions-test.c
Examining data/globus-gram-protocol-13.2/test/unpack-job-request-reply-with-extensions-test.c
Examining data/globus-gram-protocol-13.2/test/unpack-message-test.c
Examining data/globus-gram-protocol-13.2/test/io-test.c
Examining data/globus-gram-protocol-13.2/test/allow-attach-test.c
Examining data/globus-gram-protocol-13.2/test/pack-test.c
Examining data/globus-gram-protocol-13.2/test/unpack-status-reply-with-extensions-test.c
Examining data/globus-gram-protocol-13.2/test/error-test.c
Examining data/globus-gram-protocol-13.2/globus_gram_protocol_io.c
Examining data/globus-gram-protocol-13.2/globus_gram_protocol_error.c
Examining data/globus-gram-protocol-13.2/globus_i_gram_protocol.h
Examining data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c
Examining data/globus-gram-protocol-13.2/globus_gram_protocol.c
FINAL RESULTS:
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:336:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*url, "https://%s:%hu/", hostnamebuf, port);
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:2121:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rc = sscanf((const char *) buf,
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:2172:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rc = sscanf( (char *) buf,
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:2186:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rc = sscanf( (char *)buf + offset,
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:139:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf((char *) *query,
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:150:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char *)(*query)+len, "%s", CRLF);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:595:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
chrs = sprintf((char *)*reply,
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:605:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
chrs = sprintf((char *)*reply,
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:616:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
chrs += sprintf(((char *) *reply) + chrs,
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:926:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rc = sscanf((char *) query,
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1098:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rc = sscanf( (char *) reply,
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1232:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
chrs = sprintf((char *)*reply,
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1246:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
chrs += sprintf(((char *) *reply) + chrs,
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1586:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
chrs += sprintf(((char *) *reply) + chrs,
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:2053:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vlen = vsnprintf(NULL, 0, format, ap);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:2063:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(extension->value, vlen + 1, format, ap);
data/globus-gram-protocol-13.2/test/create-extensions-test.c:8:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf message; \
data/globus-gram-protocol-13.2/test/pack-with-extensions-test.c:7:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf message; \
data/globus-gram-protocol-13.2/test/unpack-job-request-reply-with-extensions-test.c:8:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf message; \
data/globus-gram-protocol-13.2/test/unpack-message-test.c:7:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf message; \
data/globus-gram-protocol-13.2/test/unpack-message-test.c:153:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, ext_text);
data/globus-gram-protocol-13.2/test/unpack-status-reply-with-extensions-test.c:7:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf message; \
data/globus-gram-protocol-13.2/test/unpack-with-extensions-test.c:8:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf message; \
data/globus-gram-protocol-13.2/globus_gram_protocol.c:89:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
globus_i_gram_protocol_max_concurrency = atoi(max_concurrency);
data/globus-gram-protocol-13.2/globus_gram_protocol_error.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:170:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + tmp,
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:307:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + tmp,
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostnamebuf[256];
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:2669:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_buffer+4, output_token.value, output_token.length);
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:2777:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_buffer+4, output_token.value, output_token.length);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:624:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
chrs += sprintf(((char *) *reply) + chrs, "\r\n");
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:747:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*status = atoi(entry->value);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1254:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
chrs += sprintf(((char *) *reply) + chrs, "\r\n");
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1594:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
chrs += sprintf(((char *) *reply) + chrs, "\r\n");
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:2195:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extension->attribute, "%.*s", (int) attr_len, attr_start);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:2402:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*value = atoi(extension->value);
data/globus-gram-protocol-13.2/test/allow-attach-test.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * callback_contact[5];
data/globus-gram-protocol-13.2/test/allow-attach-test.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * callback_contact[5];
data/globus-gram-protocol-13.2/test/allow-attach-test.c:202:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_num = atoi(argv[1]);
data/globus-gram-protocol-13.2/test/io-test.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * status_request[2];
data/globus-gram-protocol-13.2/test/pack-test.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * callback_url[2];
data/globus-gram-protocol-13.2/test/pack-test.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * rsl[2];
data/globus-gram-protocol-13.2/test/pack-test.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * callback_url[2];
data/globus-gram-protocol-13.2/test/pack-test.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * rsl[2];
data/globus-gram-protocol-13.2/test/pack-test.c:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * job_contact[2];
data/globus-gram-protocol-13.2/test/pack-test.c:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * status[2];
data/globus-gram-protocol-13.2/test/pack-test.c:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * job_contact[2];
data/globus-gram-protocol-13.2/globus_gram_protocol.c:315:41: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int equal;
data/globus-gram-protocol-13.2/globus_gram_protocol.c:335:38: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
&equal);
data/globus-gram-protocol-13.2/globus_gram_protocol.c:341:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal)
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:141:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen = strlen(GLOBUS_GRAM_HTTP_REQUEST_LINE);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:142:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen((char *) parsed.url_path);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:143:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen(GLOBUS_GRAM_HTTP_HOST_LINE);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:144:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen((char *) parsed.host);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:145:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen(GLOBUS_GRAM_HTTP_CONTENT_TYPE_LINE);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:146:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen(GLOBUS_GRAM_HTTP_CONTENT_LENGTH_LINE);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:255:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen(GLOBUS_GRAM_HTTP_REPLY_LINE);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:256:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen(reason);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:257:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen(GLOBUS_GRAM_HTTP_CONNECTION_LINE);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:283:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen(GLOBUS_GRAM_HTTP_REPLY_LINE);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:284:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen(reason);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:285:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen(GLOBUS_GRAM_HTTP_CONTENT_TYPE_LINE);
data/globus-gram-protocol-13.2/globus_gram_protocol_frame.c:286:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
framedlen += strlen(GLOBUS_GRAM_HTTP_CONTENT_LENGTH_LINE);
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:330:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*url) = globus_libc_malloc(17 + strlen(hostnamebuf));
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:2117:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_uri = (char *) globus_libc_malloc(strlen((char *) buf));
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:2118:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host = (char *) globus_libc_malloc(strlen((char *) buf));
data/globus-gram-protocol-13.2/globus_gram_protocol_io.c:2167:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reason = (char *) globus_malloc(strlen((char *)buf));
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:133:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_PROTOCOL_VERSION_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:134:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_JOB_STATE_MASK_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:135:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_CALLBACK_URL_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:136:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((callback_url) ? strlen(callback_url) : 2)
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:137:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 2*strlen(rsl) + 16);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:346:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_PROTOCOL_VERSION_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:347:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_STATUS_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:348:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_JOB_MANAGER_URL_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:349:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((job_contact) ? strlen(job_contact) + 3 : 3));
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:370:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*replysize = (globus_size_t)(strlen((char *) *reply) + 1);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:574:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(entry->attribute) + (2*strlen(entry->value)) + 4;
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:574:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(entry->attribute) + (2*strlen(entry->value)) + 4;
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:576:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(GLOBUS_GRAM_HTTP_PACK_PROTOCOL_VERSION_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:577:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_STATUS_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:579:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? strlen(GLOBUS_GRAM_HTTP_PACK_JOB_MANAGER_URL_LINE)
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:582:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? strlen(job_contact) : 0) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:627:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*replysize = (globus_size_t)(strlen((char *)*reply) + 1);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:833:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_PROTOCOL_VERSION_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:834:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_CLIENT_REQUEST_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:835:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
2*strlen(status_request));
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:850:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*querysize = (globus_size_t)(strlen((char*)*query) + 1);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1013:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_PROTOCOL_VERSION_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1014:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_STATUS_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1015:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_FAILURE_CODE_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1016:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_JOB_FAILURE_CODE_LINE)
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1033:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*replysize = (globus_size_t)(strlen((char *)*reply) + 1);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1216:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(entry->attribute) + (2*strlen(entry->value)) + 4;
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1216:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(entry->attribute) + (2*strlen(entry->value)) + 4;
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1218:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(GLOBUS_GRAM_HTTP_PACK_PROTOCOL_VERSION_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1219:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_STATUS_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1220:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_FAILURE_CODE_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1221:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_JOB_FAILURE_CODE_LINE)
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1257:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*replysize = (globus_size_t)(strlen((char *)*reply) + 1);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1444:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_PROTOCOL_VERSION_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1445:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_JOB_MANAGER_URL_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1446:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_STATUS_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1447:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBUS_GRAM_HTTP_PACK_FAILURE_CODE_LINE) +
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1448:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(job_contact) + 5 );
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1464:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*replysize = (globus_size_t)(strlen((char *)*reply) + 1);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1549:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(entry->attribute) + (2*strlen(entry->value)) + 4;
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1549:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(entry->attribute) + (2*strlen(entry->value)) + 4;
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1568:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chrs = strlen(tmp);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:1597:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*replysize = (globus_size_t)(strlen(tmp) + 1);
data/globus-gram-protocol-13.2/globus_gram_protocol_pack.c:2284:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*requestsize = strlen(*request) + 1;
data/globus-gram-protocol-13.2/test/pack-test.c:142:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(callback_url[1]) != 0))
data/globus-gram-protocol-13.2/test/unpack-job-request-reply-with-extensions-test.c:223:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message_size = strlen(message) + 1;
data/globus-gram-protocol-13.2/test/unpack-job-request-reply-with-extensions-test.c:280:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message_size = strlen(message) + 1;
data/globus-gram-protocol-13.2/test/unpack-message-test.c:149:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message = realloc(message, strlen(message) + strlen(ext_text) + 1);
data/globus-gram-protocol-13.2/test/unpack-message-test.c:149:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message = realloc(message, strlen(message) + strlen(ext_text) + 1);
data/globus-gram-protocol-13.2/test/unpack-message-test.c:154:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message_size = strlen((char *) message)+1;
data/globus-gram-protocol-13.2/test/unpack-status-reply-with-extensions-test.c:188:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message_size = strlen(message) + 1;
data/globus-gram-protocol-13.2/test/unpack-status-reply-with-extensions-test.c:244:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message_size = strlen(message) + 1;
data/globus-gram-protocol-13.2/test/unpack-with-extensions-test.c:189:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message_size = strlen(message) + 1;
data/globus-gram-protocol-13.2/test/unpack-with-extensions-test.c:246:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message_size = strlen(message) + 1;
ANALYSIS SUMMARY:
Hits = 121
Lines analyzed = 11282 in approximately 0.27 seconds (41110 lines/second)
Physical Source Lines of Code (SLOC) = 7500
Hits@level = [0] 90 [1] 74 [2] 24 [3] 0 [4] 23 [5] 0
Hits@level+ = [0+] 211 [1+] 121 [2+] 47 [3+] 23 [4+] 23 [5+] 0
Hits/KSLOC@level+ = [0+] 28.1333 [1+] 16.1333 [2+] 6.26667 [3+] 3.06667 [4+] 3.06667 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.