Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gloox-1.0.24/src/privatexml.cpp
Examining data/gloox-1.0.24/src/md5.h
Examining data/gloox-1.0.24/src/lastactivityhandler.h
Examining data/gloox-1.0.24/src/jinglepluginfactory.cpp
Examining data/gloox-1.0.24/src/compressiondatahandler.h
Examining data/gloox-1.0.24/src/jid.h
Examining data/gloox-1.0.24/src/chatstate.h
Examining data/gloox-1.0.24/src/jinglesessionhandler.h
Examining data/gloox-1.0.24/src/siprofileft.h
Examining data/gloox-1.0.24/src/disco.cpp
Examining data/gloox-1.0.24/src/util.cpp
Examining data/gloox-1.0.24/src/iodata.cpp
Examining data/gloox-1.0.24/src/registration.h
Examining data/gloox-1.0.24/src/messagehandler.h
Examining data/gloox-1.0.24/src/client.cpp
Examining data/gloox-1.0.24/src/client.h
Examining data/gloox-1.0.24/src/dataformreported.h
Examining data/gloox-1.0.24/src/connectiontcpbase.cpp
Examining data/gloox-1.0.24/src/error.cpp
Examining data/gloox-1.0.24/src/subscription.cpp
Examining data/gloox-1.0.24/src/linklocalmanager.h
Examining data/gloox-1.0.24/src/clientbase.h
Examining data/gloox-1.0.24/src/messageevent.h
Examining data/gloox-1.0.24/src/taghandler.h
Examining data/gloox-1.0.24/src/presence.cpp
Examining data/gloox-1.0.24/src/privacylisthandler.h
Examining data/gloox-1.0.24/src/bytestreamdatahandler.h
Examining data/gloox-1.0.24/src/eventdispatcher.cpp
Examining data/gloox-1.0.24/src/eventdispatcher.h
Examining data/gloox-1.0.24/src/gloox.h
Examining data/gloox-1.0.24/src/clientbase.cpp
Examining data/gloox-1.0.24/src/adhoc.cpp
Examining data/gloox-1.0.24/src/featureneg.h
Examining data/gloox-1.0.24/src/adhochandler.h
Examining data/gloox-1.0.24/src/rosterlistener.h
Examining data/gloox-1.0.24/src/mutex.h
Examining data/gloox-1.0.24/src/linklocalclient.h
Examining data/gloox-1.0.24/src/socks5bytestreamserver.h
Examining data/gloox-1.0.24/src/disco.h
Examining data/gloox-1.0.24/src/messagefilter.h
Examining data/gloox-1.0.24/src/component.cpp
Examining data/gloox-1.0.24/src/dataformfieldcontainer.h
Examining data/gloox-1.0.24/src/mucroomhandler.h
Examining data/gloox-1.0.24/src/vcardmanager.h
Examining data/gloox-1.0.24/src/siprofilehandler.h
Examining data/gloox-1.0.24/src/searchhandler.h
Examining data/gloox-1.0.24/src/delayeddelivery.h
Examining data/gloox-1.0.24/src/rosteritem.h
Examining data/gloox-1.0.24/src/mucinvitationhandler.cpp
Examining data/gloox-1.0.24/src/iodata.h
Examining data/gloox-1.0.24/src/nickname.cpp
Examining data/gloox-1.0.24/src/tlsbase.h
Examining data/gloox-1.0.24/src/inbandbytestream.h
Examining data/gloox-1.0.24/src/sihandler.h
Examining data/gloox-1.0.24/src/prep.cpp
Examining data/gloox-1.0.24/src/chatstatehandler.h
Examining data/gloox-1.0.24/src/connectiontlsserver.h
Examining data/gloox-1.0.24/src/tlsgnutlsserveranon.h
Examining data/gloox-1.0.24/src/util.h
Examining data/gloox-1.0.24/src/dataformitem.cpp
Examining data/gloox-1.0.24/src/glooxversion.h
Examining data/gloox-1.0.24/src/tests/tag/tag_test.cpp
Examining data/gloox-1.0.24/src/tests/tag/tag_perf.cpp
Examining data/gloox-1.0.24/src/tests/searchquery/searchquery_test.cpp
Examining data/gloox-1.0.24/src/tests/presence/presence_test.cpp
Examining data/gloox-1.0.24/src/tests/connectiontcpserver/connectiontcpserver_test.cpp
Examining data/gloox-1.0.24/src/tests/lastactivityquery/lastactivityquery_test.cpp
Examining data/gloox-1.0.24/src/tests/adhoccommand/adhoccommand_test.cpp
Examining data/gloox-1.0.24/src/tests/tlsgnutls/tlsgnutls_test.cpp
Examining data/gloox-1.0.24/src/tests/oob/oob_test.cpp
Examining data/gloox-1.0.24/src/tests/iodata/iodata_test.cpp
Examining data/gloox-1.0.24/src/tests/rostermanager/rostermanager_test.cpp
Examining data/gloox-1.0.24/src/tests/pubsubmanager/pubsubmanager_test.cpp
Examining data/gloox-1.0.24/src/tests/featureneg/featureneg_test.cpp
Examining data/gloox-1.0.24/src/tests/pubsubmanagerpubsub/pubsubmanagerpubsub_test.cpp
Examining data/gloox-1.0.24/src/tests/jinglesessionmanager/jinglesessionmanager_test.cpp
Examining data/gloox-1.0.24/src/tests/md5/md5_test.cpp
Examining data/gloox-1.0.24/src/tests/nickname/nickname_test.cpp
Examining data/gloox-1.0.24/src/tests/parser/parser_test.cpp
Examining data/gloox-1.0.24/src/tests/inbandbytestreamibb/inbandbytestreamibb_test.cpp
Examining data/gloox-1.0.24/src/tests/subscription/subscription_test.cpp
Examining data/gloox-1.0.24/src/tests/jid/jid_test.cpp
Examining data/gloox-1.0.24/src/tests/jid/jid_perf.cpp
Examining data/gloox-1.0.24/src/tests/adhoccommandnote/adhoccommandnote_test.cpp
Examining data/gloox-1.0.24/src/tests/nonsaslauthquery/nonsaslauthquery_test.cpp
Examining data/gloox-1.0.24/src/tests/zlib/zlib_test.cpp
Examining data/gloox-1.0.24/src/tests/zlib/zlib_perf.cpp
Examining data/gloox-1.0.24/src/tests/registrationquery/registrationquery_test.cpp
Examining data/gloox-1.0.24/src/tests/stanzaextensionfactory/stanzaextensionfactory_perf.cpp
Examining data/gloox-1.0.24/src/tests/stanzaextensionfactory/stanzaextensionfactory_test.cpp
Examining data/gloox-1.0.24/src/tests/error/error_test.cpp
Examining data/gloox-1.0.24/src/tests/rostermanagerquery/rostermanagerquery_test.cpp
Examining data/gloox-1.0.24/src/tests/carbons/carbons_test.cpp
Examining data/gloox-1.0.24/src/tests/nonsaslauth/nonsaslauth_test.cpp
Examining data/gloox-1.0.24/src/tests/jinglesessionjingle/jinglesessionjingle_test.cpp
Examining data/gloox-1.0.24/src/tests/amprule/amprule_test.cpp
Examining data/gloox-1.0.24/src/tests/lastactivity/lastactivity_test.cpp
Examining data/gloox-1.0.24/src/tests/mucroommucuser/mucroommucuser_test.cpp
Examining data/gloox-1.0.24/src/tests/iq/iq_test.cpp
Examining data/gloox-1.0.24/src/tests/privatexml/privatexml_test.cpp
Examining data/gloox-1.0.24/src/tests/mucroommuc/mucroommuc_test.cpp
Examining data/gloox-1.0.24/src/tests/chatstatefilter/chatstatefilter_test.cpp
Examining data/gloox-1.0.24/src/tests/dataformreported/dataformreported_test.cpp
Examining data/gloox-1.0.24/src/tests/prep/prep_test.cpp
Examining data/gloox-1.0.24/src/tests/dataform/dataform_test.cpp
Examining data/gloox-1.0.24/src/tests/gpgencrypted/gpgencrypted_test.cpp
Examining data/gloox-1.0.24/src/tests/simanagersi/simanagersi_test.cpp
Examining data/gloox-1.0.24/src/tests/jingleiceudp/jingleiceudp_test.cpp
Examining data/gloox-1.0.24/src/tests/shim/shim_test.cpp
Examining data/gloox-1.0.24/src/tests/messageeventfilter/messageeventfilter_test.cpp
Examining data/gloox-1.0.24/src/tests/flexofflineoffline/flexofflineoffline_test.cpp
Examining data/gloox-1.0.24/src/tests/vcard/vcard_test.cpp
Examining data/gloox-1.0.24/src/tests/pubsubevent/pubsubevent_test.cpp
Examining data/gloox-1.0.24/src/tests/jinglesession/jinglesession_test.cpp
Examining data/gloox-1.0.24/src/tests/message/message_test.cpp
Examining data/gloox-1.0.24/src/tests/discoitems/discoitems_test.cpp
Examining data/gloox-1.0.24/src/tests/receipt/receipt_test.cpp
Examining data/gloox-1.0.24/src/tests/delayeddelivery/delayeddelivery_test.cpp
Examining data/gloox-1.0.24/src/tests/dataformitem/dataformitem_test.cpp
Examining data/gloox-1.0.24/src/tests/mucroommucowner/mucroommucowner_test.cpp
Examining data/gloox-1.0.24/src/tests/privacymanagerquery/privacymanagerquery_test.cpp
Examining data/gloox-1.0.24/src/tests/client/client_test.cpp
Examining data/gloox-1.0.24/src/tests/discoinfo/discoinfo_test.cpp
Examining data/gloox-1.0.24/src/tests/clientbase/clientbase_test.cpp
Examining data/gloox-1.0.24/src/tests/connectionbosh/connectionbosh_test.cpp
Examining data/gloox-1.0.24/src/tests/mucroommucadmin/mucroommucadmin_test.cpp
Examining data/gloox-1.0.24/src/tests/capabilities/capabilities_test.cpp
Examining data/gloox-1.0.24/src/tests/vcardupdate/vcardupdate_test.cpp
Examining data/gloox-1.0.24/src/tests/inbandbytestream/inbandbytestream_test.cpp
Examining data/gloox-1.0.24/src/tests/util/util_test.cpp
Examining data/gloox-1.0.24/src/tests/base64/base64_test.cpp
Examining data/gloox-1.0.24/src/tests/privacymanager/privacymanager_test.cpp
Examining data/gloox-1.0.24/src/tests/xpath/xpath_test.cpp
Examining data/gloox-1.0.24/src/tests/registration/registration_test.cpp
Examining data/gloox-1.0.24/src/tests/amp/amp_test.cpp
Examining data/gloox-1.0.24/src/tests/forward/forward_test.cpp
Examining data/gloox-1.0.24/src/tests/flexoffline/flexoffline_test.cpp
Examining data/gloox-1.0.24/src/tests/uniquemucroomunique/uniquemucroomunique_test.cpp
Examining data/gloox-1.0.24/src/tests/gpgsigned/gpgsigned_test.cpp
Examining data/gloox-1.0.24/src/tests/sha/sha_test.cpp
Examining data/gloox-1.0.24/src/tests/disco/disco_test.cpp
Examining data/gloox-1.0.24/src/tests/adhoc/adhoc_test.cpp
Examining data/gloox-1.0.24/src/tests/search/search_test.cpp
Examining data/gloox-1.0.24/src/tests/dataformfield/dataformfield_test.cpp
Examining data/gloox-1.0.24/src/tests/simanager/simanager_test.cpp
Examining data/gloox-1.0.24/src/connectionlistener.h
Examining data/gloox-1.0.24/src/dataformfield.h
Examining data/gloox-1.0.24/src/compressiondefault.h
Examining data/gloox-1.0.24/src/tlsgnutlsbase.cpp
Examining data/gloox-1.0.24/src/instantmucroom.h
Examining data/gloox-1.0.24/src/xhtmlim.cpp
Examining data/gloox-1.0.24/src/featureneg.cpp
Examining data/gloox-1.0.24/src/amp.cpp
Examining data/gloox-1.0.24/src/annotations.cpp
Examining data/gloox-1.0.24/src/mucroom.h
Examining data/gloox-1.0.24/src/vcard.cpp
Examining data/gloox-1.0.24/src/error.h
Examining data/gloox-1.0.24/src/instantmucroom.cpp
Examining data/gloox-1.0.24/src/attention.h
Examining data/gloox-1.0.24/src/adhocplugin.h
Examining data/gloox-1.0.24/src/gpgsigned.cpp
Examining data/gloox-1.0.24/src/siprofilefthandler.h
Examining data/gloox-1.0.24/src/jingleiceudp.h
Examining data/gloox-1.0.24/src/annotationshandler.h
Examining data/gloox-1.0.24/src/sha.cpp
Examining data/gloox-1.0.24/src/subscription.h
Examining data/gloox-1.0.24/src/adhoccommandprovider.h
Examining data/gloox-1.0.24/src/jinglecontent.cpp
Examining data/gloox-1.0.24/src/tlsgnutlsclient.cpp
Examining data/gloox-1.0.24/src/macros.h
Examining data/gloox-1.0.24/src/forward.h
Examining data/gloox-1.0.24/src/disconodehandler.h
Examining data/gloox-1.0.24/src/iq.h
Examining data/gloox-1.0.24/src/pubsubmanager.h
Examining data/gloox-1.0.24/src/tlsgnutlsclient.h
Examining data/gloox-1.0.24/src/receipt.h
Examining data/gloox-1.0.24/src/logsink.h
Examining data/gloox-1.0.24/src/tlsopensslbase.h
Examining data/gloox-1.0.24/src/rosteritem.cpp
Examining data/gloox-1.0.24/src/mucmessagesession.h
Examining data/gloox-1.0.24/src/pubsubevent.h
Examining data/gloox-1.0.24/src/atomicrefcount.h
Examining data/gloox-1.0.24/src/jingleplugin.h
Examining data/gloox-1.0.24/src/eventhandler.h
Examining data/gloox-1.0.24/src/connectiontcpserver.h
Examining data/gloox-1.0.24/src/messageeventfilter.h
Examining data/gloox-1.0.24/src/simanager.cpp
Examining data/gloox-1.0.24/src/dns.cpp
Examining data/gloox-1.0.24/src/dataformfield.cpp
Examining data/gloox-1.0.24/src/tlsgnutlsbase.h
Examining data/gloox-1.0.24/src/dns.h
Examining data/gloox-1.0.24/src/rostermanager.h
Examining data/gloox-1.0.24/src/tlsopensslserver.h
Examining data/gloox-1.0.24/src/dataformitem.h
Examining data/gloox-1.0.24/src/nickname.h
Examining data/gloox-1.0.24/src/compressiondefault.cpp
Examining data/gloox-1.0.24/src/linklocalhandler.h
Examining data/gloox-1.0.24/src/jinglesessionmanager.h
Examining data/gloox-1.0.24/src/mucroom.cpp
Examining data/gloox-1.0.24/src/tlsdefault.cpp
Examining data/gloox-1.0.24/src/message.cpp
Examining data/gloox-1.0.24/src/annotations.h
Examining data/gloox-1.0.24/src/pubsubmanager.cpp
Examining data/gloox-1.0.24/src/tlsschannel.cpp
Examining data/gloox-1.0.24/src/dataform.cpp
Examining data/gloox-1.0.24/src/parser.cpp
Examining data/gloox-1.0.24/src/config.h
Examining data/gloox-1.0.24/src/bookmarkstorage.h
Examining data/gloox-1.0.24/src/tlsopensslbase.cpp
Examining data/gloox-1.0.24/src/gpgsigned.h
Examining data/gloox-1.0.24/src/connectionsocks5proxy.h
Examining data/gloox-1.0.24/src/tlsgnutlsclientanon.h
Examining data/gloox-1.0.24/src/dataformfieldcontainer.cpp
Examining data/gloox-1.0.24/src/socks5bytestream.h
Examining data/gloox-1.0.24/src/shim.h
Examining data/gloox-1.0.24/src/vcardhandler.h
Examining data/gloox-1.0.24/src/tag.h
Examining data/gloox-1.0.24/src/iqhandler.h
Examining data/gloox-1.0.24/src/jinglecontent.h
Examining data/gloox-1.0.24/src/jinglepluginfactory.h
Examining data/gloox-1.0.24/src/inbandbytestream.cpp
Examining data/gloox-1.0.24/src/tag.cpp
Examining data/gloox-1.0.24/src/amp.h
Examining data/gloox-1.0.24/src/mutex.cpp
Examining data/gloox-1.0.24/src/carbons.cpp
Examining data/gloox-1.0.24/src/bookmarkstorage.cpp
Examining data/gloox-1.0.24/src/messageeventfilter.cpp
Examining data/gloox-1.0.24/src/forward.cpp
Examining data/gloox-1.0.24/src/messageevent.cpp
Examining data/gloox-1.0.24/src/messagefilter.cpp
Examining data/gloox-1.0.24/src/search.cpp
Examining data/gloox-1.0.24/src/chatstatefilter.cpp
Examining data/gloox-1.0.24/src/pubsubresulthandler.h
Examining data/gloox-1.0.24/src/component.h
Examining data/gloox-1.0.24/src/vcardupdate.h
Examining data/gloox-1.0.24/src/vcard.h
Examining data/gloox-1.0.24/src/presence.h
Examining data/gloox-1.0.24/src/tlsopensslclient.cpp
Examining data/gloox-1.0.24/src/mucroomconfighandler.h
Examining data/gloox-1.0.24/src/chatstatefilter.h
Examining data/gloox-1.0.24/src/connectionhttpproxy.cpp
Examining data/gloox-1.0.24/src/compressionbase.h
Examining data/gloox-1.0.24/src/connectionsocks5proxy.cpp
Examining data/gloox-1.0.24/src/tlsopensslclient.h
Examining data/gloox-1.0.24/src/jinglesession.h
Examining data/gloox-1.0.24/src/bytestreamhandler.h
Examining data/gloox-1.0.24/src/base64.h
Examining data/gloox-1.0.24/src/nonsaslauth.cpp
Examining data/gloox-1.0.24/src/bookmarkhandler.h
Examining data/gloox-1.0.24/src/pubsubevent.cpp
Examining data/gloox-1.0.24/src/linklocalclient.cpp
Examining data/gloox-1.0.24/src/chatstate.cpp
Examining data/gloox-1.0.24/src/compressionzlib.cpp
Examining data/gloox-1.0.24/src/event.h
Examining data/gloox-1.0.24/src/presencehandler.h
Examining data/gloox-1.0.24/src/connectiontlsserver.cpp
Examining data/gloox-1.0.24/src/connectionbosh.cpp
Examining data/gloox-1.0.24/src/connectionbase.h
Examining data/gloox-1.0.24/src/jinglefiletransfer.h
Examining data/gloox-1.0.24/src/discohandler.h
Examining data/gloox-1.0.24/src/mutexguard.h
Examining data/gloox-1.0.24/src/message.h
Examining data/gloox-1.0.24/src/iq.cpp
Examining data/gloox-1.0.24/src/lastactivity.h
Examining data/gloox-1.0.24/src/delayeddelivery.cpp
Examining data/gloox-1.0.24/src/stanzaextensionfactory.cpp
Examining data/gloox-1.0.24/src/stanzaextensionfactory.h
Examining data/gloox-1.0.24/src/rostermanager.cpp
Examining data/gloox-1.0.24/src/connectionbosh.h
Examining data/gloox-1.0.24/src/softwareversion.cpp
Examining data/gloox-1.0.24/src/statisticshandler.h
Examining data/gloox-1.0.24/src/connectiontls.h
Examining data/gloox-1.0.24/src/registrationhandler.h
Examining data/gloox-1.0.24/src/uniquemucroom.h
Examining data/gloox-1.0.24/src/mucinvitationhandler.h
Examining data/gloox-1.0.24/src/adhoc.h
Examining data/gloox-1.0.24/src/tlsdefault.h
Examining data/gloox-1.0.24/src/tlsopensslserver.cpp
Examining data/gloox-1.0.24/src/stanzaextension.h
Examining data/gloox-1.0.24/src/stanza.cpp
Examining data/gloox-1.0.24/src/connectiondatahandler.h
Examining data/gloox-1.0.24/src/socks5bytestream.cpp
Examining data/gloox-1.0.24/src/mucmessagesession.cpp
Examining data/gloox-1.0.24/src/simanager.h
Examining data/gloox-1.0.24/src/jinglefiletransfer.cpp
Examining data/gloox-1.0.24/src/connectiontcpclient.cpp
Examining data/gloox-1.0.24/src/capabilities.cpp
Examining data/gloox-1.0.24/src/privacyitem.cpp
Examining data/gloox-1.0.24/src/privatexml.h
Examining data/gloox-1.0.24/src/receipt.cpp
Examining data/gloox-1.0.24/src/capabilities.h
Examining data/gloox-1.0.24/src/connectiontls.cpp
Examining data/gloox-1.0.24/src/carbons.h
Examining data/gloox-1.0.24/src/jinglesessionmanager.cpp
Examining data/gloox-1.0.24/src/jid.cpp
Examining data/gloox-1.0.24/src/pubsub.h
Examining data/gloox-1.0.24/src/privacymanager.h
Examining data/gloox-1.0.24/src/pubsubitem.cpp
Examining data/gloox-1.0.24/src/tlsgnutlsclientanon.cpp
Examining data/gloox-1.0.24/src/subscriptionhandler.h
Examining data/gloox-1.0.24/src/attention.cpp
Examining data/gloox-1.0.24/src/rosteritemdata.h
Examining data/gloox-1.0.24/src/loghandler.h
Examining data/gloox-1.0.24/src/sha.h
Examining data/gloox-1.0.24/src/connectionhandler.h
Examining data/gloox-1.0.24/src/tlsgnutlsserveranon.cpp
Examining data/gloox-1.0.24/src/bytestream.h
Examining data/gloox-1.0.24/src/siprofileft.cpp
Examining data/gloox-1.0.24/src/prep.h
Examining data/gloox-1.0.24/src/nonsaslauth.h
Examining data/gloox-1.0.24/src/lastactivity.cpp
Examining data/gloox-1.0.24/src/oob.h
Examining data/gloox-1.0.24/src/privacyitem.h
Examining data/gloox-1.0.24/src/atomicrefcount.cpp
Examining data/gloox-1.0.24/src/jinglesession.cpp
Examining data/gloox-1.0.24/src/pubsubitem.h
Examining data/gloox-1.0.24/src/oob.cpp
Examining data/gloox-1.0.24/src/socks5bytestreammanager.h
Examining data/gloox-1.0.24/src/softwareversion.h
Examining data/gloox-1.0.24/src/tlsschannel.h
Examining data/gloox-1.0.24/src/gpgencrypted.cpp
Examining data/gloox-1.0.24/src/xhtmlim.h
Examining data/gloox-1.0.24/src/examples/bosh_example.cpp
Examining data/gloox-1.0.24/src/examples/linklocal_example.cpp
Examining data/gloox-1.0.24/src/examples/muc_example.cpp
Examining data/gloox-1.0.24/src/examples/e2ee_server.cpp
Examining data/gloox-1.0.24/src/examples/disco_example.cpp
Examining data/gloox-1.0.24/src/examples/ft_recv.cpp
Examining data/gloox-1.0.24/src/examples/reset_example.cpp
Examining data/gloox-1.0.24/src/examples/ft_send.cpp
Examining data/gloox-1.0.24/src/examples/reconnect_example.cpp
Examining data/gloox-1.0.24/src/examples/e2ee_client.cpp
Examining data/gloox-1.0.24/src/examples/message_example.cpp
Examining data/gloox-1.0.24/src/examples/adhoc_example.cpp
Examining data/gloox-1.0.24/src/examples/flexoff_example.cpp
Examining data/gloox-1.0.24/src/examples/privatexml_example.cpp
Examining data/gloox-1.0.24/src/examples/bookmarkstorage_example.cpp
Examining data/gloox-1.0.24/src/examples/component_example.cpp
Examining data/gloox-1.0.24/src/examples/annotations_example.cpp
Examining data/gloox-1.0.24/src/examples/pubsub_example.cpp
Examining data/gloox-1.0.24/src/examples/vcard_example.cpp
Examining data/gloox-1.0.24/src/examples/register_example.cpp
Examining data/gloox-1.0.24/src/examples/privacylist_example.cpp
Examining data/gloox-1.0.24/src/examples/roster_example.cpp
Examining data/gloox-1.0.24/src/socks5bytestreamserver.cpp
Examining data/gloox-1.0.24/src/uniquemucroom.cpp
Examining data/gloox-1.0.24/src/connectiontcpclient.h
Examining data/gloox-1.0.24/src/flexoff.h
Examining data/gloox-1.0.24/src/dataformreported.cpp
Examining data/gloox-1.0.24/src/parser.h
Examining data/gloox-1.0.24/src/connectiontcpserver.cpp
Examining data/gloox-1.0.24/src/flexoff.cpp
Examining data/gloox-1.0.24/src/dataform.h
Examining data/gloox-1.0.24/src/messageeventhandler.h
Examining data/gloox-1.0.24/src/registration.cpp
Examining data/gloox-1.0.24/src/messagesessionhandler.h
Examining data/gloox-1.0.24/src/compressionzlib.h
Examining data/gloox-1.0.24/src/connectiontcpbase.h
Examining data/gloox-1.0.24/src/connectionhttpproxy.h
Examining data/gloox-1.0.24/src/vcardupdate.cpp
Examining data/gloox-1.0.24/src/jingleiceudp.cpp
Examining data/gloox-1.0.24/src/resource.h
Examining data/gloox-1.0.24/src/search.h
Examining data/gloox-1.0.24/src/socks5bytestreammanager.cpp
Examining data/gloox-1.0.24/src/base64.cpp
Examining data/gloox-1.0.24/src/gloox.cpp
Examining data/gloox-1.0.24/src/messagesession.h
Examining data/gloox-1.0.24/src/linklocal.h
Examining data/gloox-1.0.24/src/vcardmanager.cpp
Examining data/gloox-1.0.24/src/logsink.cpp
Examining data/gloox-1.0.24/src/stanza.h
Examining data/gloox-1.0.24/src/flexoffhandler.h
Examining data/gloox-1.0.24/src/linklocalmanager.cpp
Examining data/gloox-1.0.24/src/privatexmlhandler.h
Examining data/gloox-1.0.24/src/messagesession.cpp
Examining data/gloox-1.0.24/src/shim.cpp
Examining data/gloox-1.0.24/src/tlshandler.h
Examining data/gloox-1.0.24/src/md5.cpp
Examining data/gloox-1.0.24/src/gpgencrypted.h
Examining data/gloox-1.0.24/src/privacymanager.cpp
FINAL RESULTS:
data/gloox-1.0.24/src/clientbase.cpp:1174:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( r, "%s%08x", m_uniqueBaseId.c_str(), m_nextId.increment() );
data/gloox-1.0.24/src/clientbase.cpp:132:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( static_cast<unsigned int>( time( 0 ) ) );
data/gloox-1.0.24/src/mutex.cpp:61:7: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection( &m_cs );
data/gloox-1.0.24/src/mutex.cpp:85:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection( &m_cs );
data/gloox-1.0.24/src/tests/tag/tag_perf.cpp:70:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( time( 0 ) );
data/gloox-1.0.24/src/tests/zlib/zlib_perf.cpp:70:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( time(NULL) );
data/gloox-1.0.24/src/client.cpp:311:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_smMax = atoi( tag->findAttribute( "max" ).c_str() );
data/gloox-1.0.24/src/client.cpp:328:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int h = atoi( tag->findAttribute( "h" ).c_str() );
data/gloox-1.0.24/src/client.cpp:335:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int h = atoi( tag->findAttribute( "h" ).c_str() );
data/gloox-1.0.24/src/clientbase.cpp:591:28: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
cchUsernameW = ::MultiByteToWideChar( CP_UTF8, 0, m_jid.username().c_str(), -1, 0, 0 );
data/gloox-1.0.24/src/clientbase.cpp:595:15: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
::MultiByteToWideChar( CP_UTF8, 0, m_jid.username().c_str(), -1, usernameW, cchUsernameW );
data/gloox-1.0.24/src/clientbase.cpp:599:26: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
cchDomainW = ::MultiByteToWideChar( CP_UTF8, 0, m_ntlmDomain.c_str(), -1, 0, 0 );
data/gloox-1.0.24/src/clientbase.cpp:603:15: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
::MultiByteToWideChar( CP_UTF8, 0, m_ntlmDomain.c_str(), -1, domainW, cchDomainW );
data/gloox-1.0.24/src/clientbase.cpp:607:28: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
cchPasswordW = ::MultiByteToWideChar( CP_UTF8, 0, m_password.c_str(), -1, 0, 0 );
data/gloox-1.0.24/src/clientbase.cpp:611:15: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
::MultiByteToWideChar( CP_UTF8, 0, m_password.c_str(), -1, passwordW, cchPasswordW );
data/gloox-1.0.24/src/clientbase.cpp:667:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipad[65];
data/gloox-1.0.24/src/clientbase.cpp:668:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opad[65];
data/gloox-1.0.24/src/clientbase.cpp:671:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ipad, key_.c_str(), key_.length() );
data/gloox-1.0.24/src/clientbase.cpp:672:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( opad, key_.c_str(), key_.length() );
data/gloox-1.0.24/src/clientbase.cpp:729:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iter = atoi( tmp.c_str() );
data/gloox-1.0.24/src/clientbase.cpp:748:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char clientProof[20]; // ck XOR clientSignature
data/gloox-1.0.24/src/clientbase.cpp:749:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( clientProof, ck.c_str(), 20 );
data/gloox-1.0.24/src/clientbase.cpp:859:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/gloox-1.0.24/src/clientbase.cpp:1173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r[48+1];
data/gloox-1.0.24/src/clientbase.cpp:1187:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int myMajor = atoi( XMPP_STREAM_VERSION_MAJOR.c_str() );
data/gloox-1.0.24/src/clientbase.cpp:1192:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
major = atoi( version.substr( 0, dot ).c_str() );
data/gloox-1.0.24/src/clientbase.cpp:1794:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cn[4*8+1];
data/gloox-1.0.24/src/clientbase.cpp:1796:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cn + i*8, "%08x", rand() );
data/gloox-1.0.24/src/connectionbosh.cpp:378:31: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_bufferContentLength = atol( getHTTPField( "Content-Length" ).c_str() );
data/gloox-1.0.24/src/connectionbosh.cpp:483:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int serverRequests = atoi( tag->findAttribute( "requests" ).c_str() );
data/gloox-1.0.24/src/connectionbosh.cpp:493:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int maxHold = atoi( tag->findAttribute( "hold" ).c_str() );
data/gloox-1.0.24/src/connectionbosh.cpp:503:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int maxWait = atoi( tag->findAttribute( "wait" ).c_str() );
data/gloox-1.0.24/src/connectionbosh.cpp:514:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int minTime = atoi( tag->findAttribute( "polling" ).c_str() );
data/gloox-1.0.24/src/connectionsocks5proxy.cpp:300:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
d[pos++] = static_cast<char>( atoi( s.c_str() ) & 0xFF );
data/gloox-1.0.24/src/connectionsocks5proxy.cpp:359:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char d[4] = {
data/gloox-1.0.24/src/connectiontcpbase.cpp:211:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[INET6_ADDRSTRLEN];
data/gloox-1.0.24/src/connectiontcpserver.cpp:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[INET6_ADDRSTRLEN];
data/gloox-1.0.24/src/connectiontcpserver.cpp:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portstr[NI_MAXSERV];
data/gloox-1.0.24/src/connectiontcpserver.cpp:209:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi( portstr ) );
data/gloox-1.0.24/src/dns.cpp:143:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvname[NS_MAXDNAME];
data/gloox-1.0.24/src/dns.cpp:287:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[NI_MAXHOST];
data/gloox-1.0.24/src/dns.cpp:288:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[NI_MAXSERV];
data/gloox-1.0.24/src/dns.cpp:490:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &target.sin_addr, h->h_addr, sizeof( struct in_addr ) );
data/gloox-1.0.24/src/dns.h:172:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[NS_PACKETSZ];
data/gloox-1.0.24/src/examples/ft_send.cpp:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[200024];
data/gloox-1.0.24/src/flexoff.cpp:129:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi( info.form()->field( "number_of_messages" )->value().c_str() );
data/gloox-1.0.24/src/inbandbytestream.cpp:59:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_blockSize = atoi( tag->findAttribute( "block-size" ).c_str() );
data/gloox-1.0.24/src/inbandbytestream.cpp:60:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_seq = atoi( tag->findAttribute( "seq" ).c_str() );
data/gloox-1.0.24/src/iodata.cpp:97:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_status.elapsed = atoi( t->cdata().c_str() );
data/gloox-1.0.24/src/iodata.cpp:101:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_status.remaining = atoi( t->cdata().c_str() );
data/gloox-1.0.24/src/iodata.cpp:105:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_status.percentage = atoi( t->cdata().c_str() );
data/gloox-1.0.24/src/jinglefiletransfer.cpp:78:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f.size = t ? atoi( t->cdata().c_str() ) : -1;
data/gloox-1.0.24/src/jinglefiletransfer.cpp:83:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f.offset = t->hasAttribute( "offset" ) ? atoi( t->findAttribute( "offset" ).c_str() ) : -1;
data/gloox-1.0.24/src/jingleiceudp.cpp:56:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c.port = atoi( (*it)->findAttribute( "port" ).c_str() );
data/gloox-1.0.24/src/jingleiceudp.cpp:57:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c.priority = atoi( (*it)->findAttribute( "priority" ).c_str() );
data/gloox-1.0.24/src/jingleiceudp.cpp:60:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c.rel_port = atoi( (*it)->findAttribute( "rel-port" ).c_str() );
data/gloox-1.0.24/src/lastactivity.cpp:35:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_seconds = atoi( tag->findAttribute( "seconds" ).c_str() );
data/gloox-1.0.24/src/linklocalmanager.cpp:96:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[65];
data/gloox-1.0.24/src/md5.cpp:219:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( xbuf, data, 64 );
data/gloox-1.0.24/src/md5.cpp:399:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_state.buf + offset, p, copy );
data/gloox-1.0.24/src/md5.cpp:413:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_state.buf, p, left );
data/gloox-1.0.24/src/md5.cpp:421:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[8];
data/gloox-1.0.24/src/md5.cpp:441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[33];
data/gloox-1.0.24/src/md5.cpp:444:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf + i * 2, "%02x", static_cast<unsigned char>( m_state.abcd[i >> 2] >> ( ( i & 3 ) << 3 ) ) );
data/gloox-1.0.24/src/md5.cpp:454:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/gloox-1.0.24/src/md5.h:135:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64]; /* accumulate block */
data/gloox-1.0.24/src/md5.h:141:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pad[64];
data/gloox-1.0.24/src/mucroom.cpp:569:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_historyValue = atoi( (*it)->findAttribute( "seconds" ).c_str() );
data/gloox-1.0.24/src/mucroom.cpp:571:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_historyValue = atoi( (*it)->findAttribute( "maxstanzas" ).c_str() );
data/gloox-1.0.24/src/mucroom.cpp:573:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_historyValue = atoi( (*it)->findAttribute( "maxchars" ).c_str() );
data/gloox-1.0.24/src/presence.cpp:68:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_priority = atoi( (*it)->cdata().c_str() );
data/gloox-1.0.24/src/pubsubmanager.cpp:392:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_maxItems = atoi( i->findAttribute( "max_items" ).c_str() );
data/gloox-1.0.24/src/sha.cpp:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[41];
data/gloox-1.0.24/src/sha.cpp:63:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf + i * 2, "%02x", static_cast<unsigned char>( H[i >> 2] >> ( ( 3 - ( i & 3 ) ) << 3 ) ) );
data/gloox-1.0.24/src/sha.cpp:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[20];
data/gloox-1.0.24/src/sha.h:89:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Message_Block[64];
data/gloox-1.0.24/src/siprofileft.cpp:220:35: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atol( si.tag1()->findAttribute( "size" ).c_str() ),
data/gloox-1.0.24/src/socks5bytestreammanager.cpp:78:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sh.port = atoi( (*it)->findAttribute( "port" ).c_str() );
data/gloox-1.0.24/src/socks5bytestreamserver.cpp:169:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/gloox-1.0.24/src/tag.cpp:839:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TokenType tokenType = static_cast<TokenType>( atoi( token->findAttribute( TYPE ).c_str() ) );
data/gloox-1.0.24/src/tag.cpp:885:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if( atoi( (*cit)->findAttribute( TYPE ).c_str() ) == XTDoubleDot && m_parent )
data/gloox-1.0.24/src/tag.cpp:969:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pos = atoi( token->name().c_str() );
data/gloox-1.0.24/src/tag.cpp:994:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TokenType tokenType = static_cast<TokenType>( atoi( token->findAttribute( TYPE ).c_str() ) );
data/gloox-1.0.24/src/tag.cpp:1042:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TokenType tt1 = static_cast<TokenType>( atoi( ch1->findAttribute( TYPE ).c_str() ) );
data/gloox-1.0.24/src/tag.cpp:1043:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TokenType tt2 = static_cast<TokenType>( atoi( ch2->findAttribute( TYPE ).c_str() ) );
data/gloox-1.0.24/src/tests/tag/tag_perf.cpp:66:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char values[sz_max];
data/gloox-1.0.24/src/tests/zlib/zlib_perf.cpp:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char values[sz_max+1];
data/gloox-1.0.24/src/tlsgnutlsbase.cpp:171:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, static_cast<const void*>( m_recvBuffer.c_str() ), cpy );
data/gloox-1.0.24/src/tlsgnutlsclient.cpp:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/gloox-1.0.24/src/tlsopensslbase.cpp:284:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer_CN[256];
data/gloox-1.0.24/src/tlsschannel.cpp:62:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e_message, data_copy.data(), size );
data/gloox-1.0.24/src/tlsschannel.cpp:157:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e_iobuffer, m_buffer.data(), m_buffer.size() >
data/gloox-1.0.24/src/tlsschannel.cpp:573:25: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
csizeServerName = MultiByteToWideChar( CP_ACP, 0, serverName, -1, NULL, 0 );
data/gloox-1.0.24/src/tlsschannel.cpp:582:25: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
csizeServerName = MultiByteToWideChar( CP_ACP, 0, serverName, -1, uServerName, csizeServerName );
data/gloox-1.0.24/src/util.cpp:65:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf + i * 2, "%02x", static_cast<unsigned char>( H[i] ) );
data/gloox-1.0.24/src/connectionsocks5proxy.cpp:208:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( d + pos, m_proxyUser.c_str(), m_proxyUser.length() );
data/gloox-1.0.24/src/connectionsocks5proxy.cpp:211:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( d + pos, m_proxyPwd.c_str(), m_proxyPwd.length() );
data/gloox-1.0.24/src/connectionsocks5proxy.cpp:320:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( d + pos, m_server.c_str(), m_server.length() );
data/gloox-1.0.24/src/dns.cpp:127:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
here += strlen;
data/gloox-1.0.24/src/examples/ft_send.cpp:117:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifile.read( input, 200024 );
data/gloox-1.0.24/src/prep.cpp:50:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( p, s.c_str(), s.length() );
ANALYSIS SUMMARY:
Hits = 101
Lines analyzed = 75264 in approximately 2.40 seconds (31303 lines/second)
Physical Source Lines of Code (SLOC) = 45710
Hits@level = [0] 1339 [1] 6 [2] 89 [3] 5 [4] 1 [5] 0
Hits@level+ = [0+] 1440 [1+] 101 [2+] 95 [3+] 6 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 31.503 [1+] 2.20958 [2+] 2.07832 [3+] 0.131262 [4+] 0.0218771 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.