Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hylafax-6.0.7/etc/copy.h
Examining data/hylafax-6.0.7/etc/lockname.c
Examining data/hylafax-6.0.7/etc/ondelay.c
Examining data/hylafax-6.0.7/faxalter/faxalter.c++
Examining data/hylafax-6.0.7/faxcover/faxcover.c++
Examining data/hylafax-6.0.7/faxd/Batch.c++
Examining data/hylafax-6.0.7/faxd/Batch.h
Examining data/hylafax-6.0.7/faxd/Class0.c++
Examining data/hylafax-6.0.7/faxd/Class0.h
Examining data/hylafax-6.0.7/faxd/Class1.c++
Examining data/hylafax-6.0.7/faxd/Class1.h
Examining data/hylafax-6.0.7/faxd/Class10.c++
Examining data/hylafax-6.0.7/faxd/Class10.h
Examining data/hylafax-6.0.7/faxd/Class1Ersatz.c++
Examining data/hylafax-6.0.7/faxd/Class1Ersatz.h
Examining data/hylafax-6.0.7/faxd/Class1Poll.c++
Examining data/hylafax-6.0.7/faxd/Class1Recv.c++
Examining data/hylafax-6.0.7/faxd/Class1Send.c++
Examining data/hylafax-6.0.7/faxd/Class2.c++
Examining data/hylafax-6.0.7/faxd/Class2.h
Examining data/hylafax-6.0.7/faxd/Class20.c++
Examining data/hylafax-6.0.7/faxd/Class20.h
Examining data/hylafax-6.0.7/faxd/Class21.c++
Examining data/hylafax-6.0.7/faxd/Class21.h
Examining data/hylafax-6.0.7/faxd/Class2Ersatz.c++
Examining data/hylafax-6.0.7/faxd/Class2Ersatz.h
Examining data/hylafax-6.0.7/faxd/Class2Poll.c++
Examining data/hylafax-6.0.7/faxd/Class2Recv.c++
Examining data/hylafax-6.0.7/faxd/Class2Send.c++
Examining data/hylafax-6.0.7/faxd/ClassModem.c++
Examining data/hylafax-6.0.7/faxd/ClassModem.h
Examining data/hylafax-6.0.7/faxd/CopyQuality.c++
Examining data/hylafax-6.0.7/faxd/DestInfo.c++
Examining data/hylafax-6.0.7/faxd/DestInfo.h
Examining data/hylafax-6.0.7/faxd/FaxAcctInfo.c++
Examining data/hylafax-6.0.7/faxd/FaxAcctInfo.h
Examining data/hylafax-6.0.7/faxd/FaxFont.c++
Examining data/hylafax-6.0.7/faxd/FaxFont.h
Examining data/hylafax-6.0.7/faxd/FaxItem.c++
Examining data/hylafax-6.0.7/faxd/FaxItem.h
Examining data/hylafax-6.0.7/faxd/FaxMachineInfo.c++
Examining data/hylafax-6.0.7/faxd/FaxMachineInfo.h
Examining data/hylafax-6.0.7/faxd/FaxMachineLog.c++
Examining data/hylafax-6.0.7/faxd/FaxMachineLog.h
Examining data/hylafax-6.0.7/faxd/FaxModem.c++
Examining data/hylafax-6.0.7/faxd/FaxModem.h
Examining data/hylafax-6.0.7/faxd/FaxPoll.c++
Examining data/hylafax-6.0.7/faxd/FaxRecv.c++
Examining data/hylafax-6.0.7/faxd/FaxRequest.c++
Examining data/hylafax-6.0.7/faxd/FaxRequest.h
Examining data/hylafax-6.0.7/faxd/FaxSend.c++
Examining data/hylafax-6.0.7/faxd/FaxSendStatus.h
Examining data/hylafax-6.0.7/faxd/FaxServer.c++
Examining data/hylafax-6.0.7/faxd/FaxServer.h
Examining data/hylafax-6.0.7/faxd/FaxTrace.h
Examining data/hylafax-6.0.7/faxd/G3Decoder.c++
Examining data/hylafax-6.0.7/faxd/G3Decoder.h
Examining data/hylafax-6.0.7/faxd/G3Encoder.c++
Examining data/hylafax-6.0.7/faxd/G3Encoder.h
Examining data/hylafax-6.0.7/faxd/Getty.c++
Examining data/hylafax-6.0.7/faxd/Getty.h
Examining data/hylafax-6.0.7/faxd/GettyBSD.c++
Examining data/hylafax-6.0.7/faxd/GettyBSD.h
Examining data/hylafax-6.0.7/faxd/GettySysV.c++
Examining data/hylafax-6.0.7/faxd/GettySysV.h
Examining data/hylafax-6.0.7/faxd/HDLCFrame.c++
Examining data/hylafax-6.0.7/faxd/HDLCFrame.h
Examining data/hylafax-6.0.7/faxd/HylaClient.c++
Examining data/hylafax-6.0.7/faxd/HylaClient.h
Examining data/hylafax-6.0.7/faxd/Job.c++
Examining data/hylafax-6.0.7/faxd/Job.h
Examining data/hylafax-6.0.7/faxd/JobControl.c++
Examining data/hylafax-6.0.7/faxd/JobControl.h
Examining data/hylafax-6.0.7/faxd/MemoryDecoder.c++
Examining data/hylafax-6.0.7/faxd/MemoryDecoder.h
Examining data/hylafax-6.0.7/faxd/Modem.c++
Examining data/hylafax-6.0.7/faxd/Modem.h
Examining data/hylafax-6.0.7/faxd/ModemConfig.c++
Examining data/hylafax-6.0.7/faxd/ModemConfig.h
Examining data/hylafax-6.0.7/faxd/ModemServer.c++
Examining data/hylafax-6.0.7/faxd/ModemServer.h
Examining data/hylafax-6.0.7/faxd/NSF.c++
Examining data/hylafax-6.0.7/faxd/NSF.h
Examining data/hylafax-6.0.7/faxd/PCFFont.c++
Examining data/hylafax-6.0.7/faxd/PCFFont.h
Examining data/hylafax-6.0.7/faxd/QLink.c++
Examining data/hylafax-6.0.7/faxd/QLink.h
Examining data/hylafax-6.0.7/faxd/ServerConfig.c++
Examining data/hylafax-6.0.7/faxd/ServerConfig.h
Examining data/hylafax-6.0.7/faxd/TagLine.c++
Examining data/hylafax-6.0.7/faxd/Trigger.c++
Examining data/hylafax-6.0.7/faxd/Trigger.h
Examining data/hylafax-6.0.7/faxd/TriggerRef.c++
Examining data/hylafax-6.0.7/faxd/TriggerRef.h
Examining data/hylafax-6.0.7/faxd/UUCPLock.c++
Examining data/hylafax-6.0.7/faxd/UUCPLock.h
Examining data/hylafax-6.0.7/faxd/choptest.c++
Examining data/hylafax-6.0.7/faxd/cqtest.c++
Examining data/hylafax-6.0.7/faxd/faxApp.c++
Examining data/hylafax-6.0.7/faxd/faxApp.h
Examining data/hylafax-6.0.7/faxd/faxGettyApp.c++
Examining data/hylafax-6.0.7/faxd/faxGettyApp.h
Examining data/hylafax-6.0.7/faxd/faxQCleanApp.c++
Examining data/hylafax-6.0.7/faxd/faxQueueApp.c++
Examining data/hylafax-6.0.7/faxd/faxQueueApp.h
Examining data/hylafax-6.0.7/faxd/faxSendApp.c++
Examining data/hylafax-6.0.7/faxd/faxSendApp.h
Examining data/hylafax-6.0.7/faxd/ixo.h
Examining data/hylafax-6.0.7/faxd/mkhash.c
Examining data/hylafax-6.0.7/faxd/pageSendApp.c++
Examining data/hylafax-6.0.7/faxd/pageSendApp.h
Examining data/hylafax-6.0.7/faxd/t4.h
Examining data/hylafax-6.0.7/faxd/tagtest.c++
Examining data/hylafax-6.0.7/faxd/tif_fax3.h
Examining data/hylafax-6.0.7/faxd/trigtest.c++
Examining data/hylafax-6.0.7/faxd/tsitest.c++
Examining data/hylafax-6.0.7/faxmail/MIMEState.c++
Examining data/hylafax-6.0.7/faxmail/MIMEState.h
Examining data/hylafax-6.0.7/faxmail/MsgFmt.c++
Examining data/hylafax-6.0.7/faxmail/MsgFmt.h
Examining data/hylafax-6.0.7/faxmail/faxmail.c++
Examining data/hylafax-6.0.7/faxrm/faxrm.c++
Examining data/hylafax-6.0.7/faxstat/faxstat.c++
Examining data/hylafax-6.0.7/hfaxd/Admin.c++
Examining data/hylafax-6.0.7/hfaxd/FIFO.c++
Examining data/hylafax-6.0.7/hfaxd/FileCache.c++
Examining data/hylafax-6.0.7/hfaxd/FileCache.h
Examining data/hylafax-6.0.7/hfaxd/FileSystem.c++
Examining data/hylafax-6.0.7/hfaxd/FileTransfer.c++
Examining data/hylafax-6.0.7/hfaxd/HylaFAXServer.c++
Examining data/hylafax-6.0.7/hfaxd/HylaFAXServer.h
Examining data/hylafax-6.0.7/hfaxd/InetFaxServer.c++
Examining data/hylafax-6.0.7/hfaxd/InetFaxServer.h
Examining data/hylafax-6.0.7/hfaxd/Jobs.c++
Examining data/hylafax-6.0.7/hfaxd/Login.c++
Examining data/hylafax-6.0.7/hfaxd/PAM.c++
Examining data/hylafax-6.0.7/hfaxd/Parser.c++
Examining data/hylafax-6.0.7/hfaxd/RecvQueue.c++
Examining data/hylafax-6.0.7/hfaxd/SNPPServer.c++
Examining data/hylafax-6.0.7/hfaxd/SNPPServer.h
Examining data/hylafax-6.0.7/hfaxd/Status.c++
Examining data/hylafax-6.0.7/hfaxd/SuperServer.c++
Examining data/hylafax-6.0.7/hfaxd/SuperServer.h
Examining data/hylafax-6.0.7/hfaxd/Trace.h
Examining data/hylafax-6.0.7/hfaxd/Trigger.c++
Examining data/hylafax-6.0.7/hfaxd/UnixFaxServer.c++
Examining data/hylafax-6.0.7/hfaxd/UnixFaxServer.h
Examining data/hylafax-6.0.7/hfaxd/User.c++
Examining data/hylafax-6.0.7/hfaxd/main.c++
Examining data/hylafax-6.0.7/hfaxd/manifest.h
Examining data/hylafax-6.0.7/libhylafax/Array.c++
Examining data/hylafax-6.0.7/libhylafax/Array.h
Examining data/hylafax-6.0.7/libhylafax/AtSyntax.c++
Examining data/hylafax-6.0.7/libhylafax/BoolArray.c++
Examining data/hylafax-6.0.7/libhylafax/BoolArray.h
Examining data/hylafax-6.0.7/libhylafax/CallID.c++
Examining data/hylafax-6.0.7/libhylafax/CallID.h
Examining data/hylafax-6.0.7/libhylafax/Class2Params.c++
Examining data/hylafax-6.0.7/libhylafax/Class2Params.h
Examining data/hylafax-6.0.7/libhylafax/DSmacros.h
Examining data/hylafax-6.0.7/libhylafax/DialRules.c++
Examining data/hylafax-6.0.7/libhylafax/DialRules.h
Examining data/hylafax-6.0.7/libhylafax/Dictionary.c++
Examining data/hylafax-6.0.7/libhylafax/Dictionary.h
Examining data/hylafax-6.0.7/libhylafax/Dispatcher.c++
Examining data/hylafax-6.0.7/libhylafax/Dispatcher.h
Examining data/hylafax-6.0.7/libhylafax/Fatal.c++
Examining data/hylafax-6.0.7/libhylafax/FaxClient.h
Examining data/hylafax-6.0.7/libhylafax/FaxConfig.c++
Examining data/hylafax-6.0.7/libhylafax/FaxConfig.h
Examining data/hylafax-6.0.7/libhylafax/FaxDB.c++
Examining data/hylafax-6.0.7/libhylafax/FaxDB.h
Examining data/hylafax-6.0.7/libhylafax/FaxParams.c++
Examining data/hylafax-6.0.7/libhylafax/FaxParams.h
Examining data/hylafax-6.0.7/libhylafax/FaxRecvInfo.c++
Examining data/hylafax-6.0.7/libhylafax/FaxRecvInfo.h
Examining data/hylafax-6.0.7/libhylafax/FaxSendInfo.c++
Examining data/hylafax-6.0.7/libhylafax/FaxSendInfo.h
Examining data/hylafax-6.0.7/libhylafax/FmtTime.c++
Examining data/hylafax-6.0.7/libhylafax/IOHandler.c++
Examining data/hylafax-6.0.7/libhylafax/IOHandler.h
Examining data/hylafax-6.0.7/libhylafax/InetTransport.c++
Examining data/hylafax-6.0.7/libhylafax/InetTransport.h
Examining data/hylafax-6.0.7/libhylafax/JobExt.c++
Examining data/hylafax-6.0.7/libhylafax/JobExt.h
Examining data/hylafax-6.0.7/libhylafax/ModemExt.c++
Examining data/hylafax-6.0.7/libhylafax/ModemExt.h
Examining data/hylafax-6.0.7/libhylafax/NLS.c++
Examining data/hylafax-6.0.7/libhylafax/NLS.h
Examining data/hylafax-6.0.7/libhylafax/Obj.c++
Examining data/hylafax-6.0.7/libhylafax/Obj.h
Examining data/hylafax-6.0.7/libhylafax/PageSize.c++
Examining data/hylafax-6.0.7/libhylafax/PageSize.h
Examining data/hylafax-6.0.7/libhylafax/Ptr.h
Examining data/hylafax-6.0.7/libhylafax/RE.c++
Examining data/hylafax-6.0.7/libhylafax/RE.h
Examining data/hylafax-6.0.7/libhylafax/REArray.c++
Examining data/hylafax-6.0.7/libhylafax/REArray.h
Examining data/hylafax-6.0.7/libhylafax/REDict.c++
Examining data/hylafax-6.0.7/libhylafax/REDict.h
Examining data/hylafax-6.0.7/libhylafax/Range.c++
Examining data/hylafax-6.0.7/libhylafax/Range.h
Examining data/hylafax-6.0.7/libhylafax/SNPPClient.h
Examining data/hylafax-6.0.7/libhylafax/SNPPJob.c++
Examining data/hylafax-6.0.7/libhylafax/SNPPJob.h
Examining data/hylafax-6.0.7/libhylafax/SendFaxClient.c++
Examining data/hylafax-6.0.7/libhylafax/SendFaxClient.h
Examining data/hylafax-6.0.7/libhylafax/SendFaxJob.c++
Examining data/hylafax-6.0.7/libhylafax/SendFaxJob.h
Examining data/hylafax-6.0.7/libhylafax/Sequence.c++
Examining data/hylafax-6.0.7/libhylafax/Sequence.h
Examining data/hylafax-6.0.7/libhylafax/Socket.h
Examining data/hylafax-6.0.7/libhylafax/StackBuffer.c++
Examining data/hylafax-6.0.7/libhylafax/StackBuffer.h
Examining data/hylafax-6.0.7/libhylafax/Status.c++
Examining data/hylafax-6.0.7/libhylafax/Status.h
Examining data/hylafax-6.0.7/libhylafax/Str.c++
Examining data/hylafax-6.0.7/libhylafax/Str.h
Examining data/hylafax-6.0.7/libhylafax/StrArray.c++
Examining data/hylafax-6.0.7/libhylafax/StrArray.h
Examining data/hylafax-6.0.7/libhylafax/StrDict.c++
Examining data/hylafax-6.0.7/libhylafax/StrDict.h
Examining data/hylafax-6.0.7/libhylafax/Sys.c++
Examining data/hylafax-6.0.7/libhylafax/Sys.h
Examining data/hylafax-6.0.7/libhylafax/SystemLog.c++
Examining data/hylafax-6.0.7/libhylafax/SystemLog.h
Examining data/hylafax-6.0.7/libhylafax/TextFormat.h
Examining data/hylafax-6.0.7/libhylafax/TimeOfDay.c++
Examining data/hylafax-6.0.7/libhylafax/TimeOfDay.h
Examining data/hylafax-6.0.7/libhylafax/Timeout.c++
Examining data/hylafax-6.0.7/libhylafax/Timeout.h
Examining data/hylafax-6.0.7/libhylafax/Transport.c++
Examining data/hylafax-6.0.7/libhylafax/Transport.h
Examining data/hylafax-6.0.7/libhylafax/TypeRules.h
Examining data/hylafax-6.0.7/libhylafax/Types.h
Examining data/hylafax-6.0.7/libhylafax/UnixTransport.c++
Examining data/hylafax-6.0.7/libhylafax/UnixTransport.h
Examining data/hylafax-6.0.7/libhylafax/class2.h
Examining data/hylafax-6.0.7/libhylafax/cvtfacility.c
Examining data/hylafax-6.0.7/libhylafax/fxassert.c
Examining data/hylafax-6.0.7/libhylafax/t.30.h
Examining data/hylafax-6.0.7/libhylafax/FaxClient.c++
Examining data/hylafax-6.0.7/libhylafax/SNPPClient.c++
Examining data/hylafax-6.0.7/libhylafax/TextFormat.c++
Examining data/hylafax-6.0.7/libhylafax/TypeRules.c++
Examining data/hylafax-6.0.7/port/flock.c
Examining data/hylafax-6.0.7/port/ftruncate.c
Examining data/hylafax-6.0.7/port/getopt.c
Examining data/hylafax-6.0.7/port/mkdtemp.c
Examining data/hylafax-6.0.7/port/mkstemp.c
Examining data/hylafax-6.0.7/port/random.c
Examining data/hylafax-6.0.7/port/setegid.c
Examining data/hylafax-6.0.7/port/setenv.c
Examining data/hylafax-6.0.7/port/seteuid.c
Examining data/hylafax-6.0.7/port/setvbuf.c
Examining data/hylafax-6.0.7/port/snprintf.c
Examining data/hylafax-6.0.7/port/srandom.c
Examining data/hylafax-6.0.7/port/strcasecmp.c
Examining data/hylafax-6.0.7/port/strtod.c
Examining data/hylafax-6.0.7/port/strtoul.c
Examining data/hylafax-6.0.7/port/syslog.c
Examining data/hylafax-6.0.7/port/vsnprintf.c
Examining data/hylafax-6.0.7/port/vsyslog.c
Examining data/hylafax-6.0.7/port/writev.c
Examining data/hylafax-6.0.7/regex/cclass.h
Examining data/hylafax-6.0.7/regex/cname.h
Examining data/hylafax-6.0.7/regex/engine.c
Examining data/hylafax-6.0.7/regex/regcomp.c
Examining data/hylafax-6.0.7/regex/regerror.c
Examining data/hylafax-6.0.7/regex/regex.h
Examining data/hylafax-6.0.7/regex/regex2.h
Examining data/hylafax-6.0.7/regex/regexec.c
Examining data/hylafax-6.0.7/regex/regfree.c
Examining data/hylafax-6.0.7/regex/utils.h
Examining data/hylafax-6.0.7/sendfax/sendfax.c++
Examining data/hylafax-6.0.7/sendpage/sendpage.c++
Examining data/hylafax-6.0.7/sgi2fax/hipass.c
Examining data/hylafax-6.0.7/sgi2fax/hipass.h
Examining data/hylafax-6.0.7/sgi2fax/imgtofax.c
Examining data/hylafax-6.0.7/sgi2fax/izoom.c
Examining data/hylafax-6.0.7/sgi2fax/izoom.h
Examining data/hylafax-6.0.7/sgi2fax/lum.h
Examining data/hylafax-6.0.7/sgi2fax/lut.c
Examining data/hylafax-6.0.7/sgi2fax/lut.h
Examining data/hylafax-6.0.7/sgi2fax/rand.c
Examining data/hylafax-6.0.7/sgi2fax/row.c
Examining data/hylafax-6.0.7/util/checkat.c++
Examining data/hylafax-6.0.7/util/dialtest.c++
Examining data/hylafax-6.0.7/util/faxadduser.c
Examining data/hylafax-6.0.7/util/faxconfig.c
Examining data/hylafax-6.0.7/util/faxdeluser.c
Examining data/hylafax-6.0.7/util/faxfetch.c++
Examining data/hylafax-6.0.7/util/faxinfo.c++
Examining data/hylafax-6.0.7/util/faxmodem.c
Examining data/hylafax-6.0.7/util/faxmsg.c
Examining data/hylafax-6.0.7/util/faxstate.c
Examining data/hylafax-6.0.7/util/faxwatch.c++
Examining data/hylafax-6.0.7/util/textfmt.c++
Examining data/hylafax-6.0.7/util/tiffcheck.c++
Examining data/hylafax-6.0.7/util/typetest.c++
FINAL RESULTS:
data/hylafax-6.0.7/faxd/FaxRecv.c++:98:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
Sys::chmod(ri.qfile, recvFileMode);
data/hylafax-6.0.7/faxd/FaxSend.c++:429:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
Sys::chmod(ri.qfile, recvFileMode);
data/hylafax-6.0.7/faxd/Getty.c++:208:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
Sys::chown(getLine(), 0, sb.st_gid);
data/hylafax-6.0.7/faxd/Getty.c++:213:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
Sys::chmod(getLine(), 0622);
data/hylafax-6.0.7/faxd/Getty.c++:232:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
Sys::chown(device, UUCPLock::getUUCPUid(), UUCPLock::getUUCPGid());
data/hylafax-6.0.7/faxd/Getty.c++:233:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
Sys::chmod(device, 0600); // reset protection
data/hylafax-6.0.7/faxd/ModemServer.c++:135:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
Sys::chmod(FAX_STATUSDIR "/" | modemDevID, 0644);
data/hylafax-6.0.7/faxd/ModemServer.c++:616:14: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (Sys::chown(dev, UUCPLock::getUUCPUid(), sb.st_gid) < 0)
data/hylafax-6.0.7/faxd/ModemServer.c++:622:14: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (Sys::chmod(dev, deviceMode) < 0)
data/hylafax-6.0.7/faxd/UUCPLock.c++:178:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
Sys::chmod(buff, mode);
data/hylafax-6.0.7/faxd/UUCPLock.c++:183:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
Sys::chown(buff, UUCPuid, UUCPgid);
data/hylafax-6.0.7/hfaxd/FileCache.c++:131:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
FileCache::chmod(const char* pathname, mode_t mode)
data/hylafax-6.0.7/hfaxd/FileCache.c++:133:14: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (Sys::chmod(pathname, mode) < 0)
data/hylafax-6.0.7/hfaxd/FileCache.c++:156:12: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
FileCache::chown(const char* pathname, uid_t uid, gid_t gid)
data/hylafax-6.0.7/hfaxd/FileCache.c++:170:21: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
bool ok = (Sys::chown(pathname, uid, gid) >= 0);
data/hylafax-6.0.7/hfaxd/FileCache.h:60:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
static bool chmod(const char* pathname, mode_t mode);
data/hylafax-6.0.7/hfaxd/FileCache.h:61:17: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
static bool chown(const char* pathname, uid_t uid, gid_t gid);
data/hylafax-6.0.7/hfaxd/FileSystem.c++:91:18: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (!FileCache::chown(pathname, sb.st_uid, (gid_t) id))
data/hylafax-6.0.7/hfaxd/FileSystem.c++:108:18: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (!FileCache::chmod(pathname, mode))
data/hylafax-6.0.7/hfaxd/FileSystem.c++:413:25: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (!FileCache::chown(file, sb.st_uid, (gid_t) uid)) {
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:573:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
FileCache::chmod(filename, 0640); // sync cache
data/hylafax-6.0.7/hfaxd/Jobs.c++:931:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
FileCache::chmod(file, jobProtection); // sync cache
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:866:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
FileCache::chmod(msgFile, 0660); // sync cache
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:1068:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
FileCache::chmod(msgFile, 0660); // sync cache
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:1116:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
FileCache::chmod(file, 0660); // sync cache
data/hylafax-6.0.7/hfaxd/UnixFaxServer.c++:63:18: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
(void) Sys::chmod(fileName, 0622);
data/hylafax-6.0.7/libhylafax/JobExt.c++:32:1: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(fxStr& s, const char*& cp)
data/hylafax-6.0.7/libhylafax/JobExt.c++:43:5: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(jobid, cp);
data/hylafax-6.0.7/libhylafax/JobExt.c++:44:5: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(dest, cp);
data/hylafax-6.0.7/libhylafax/JobExt.c++:45:5: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(device, cp);
data/hylafax-6.0.7/libhylafax/JobExt.c++:46:5: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(commid, cp);
data/hylafax-6.0.7/libhylafax/ModemExt.c++:33:1: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(fxStr& s, const char*& cp)
data/hylafax-6.0.7/libhylafax/ModemExt.c++:42:5: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(devID, cp);
data/hylafax-6.0.7/libhylafax/ModemExt.c++:43:5: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(number, cp);
data/hylafax-6.0.7/libhylafax/ModemExt.c++:44:5: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(commid, cp);
data/hylafax-6.0.7/libhylafax/Sys.h:84:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
static int chmod(const char* file, mode_t m)
data/hylafax-6.0.7/libhylafax/Sys.h:85:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
{ return ::chmod(file, m); }
data/hylafax-6.0.7/libhylafax/Sys.h:86:16: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
static int chown(const char* file, uid_t u, gid_t g)
data/hylafax-6.0.7/libhylafax/Sys.h:87:13: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
{ return ::chown(file, u, g); }
data/hylafax-6.0.7/util/faxdeluser.c:108:23: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (pw == NULL || chown(hostfile, pw->pw_uid, pw->pw_uid)) {
data/hylafax-6.0.7/etc/ondelay.c:53:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[2], &av[2]);
data/hylafax-6.0.7/faxcover/faxcover.c++:477:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/faxd/Class2.c++:409:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(cap, notation,
data/hylafax-6.0.7/faxd/Class2.c++:413:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
n = sscanf(cap, notation,
data/hylafax-6.0.7/faxd/Getty.c++:193:14: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Sys::execv(getty, argv);
data/hylafax-6.0.7/faxd/ModemServer.c++:362:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pcinfo.pc_clname, si.clname);
data/hylafax-6.0.7/faxd/ModemServer.c++:432:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(statusFile, fmt, ap);
data/hylafax-6.0.7/faxd/UUCPLock.c++:171:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* buff = strcpy(new char[templ.length() + 1], templ);
data/hylafax-6.0.7/faxd/choptest.c++:53:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/faxd/choptest.c++:99:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((doAll
data/hylafax-6.0.7/faxd/cqtest.c++:96:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/hylafax-6.0.7/faxd/faxApp.c++:389:2: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sh", "sh", "-c", cmd, (char*) NULL);
data/hylafax-6.0.7/faxd/faxGettyApp.c++:364:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sh", "sh", "-c", (const char*) cmd, (char*) NULL);
data/hylafax-6.0.7/faxd/faxQueueApp.c++:1273:11: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Sys::execv(app, argv);
data/hylafax-6.0.7/faxd/faxQueueApp.c++:1447:10: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Sys::execv(cmd, (char* const*) av);
data/hylafax-6.0.7/faxd/faxQueueApp.c++:1862:8: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Sys::execv(app[0], (char * const*)app);
data/hylafax-6.0.7/faxd/tagtest.c++:363:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/faxd/tagtest.c++:395:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/faxd/trigtest.c++:128:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(jobNames[h.event&15]);
data/hylafax-6.0.7/faxd/trigtest.c++:180:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(sendNames[h.event&15], h.event);
data/hylafax-6.0.7/faxd/trigtest.c++:225:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(modemNames[h.event&15], (const char*) modem.devID);
data/hylafax-6.0.7/faxd/trigtest.c++:299:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fifoName, (const char*) fn);
data/hylafax-6.0.7/faxd/tsitest.c++:95:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(_("Bad TSI pattern: %s: ") | emsg | ".\n", re->pattern());
data/hylafax-6.0.7/faxd/tsitest.c++:178:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(((*acceptTSI)[i] ?
data/hylafax-6.0.7/faxmail/MsgFmt.c++:214:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* cp = strcpy(new char[strlen(value) + 1], value);
data/hylafax-6.0.7/faxmail/faxmail.c++:493:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (Sys::access(app, X_OK) >= 0)
data/hylafax-6.0.7/faxmail/faxmail.c++:738:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff, templ);
data/hylafax-6.0.7/faxmail/faxmail.c++:802:7: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Sys::execv(app, (char* const*) av);
data/hylafax-6.0.7/faxmail/faxmail.c++:950:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fd, fmt, ap);
data/hylafax-6.0.7/hfaxd/Admin.c++:138:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/hfaxd/Jobs.c++:523:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/hylafax-6.0.7/hfaxd/Login.c++:213:17: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if ((strcmp(crypt(pass, adminwd), adminwd) != 0) && !isAdminGroup()) {
data/hylafax-6.0.7/hfaxd/UnixFaxServer.c++:129:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data_source.sun_path, ctrl_addr.sun_path);
data/hylafax-6.0.7/hfaxd/User.c++:205:16: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
if (strcmp(crypt(pass,passwd),passwd) == 0)
data/hylafax-6.0.7/hfaxd/User.c++:347:14: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
result = crypt(pass, salt);
data/hylafax-6.0.7/hfaxd/User.c++:405:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/hfaxd/User.c++:475:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/libhylafax/DialRules.c++:403:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NLS::TEXT("%s: line %u: "), (const char*) filename, lineno);
data/hylafax-6.0.7/libhylafax/DialRules.c++:404:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/DialRules.c++:415:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, NLS::TEXT("%s: line %u: "), (const char*) filename, lineno);
data/hylafax-6.0.7/libhylafax/DialRules.c++:416:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/hylafax-6.0.7/libhylafax/DialRules.c++:426:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/hylafax-6.0.7/libhylafax/Fatal.c++:36:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/FaxClient.c++:104:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/FaxClient.c++:120:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/FaxClient.c++:135:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/hylafax-6.0.7/libhylafax/FaxClient.c++:437:13: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
return (getpass(prompt));
data/hylafax-6.0.7/libhylafax/FaxClient.c++:446:43: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
if (command("ADMIN %s", pass ? pass : getpass("Password:")) != COMPLETE) {
data/hylafax-6.0.7/libhylafax/FaxDB.c++:125:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NLS::TEXT("%s: line %d: Unmatched \"]\".\n"),
data/hylafax-6.0.7/libhylafax/FaxDB.c++:137:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NLS::TEXT("%s: line %d: Missing \":\" separator.\n"),
data/hylafax-6.0.7/libhylafax/FaxDB.c++:185:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NLS::TEXT("%s: Premature EOF.\n"), (const char*) filename);
data/hylafax-6.0.7/libhylafax/Obj.c++:39:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NLS::TEXT("%s: Sub class must define method \"%s\".\n"),
data/hylafax-6.0.7/libhylafax/PageSize.c++:52:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NLS::TEXT("%s: line %u: "), file, lineno);
data/hylafax-6.0.7/libhylafax/PageSize.c++:53:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/PageSize.c++:129:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:91:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:107:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:122:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:589:13: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
return (getpass(prompt));
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:649:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fdOut, fmt, ap);
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:892:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NLS::TEXT("destination pin %s: request id is %s for host %s\n")
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:196:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:248:8: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Sys::execv(coverCmd, (char* const*) av);
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:501:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(P_("request id is %s (group id %s) for host %s (%u file)\n",
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:665:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:666:14: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
Sys::mktemp(buff);
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:684:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(sysCmd) != 0) {
data/hylafax-6.0.7/libhylafax/Str.c++:154:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int len = vsnprintf(s.data, size, fmt, ap);
data/hylafax-6.0.7/libhylafax/Str.c++:166:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(s.data, size, fmt, ap);
data/hylafax-6.0.7/libhylafax/Str.c++:193:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(tmp, size, fmt, ac);
data/hylafax-6.0.7/libhylafax/Sys.h:79:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static int access(const char* path, int mode)
data/hylafax-6.0.7/libhylafax/Sys.h:80:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
{ return ::access(path, mode); }
data/hylafax-6.0.7/libhylafax/Sys.h:101:17: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static void execv(const char* path, char* const* argv)
data/hylafax-6.0.7/libhylafax/Sys.h:103:6: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
{ ::execv(path, (const char**) argv); }
data/hylafax-6.0.7/libhylafax/Sys.h:105:6: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
{ ::execv(path, argv); }
data/hylafax-6.0.7/libhylafax/Sys.h:127:18: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
static char* mktemp(char* templ) { return ::mktemp(templ); }
data/hylafax-6.0.7/libhylafax/Sys.h:127:49: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
static char* mktemp(char* templ) { return ::mktemp(templ); }
data/hylafax-6.0.7/libhylafax/TextFormat.c++:100:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/TextFormat.c++:110:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/TextFormat.c++:120:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/TextFormat.c++:514:16: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
char* cp = getlogin();
data/hylafax-6.0.7/libhylafax/TextFormat.c++:543:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(output, defPrologue
data/hylafax-6.0.7/libhylafax/TextFormat.c++:954:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(tf, outlineCol, outline,
data/hylafax-6.0.7/libhylafax/TextFormat.c++:1155:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/TextFormat.c++:1293:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fd, defISOFont, (const char*) setproc,
data/hylafax-6.0.7/libhylafax/TextFormat.c++:1296:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fd, defRegularFont, (const char*) setproc,
data/hylafax-6.0.7/libhylafax/TypeRules.c++:94:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NLS::TEXT("rule: %soffset %#lx %s %s"),
data/hylafax-6.0.7/libhylafax/TypeRules.c++:125:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NLS::TEXT("failed (unprintable char %#x)\n"), cp[i]);
data/hylafax-6.0.7/libhylafax/TypeRules.c++:137:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NLS::TEXT("failed (unprintable char %#x)\n"), cp[i]);
data/hylafax-6.0.7/libhylafax/TypeRules.c++:195:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NLS::TEXT("success (result %s, rule \"%s\")\n"),
data/hylafax-6.0.7/libhylafax/TypeRules.c++:313:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NLS::TEXT("%s: line %u: "), file, lineno);
data/hylafax-6.0.7/libhylafax/TypeRules.c++:314:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/libhylafax/TypeRules.c++:325:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NLS::TEXT("%s: Can not open type rules file.\n"),
data/hylafax-6.0.7/libhylafax/TypeRules.c++:492:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(NLS::TEXT("match against (..., %u)\n"), size);
data/hylafax-6.0.7/port/mkdtemp.c:34:9: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
if (mktemp(pat) == NULL)
data/hylafax-6.0.7/port/mkstemp.c:35:18: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
return (open(mktemp(fpat), O_RDWR|O_CREAT, 0644));
data/hylafax-6.0.7/port/setenv.c:61:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_env, "%s=%s", name, value);
data/hylafax-6.0.7/port/snprintf.c:31:1: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(char* buf, size_t n, const char* fmt, ...)
data/hylafax-6.0.7/port/snprintf.c:36:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(buf, fmt, ap);
data/hylafax-6.0.7/port/syslog.c:76:1: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
syslog(int pri, const char *fmt, ...)
data/hylafax-6.0.7/port/syslog.c:112:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(p, LogTag);
data/hylafax-6.0.7/port/syslog.c:140:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void)vsnprintf(p, tbuf + sizeof(tbuf) - p, fmt_cpy, ap);
data/hylafax-6.0.7/port/vsnprintf.c:30:1: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(char* buf, size_t n, const char* fmt, va_list ap)
data/hylafax-6.0.7/port/vsnprintf.c:32:15: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
int len = vsprintf(buf, fmt, ap);
data/hylafax-6.0.7/port/vsyslog.c:52:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void) vsnprintf(tbuf, sizeof(tbuf), fmt_cpy, ap);
data/hylafax-6.0.7/regex/regcomp.c:1262:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(cs->multis + oldend - 1, cp);
data/hylafax-6.0.7/regex/regerror.c:137:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(convbuf, r->name);
data/hylafax-6.0.7/regex/regerror.c:149:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(errbuf, s);
data/hylafax-6.0.7/sendfax/sendfax.c++:363:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/sendfax/sendfax.c++:432:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fd, fmt, ap);
data/hylafax-6.0.7/sendpage/sendpage.c++:201:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/sendpage/sendpage.c++:279:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fd, fmt, ap);
data/hylafax-6.0.7/sgi2fax/imgtofax.c:80:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/util/faxadduser.c:110:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
fprintf(hf, ":%s", crypt(password, salt_buff));
data/hylafax-6.0.7/util/faxadduser.c:118:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
fprintf(hf, ":%s", crypt(adminword, salt_buff));
data/hylafax-6.0.7/util/faxconfig.c:44:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/util/faxconfig.c:85:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fifoname, devid);
data/hylafax-6.0.7/util/faxconfig.c:94:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fifoname, FAX_FIFO);
data/hylafax-6.0.7/util/faxfetch.c++:58:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/util/faxinfo.c++:151:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(faxStart, filename);
data/hylafax-6.0.7/util/faxinfo.c++:157:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fieldStart, name);
data/hylafax-6.0.7/util/faxinfo.c++:160:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(val_fmt, ap);
data/hylafax-6.0.7/util/faxinfo.c++:162:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fieldEnd, name);
data/hylafax-6.0.7/util/faxinfo.c++:168:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(faxEnd, filename);
data/hylafax-6.0.7/util/faxmodem.c:44:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/util/faxmodem.c:293:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(devname, argv[optind] + pdevlen);
data/hylafax-6.0.7/util/faxmodem.c:299:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(devname, argv[optind]);
data/hylafax-6.0.7/util/faxmsg.c:43:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/util/faxmsg.c:124:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fifoname, argv[optind]);
data/hylafax-6.0.7/util/faxmsg.c:136:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fifoname, FAX_FIFO);
data/hylafax-6.0.7/util/faxmsg.c:149:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cmdlen = snprintf(cmd, sizeof(cmd), cmdfmt, arg);
data/hylafax-6.0.7/util/faxstate.c:43:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/hylafax-6.0.7/util/faxstate.c:120:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(devid, argv[optind]);
data/hylafax-6.0.7/faxalter/faxalter.c++:103:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "Ca:d:h:k:m:n:P:t:Z:ADQRgprv")) != -1)
data/hylafax-6.0.7/faxcover/faxcover.c++:109:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* cp = getenv("FAXCOVER");
data/hylafax-6.0.7/faxcover/faxcover.c++:114:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "C:D:L:M:N:V:X:n:t:f:c:p:l:m:r:s:v:x:z:")) != -1)
data/hylafax-6.0.7/faxd/Getty.c++:150:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* val = getenv(var);
data/hylafax-6.0.7/faxd/choptest.c++:71:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "t:a")) != -1)
data/hylafax-6.0.7/faxd/cqtest.c++:514:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "m:o:p:")) != -1)
data/hylafax-6.0.7/faxd/faxApp.c++:54:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = Sys::getopt(argc, argv, opts);
data/hylafax-6.0.7/faxd/faxApp.c++:58:43: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
void GetoptIter::operator++() { c = Sys::getopt(argc, argv, opts); }
data/hylafax-6.0.7/faxd/faxApp.c++:59:45: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
void GetoptIter::operator++(int) { c = Sys::getopt(argc, argv, opts); }
data/hylafax-6.0.7/faxd/faxQueueApp.c++:455:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Sys::now() + random() % requeueInterval);
data/hylafax-6.0.7/faxd/faxQueueApp.c++:508:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Sys::now() + random() % requeueInterval);
data/hylafax-6.0.7/faxd/faxQueueApp.c++:1749:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
: (requeueInterval>>1) + (random()%requeueInterval));
data/hylafax-6.0.7/faxd/tagtest.c++:419:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "f:m:o:")) != -1)
data/hylafax-6.0.7/faxd/tsitest.c++:149:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, ":q")) != -1)
data/hylafax-6.0.7/faxmail/faxmail.c++:161:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "12b:cC:df:H:i:M:nNp:rRs:t:Tu:vW:")) != -1)
data/hylafax-6.0.7/faxrm/faxrm.c++:62:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "ah:dv")) != -1)
data/hylafax-6.0.7/faxstat/faxstat.c++:66:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "h:adgfilrsv")) != -1)
data/hylafax-6.0.7/hfaxd/Login.c++:175:21: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
bool isSetup = (chroot(".") >= 0 && chdir("/") >= 0);
data/hylafax-6.0.7/hfaxd/User.c++:332:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((int) Sys::now());
data/hylafax-6.0.7/hfaxd/User.c++:343:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
to64(&salt[5], random(), 4);
data/hylafax-6.0.7/hfaxd/User.c++:345:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
to64(&salt[0], random(), 2);
data/hylafax-6.0.7/hfaxd/main.c++:225:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, opts)) != -1)
data/hylafax-6.0.7/hfaxd/main.c++:255:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, opts)) != -1)
data/hylafax-6.0.7/libhylafax/FaxClient.c++:197:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* name = getenv("FAXUSER");
data/hylafax-6.0.7/libhylafax/FaxClient.c++:328:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* cp = getenv("FAXSERVER");
data/hylafax-6.0.7/libhylafax/FaxConfig.c++:94:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* cp = getenv("HOME");
data/hylafax-6.0.7/libhylafax/InetTransport.c++:78:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("FAXSERVICE")) && *cp != '\0') {
data/hylafax-6.0.7/libhylafax/NLS.c++:39:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ldir = getenv("HFLOCALEDIR");
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:411:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* cp = getenv("SNPPSERVER");
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:450:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("SNPPSERVICE")) && *cp != '\0') {
data/hylafax-6.0.7/libhylafax/Sys.h:117:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
static int getopt(int argc, char* const* argv, const char* optstring)
data/hylafax-6.0.7/libhylafax/Sys.h:119:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
{ return ::getopt(argc, (char**) argv, (char*) optstring); }
data/hylafax-6.0.7/libhylafax/Sys.h:121:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
{ return ::getopt(argc, argv, optstring); }
data/hylafax-6.0.7/port/getopt.c:54:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt(int nargc, char** nargv, char* ostr)
data/hylafax-6.0.7/port/random.c:32:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(void)
data/hylafax-6.0.7/port/random.c:34:12: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return lrand48();
data/hylafax-6.0.7/port/setenv.c:44:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(name) )
data/hylafax-6.0.7/port/srandom.c:32:1: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(int seed)
data/hylafax-6.0.7/sendfax/sendfax.c++:96:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "a:b:B:c:C:d:f:F:h:i:I:k:M:o:P:r:s:S:t:T:U:V:W:x:X:y:Y:z:Z:123lmnpvwADEGNR")) != -1) {
data/hylafax-6.0.7/sendpage/sendpage.c++:86:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "a:De:f:h:i:I:l:nNp:qRs:t:T:v")) != -1)
data/hylafax-6.0.7/sgi2fax/imgtofax.c:287:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "o:r:g:b:h:s:v:w:12")) != -1)
data/hylafax-6.0.7/sgi2fax/rand.c:31:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (random() % 10000)/10000.0;
data/hylafax-6.0.7/util/dialtest.c++:77:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "a:c:i:l:qv")) != -1)
data/hylafax-6.0.7/util/faxadduser.c:68:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:f:h:p:u:")) != -1) {
data/hylafax-6.0.7/util/faxadduser.c:97:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/hylafax-6.0.7/util/faxconfig.c:70:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "m:q:")) != -1)
data/hylafax-6.0.7/util/faxdeluser.c:55:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "f:?:")) != -1) {
data/hylafax-6.0.7/util/faxfetch.c++:73:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "h:o:p:svz")) != -1)
data/hylafax-6.0.7/util/faxinfo.c++:179:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "C:c:rnbS:s:e:E:D")) != -1)
data/hylafax-6.0.7/util/faxmodem.c:266:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c:q:u:pP")) != -1)
data/hylafax-6.0.7/util/faxmsg.c:104:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, opts)) != -1)
data/hylafax-6.0.7/util/faxstate.c:101:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "s:q:n")) != -1)
data/hylafax-6.0.7/util/faxwatch.c++:76:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "gh:lv")) != -1)
data/hylafax-6.0.7/util/textfmt.c++:91:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "f:F:m:M:o:p:s:V:12BcDGrRU")) != -1)
data/hylafax-6.0.7/util/tiffcheck.c++:68:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "r:l:w:U123")) != -1)
data/hylafax-6.0.7/util/typetest.c++:104:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = Sys::getopt(argc, argv, "f:")) != -1)
data/hylafax-6.0.7/etc/ondelay.c:45:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open(av[1], O_RDWR|O_NDELAY) < 0) {
data/hylafax-6.0.7/faxalter/faxalter.c++:208:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((u_int) atoi(optarg) > 255)
data/hylafax-6.0.7/faxalter/faxalter.c++:220:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(optarg) < 0)
data/hylafax-6.0.7/faxcover/faxcover.c++:82:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/hylafax-6.0.7/faxcover/faxcover.c++:141:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxcomments = atoi(optarg);
data/hylafax-6.0.7/faxcover/faxcover.c++:144:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxlencomments = atoi(optarg);
data/hylafax-6.0.7/faxcover/faxcover.c++:194:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxCoverApp::open()
data/hylafax-6.0.7/faxcover/faxcover.c++:322:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(tildeExpand("~/" | cover), O_RDONLY);
data/hylafax-6.0.7/faxcover/faxcover.c++:324:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(fxStr(FAX_LIBDATA) | "/" | cover, O_RDONLY);
data/hylafax-6.0.7/faxcover/faxcover.c++:326:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(cover, O_RDONLY);
data/hylafax-6.0.7/faxcover/faxcover.c++:360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/faxcover/faxcover.c++:437:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[128];
data/hylafax-6.0.7/faxcover/faxcover.c++:489:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
app.open();
data/hylafax-6.0.7/faxd/Class1.c++:85:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xmitCaps, basicCaps, sizeof (basicCaps));
data/hylafax-6.0.7/faxd/Class1.c++:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recvCaps, basicCaps, sizeof (basicCaps));
data/hylafax-6.0.7/faxd/Class1.c++:181:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
primaryV34Rate = atoi(conf.class1EnableV34Cmd.extract(pos, conf.class1EnableV34Cmd.next(pos, ',') - pos));
data/hylafax-6.0.7/faxd/Class1.c++:491:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dur = atoi(ncmd.tail(ncmd.length()-7)) * times;
data/hylafax-6.0.7/faxd/Class1.c++:1682:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[1024];
data/hylafax-6.0.7/faxd/Class1Recv.c++:826:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[1]; // trigger signal
data/hylafax-6.0.7/faxd/Class1Recv.c++:1112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppr[32]; // 256 bits
data/hylafax-6.0.7/faxd/Class1Recv.c++:1751:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[1]; // trigger signal
data/hylafax-6.0.7/faxd/Class1Send.c++:1023:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ppr[32]; // 256 bits
data/hylafax-6.0.7/faxd/Class1Send.c++:1216:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pps[4];
data/hylafax-6.0.7/faxd/Class1Send.c++:1398:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctc[2];
data/hylafax-6.0.7/faxd/Class1Send.c++:1862:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (conf.saverawimage) imagefd = Sys::open("/tmp/out.fax", O_RDWR|O_CREAT|O_EXCL);
data/hylafax-6.0.7/faxd/Class1Send.c++:1925:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp, bol, lineLen); // first part of line
data/hylafax-6.0.7/faxd/Class2.c++:639:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[1024]; (void) atResponse(buf, 2*1000); }
data/hylafax-6.0.7/faxd/Class2.h:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hangupCode[5]; // hangup reason (from modem)
data/hylafax-6.0.7/faxd/Class20.c++:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rtfcc[2];
data/hylafax-6.0.7/faxd/Class20.c++:187:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ppmCodes[3] = { 0x2C, 0x3B, 0x2E };
data/hylafax-6.0.7/faxd/Class20.c++:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eop[2];
data/hylafax-6.0.7/faxd/Class2Recv.c++:215:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ppm = atoi(skipStatus(rbuf));
data/hylafax-6.0.7/faxd/Class2Recv.c++:406:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hangupCode, "50"); // force abort in recvEnd
data/hylafax-6.0.7/faxd/Class2Send.c++:108:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(hangupCode)) {
data/hylafax-6.0.7/faxd/Class2Send.c++:438:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (conf.saverawimage) imagefd = Sys::open("/tmp/out.fax", O_RDWR|O_CREAT|O_EXCL);
data/hylafax-6.0.7/faxd/ClassModem.c++:822:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open((const char*) filename, O_RDONLY);
data/hylafax-6.0.7/faxd/ClassModem.c++:1212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[1024];
data/hylafax-6.0.7/faxd/ClassModem.c++:1425:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
incadence[i++] = -atoi(rbuf + conf.dringOff.length());
data/hylafax-6.0.7/faxd/ClassModem.c++:1429:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
incadence[i++] = atoi(rbuf + conf.dringOn.length());
data/hylafax-6.0.7/faxd/ClassModem.h:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[1024]; // last input line
data/hylafax-6.0.7/faxd/CopyQuality.c++:131:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (conf.saverawimage) imagefd = Sys::open("/tmp/in.fax", O_RDWR|O_CREAT|O_EXCL);
data/hylafax-6.0.7/faxd/CopyQuality.c++:240:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recvRow + filledchars, curGood + filledchars, rowSize - filledchars);
data/hylafax-6.0.7/faxd/CopyQuality.c++:286:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (decodedPixels) memcpy(curGood, recvRow, (size_t) rowSize);
data/hylafax-6.0.7/faxd/CopyQuality.c++:415:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recvRow, (const char*) buf, cc);
data/hylafax-6.0.7/faxd/CopyQuality.c++:451:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recvRow, (const char*) raw, n);
data/hylafax-6.0.7/faxd/CopyQuality.c++:512:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateTime[24];
data/hylafax-6.0.7/faxd/CopyQuality.c++:917:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[4]; // size of the page count signal
data/hylafax-6.0.7/faxd/CopyQuality.c++:1053:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recvRow, (const char*) buf, cc);
data/hylafax-6.0.7/faxd/CopyQuality.c++:1116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/hylafax-6.0.7/faxd/FaxAcctInfo.c++:42:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(FAX_XFERLOG, O_RDWR|O_CREAT|O_APPEND, 0644);
data/hylafax-6.0.7/faxd/FaxAcctInfo.c++:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/hylafax-6.0.7/faxd/FaxMachineInfo.c++:336:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(file, O_WRONLY|O_CREAT, 0644);
data/hylafax-6.0.7/faxd/FaxMachineLog.c++:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/hylafax-6.0.7/faxd/FaxModem.c++:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/hylafax-6.0.7/faxd/FaxRecv.c++:117:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ftmp = Sys::open(qfile, O_RDWR|O_CREAT|O_EXCL, recvFileMode);
data/hylafax-6.0.7/faxd/FaxRequest.c++:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stackbuf[2048];
data/hylafax-6.0.7/faxd/FaxRequest.c++:309:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_TOTTRIES: tottries = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:314:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_NPAGES: npages = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:316:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_TOTPAGES: totpages = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:317:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_NTRIES: ntries = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:318:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_MAXTRIES: maxtries = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:319:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_NDIALS: ndials = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:320:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_TOTDIALS: totdials = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:321:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_MAXDIALS: maxdials = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:322:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_PAGEWIDTH: pagewidth = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:323:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_RESOLUTION: resolution = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:324:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_PAGELENGTH: pagelength = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:325:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_PRIORITY: usrpri = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:326:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_SCHEDPRI: pri = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:327:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_NSKIP: nskip = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:328:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_SKIPPAGES: skippages = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:329:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_DESIREDBR: desiredbr = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:336:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_TTS: tts = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:337:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_KILLTIME: killtime = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:338:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_RETRYTIME: retrytime = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:344:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_STATUSCODE: statuscode = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:346:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_RETURNED: status = (FaxSendStatus) atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:347:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_MINBR: minbr = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:348:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_NCOVER: ncover = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:349:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case H_COVERPAGES: coverpages = atoi(tag); break;
data/hylafax-6.0.7/faxd/FaxRequest.c++:624:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(pathname, 0);
data/hylafax-6.0.7/faxd/FaxRequest.c++:646:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dirnum = atoi(tag);
data/hylafax-6.0.7/faxd/FaxRequest.c++:670:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dirnum = atoi(tag);
data/hylafax-6.0.7/faxd/FaxServer.c++:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[MAXHOSTNAMELEN];
data/hylafax-6.0.7/faxd/G3Encoder.c++:347:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, bp, rowbytes);
data/hylafax-6.0.7/faxd/GettyBSD.c++:72:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open("tty", 0); // NB: assumes we're in /dev
data/hylafax-6.0.7/faxd/GettyBSD.c++:77:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(getLine(), O_RDWR|O_NONBLOCK);
data/hylafax-6.0.7/faxd/GettyBSD.c++:126:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open("tty", 0); // NB: assumes we're in /dev
data/hylafax-6.0.7/faxd/GettyBSD.c++:132:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(getLine(), O_RDWR|O_NONBLOCK);
data/hylafax-6.0.7/faxd/GettyBSD.c++:181:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int wfd = Sys::open(_PATH_WTMP, O_WRONLY|O_APPEND);
data/hylafax-6.0.7/faxd/GettyBSD.c++:202:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ufd = Sys::open(_PATH_UTMP, O_RDWR);
data/hylafax-6.0.7/faxd/GettyBSD.c++:222:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ufd = Sys::open(_PATH_UTMP, O_RDONLY);
data/hylafax-6.0.7/faxd/GettySysV.c++:101:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(getLine(), O_RDWR|O_NONBLOCK|O_NOCTTY);
data/hylafax-6.0.7/faxd/GettySysV.c++:145:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(getLine(), O_RDWR|O_NONBLOCK);
data/hylafax-6.0.7/faxd/GettySysV.c++:148:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(getLine(), O_RDWR|O_NONBLOCK|O_NOCTTY);
data/hylafax-6.0.7/faxd/GettySysV.c++:179:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(_PATH_WTMP, O_WRONLY|O_APPEND);
data/hylafax-6.0.7/faxd/HDLCFrame.c++:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base, other.base, len);
data/hylafax-6.0.7/faxd/HDLCFrame.c++:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base, buf, sizeof(buf));
data/hylafax-6.0.7/faxd/HDLCFrame.c++:116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(next, c, len);
data/hylafax-6.0.7/faxd/HylaClient.c++:97:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fifo = Sys::open(fifoName, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/faxd/HylaClient.c++:100:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fifo = Sys::open(fifoName, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/faxd/Job.c++:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/hylafax-6.0.7/faxd/MemoryDecoder.c++:211:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start, (const char*)result, encoded);
data/hylafax-6.0.7/faxd/MemoryDecoder.c++:394:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, (const unsigned char*) result, encoded);
data/hylafax-6.0.7/faxd/MemoryDecoder.c++:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(refrow, rowBuf, byteWidth*sizeof(u_char));
data/hylafax-6.0.7/faxd/MemoryDecoder.c++:418:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, (const unsigned char*) result, cc);
data/hylafax-6.0.7/faxd/MemoryDecoder.c++:477:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(refrow, rowBuf, byteWidth*sizeof(u_char));
data/hylafax-6.0.7/faxd/MemoryDecoder.c++:483:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, (const unsigned char*) result, cc);
data/hylafax-6.0.7/faxd/MemoryDecoder.c++:503:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rasterdst, (const unsigned char*) raster, cc);
data/hylafax-6.0.7/faxd/MemoryDecoder.c++:504:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *pmap[1];
data/hylafax-6.0.7/faxd/MemoryDecoder.c++:528:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, (const unsigned char*) resultBuffer, cc);
data/hylafax-6.0.7/faxd/Modem.c++:467:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(fifoName, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/faxd/ModemConfig.c++:486:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int delay = (u_int) atoi(&esc[6]);
data/hylafax-6.0.7/faxd/ModemConfig.c++:529:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(value)) {
data/hylafax-6.0.7/faxd/ModemConfig.c++:562:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[30];
data/hylafax-6.0.7/faxd/ModemConfig.c++:691:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/hylafax-6.0.7/faxd/ModemConfig.c++:725:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
distinctiveRings[i].cadence[j++] = sign*atoi(cp1);
data/hylafax-6.0.7/faxd/ModemConfig.c++:730:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
distinctiveRings[i].cadence[j] = sign*atoi(cp1);
data/hylafax-6.0.7/faxd/ModemConfig.c++:749:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*this).*numbers[ix].p = atoi(value);
data/hylafax-6.0.7/faxd/ModemConfig.c++:790:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idConfig[callidIndex].answerlength = atoi(value);
data/hylafax-6.0.7/faxd/ModemServer.c++:130:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusFile = Sys::fopen(FAX_STATUSDIR "/" | modemDevID, "w");
data/hylafax-6.0.7/faxd/ModemServer.c++:148:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ModemServer::open()
data/hylafax-6.0.7/faxd/ModemServer.c++:574:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
modemFd = Sys::open(dev, O_RDWR|O_NDELAY|O_NOCTTY);
data/hylafax-6.0.7/faxd/ModemServer.c++:595:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
modemFd = Sys::open(dev, O_RDWR);
data/hylafax-6.0.7/faxd/ModemServer.c++:649:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
modemFd = Sys::open(modemDevice, O_RDWR|O_NDELAY|O_NOCTTY);
data/hylafax-6.0.7/faxd/ModemServer.c++:681:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ftmp = Sys::open(file, O_RDWR|O_CREAT|O_EXCL, logMode);
data/hylafax-6.0.7/faxd/ModemServer.c++:1378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topmodule[FMNAMESZ+1];
data/hylafax-6.0.7/faxd/ModemServer.h:202:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open();
data/hylafax-6.0.7/faxd/PCFFont.c++:100:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ union { int32 i; char c[4]; } u; u.i = 1; isBigEndian = u.c[0] == 0; }
data/hylafax-6.0.7/faxd/PCFFont.c++:131:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/hylafax-6.0.7/faxd/ServerConfig.c++:346:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = Sys::fopen(file, "r");
data/hylafax-6.0.7/faxd/ServerConfig.c++:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/hylafax-6.0.7/faxd/TagLine.c++:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/faxd/UUCPLock.c++:172:19: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = Sys::mkstemp(buff);
data/hylafax-6.0.7/faxd/UUCPLock.c++:251:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(file, O_WRONLY);
data/hylafax-6.0.7/faxd/UUCPLock.c++:282:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(file, O_RDONLY);
data/hylafax-6.0.7/faxd/UUCPLock.c++:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UUCP_PIDDIGITS+1];
data/hylafax-6.0.7/faxd/UUCPLock.c++:328:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atol(buf); // NB: assumes pid_t is <= 32-bits
data/hylafax-6.0.7/faxd/cqtest.c++:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateTime[24];
data/hylafax-6.0.7/faxd/cqtest.c++:231:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recvRow, curGood, (size_t) rowSize);
data/hylafax-6.0.7/faxd/cqtest.c++:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recvRow, (const char*) raw, n);
data/hylafax-6.0.7/faxd/faxApp.c++:86:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void faxApp::open(void) { running = true; }
data/hylafax-6.0.7/faxd/faxApp.c++:137:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(fifoName, CONFIG_OPENFIFO|O_NDELAY, 0);
data/hylafax-6.0.7/faxd/faxApp.c++:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/hylafax-6.0.7/faxd/faxApp.c++:222:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxqfifo = Sys::open(fifoName, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/faxd/faxApp.c++:225:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxqfifo = Sys::open(fifoName, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/faxd/faxApp.c++:360:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(_PATH_DEVNULL, O_RDWR);
data/hylafax-6.0.7/faxd/faxApp.c++:469:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(_PATH_DEVNULL, O_RDWR);
data/hylafax-6.0.7/faxd/faxApp.h:58:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(void);
data/hylafax-6.0.7/faxd/faxGettyApp.c++:106:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxGettyApp::open()
data/hylafax-6.0.7/faxd/faxGettyApp.c++:112:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxApp::open();
data/hylafax-6.0.7/faxd/faxGettyApp.c++:113:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FaxServer::open();
data/hylafax-6.0.7/faxd/faxGettyApp.c++:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/faxd/faxGettyApp.c++:1148:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
app->open();
data/hylafax-6.0.7/faxd/faxGettyApp.h:146:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/hylafax-6.0.7/faxd/faxQCleanApp.c++:148:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(filename, O_RDWR);
data/hylafax-6.0.7/faxd/faxQueueApp.c++:151:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxQueueApp::open()
data/hylafax-6.0.7/faxd/faxQueueApp.c++:153:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxApp::open();
data/hylafax-6.0.7/faxd/faxQueueApp.c++:1116:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(outFile, O_RDWR|O_CREAT|O_EXCL, 0600);
data/hylafax-6.0.7/faxd/faxQueueApp.c++:1125:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(outFile, O_RDWR); // NB: RDWR for flock emulations
data/hylafax-6.0.7/faxd/faxQueueApp.c++:1267:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(_PATH_DEVNULL, O_RDWR);
data/hylafax-6.0.7/faxd/faxQueueApp.c++:1331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/hylafax-6.0.7/faxd/faxQueueApp.c++:1828:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *app[3];
data/hylafax-6.0.7/faxd/faxQueueApp.c++:2457:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(filename, O_RDWR);
data/hylafax-6.0.7/faxd/faxQueueApp.c++:2866:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(job.file, O_RDWR);
data/hylafax-6.0.7/faxd/faxQueueApp.c++:3102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[3];
data/hylafax-6.0.7/faxd/faxQueueApp.c++:3626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/hylafax-6.0.7/faxd/faxQueueApp.c++:3881:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
app->open();
data/hylafax-6.0.7/faxd/faxQueueApp.h:279:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/hylafax-6.0.7/faxd/faxSendApp.c++:90:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxSendApp::open()
data/hylafax-6.0.7/faxd/faxSendApp.c++:92:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FaxServer::open();
data/hylafax-6.0.7/faxd/faxSendApp.c++:93:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxApp::open();
data/hylafax-6.0.7/faxd/faxSendApp.c++:130:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(filenames[i], O_RDWR);
data/hylafax-6.0.7/faxd/faxSendApp.c++:489:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
app->open();
data/hylafax-6.0.7/faxd/faxSendApp.h:94:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/hylafax-6.0.7/faxd/mkhash.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[80];
data/hylafax-6.0.7/faxd/pageSendApp.c++:90:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pageSendApp::open()
data/hylafax-6.0.7/faxd/pageSendApp.c++:92:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ModemServer::open();
data/hylafax-6.0.7/faxd/pageSendApp.c++:93:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxApp::open();
data/hylafax-6.0.7/faxd/pageSendApp.c++:130:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(filenames[i], O_RDWR);
data/hylafax-6.0.7/faxd/pageSendApp.c++:281:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(req.items[i].item, O_RDONLY);
data/hylafax-6.0.7/faxd/pageSendApp.c++:701:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check[3];
data/hylafax-6.0.7/faxd/pageSendApp.c++:884:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4];
data/hylafax-6.0.7/faxd/pageSendApp.c++:1428:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
app->open();
data/hylafax-6.0.7/faxd/pageSendApp.h:124:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/hylafax-6.0.7/faxd/tagtest.c++:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/faxd/trigtest.c++:26:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(name, mode|O_NDELAY, 0);
data/hylafax-6.0.7/faxd/trigtest.c++:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/hylafax-6.0.7/faxd/trigtest.c++:273:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fifoName[80];
data/hylafax-6.0.7/faxd/trigtest.c++:328:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/faxd/tsitest.c++:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/hylafax-6.0.7/faxd/tsitest.c++:108:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen((const char*) qualifyTSI, "r");
data/hylafax-6.0.7/faxd/tsitest.c++:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/faxmail/MIMEState.c++:392:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[80]; // spec says never more than 76
data/hylafax-6.0.7/faxmail/MIMEState.c++:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[80]; // spec says never more than 76
data/hylafax-6.0.7/faxmail/MIMEState.c++:534:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[80]; // spec says never more than 62
data/hylafax-6.0.7/faxmail/faxmail.c++:379:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(file, O_RDWR | O_CREAT | O_EXCL, S_IWUSR | S_IRUSR);
data/hylafax-6.0.7/faxmail/faxmail.c++:739:21: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
ftmp = Sys::mkstemp(buff);
data/hylafax-6.0.7/faxmail/faxmail.c++:744:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ftmp = Sys::open(tmpFile, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR | S_IWUSR);
data/hylafax-6.0.7/faxmail/faxmail.c++:778:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(output, O_WRONLY | O_CREAT | O_EXCL, S_IWUSR | S_IRUSR);
data/hylafax-6.0.7/faxmail/faxmail.c++:829:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fp = Sys::open(filename, O_RDONLY);
data/hylafax-6.0.7/faxmail/faxmail.c++:831:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/faxstat/faxstat.c++:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/hfaxd/Admin.c++:140:19: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = Sys::mkstemp(buff);
data/hylafax-6.0.7/hfaxd/FIFO.c++:49:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientFd = Sys::open(clientFIFOName, CONFIG_OPENFIFO|O_NDELAY);
data/hylafax-6.0.7/hfaxd/FIFO.c++:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/hylafax-6.0.7/hfaxd/FIFO.c++:211:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxqFd = Sys::open(faxqFIFOName, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/hfaxd/FIFO.c++:214:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
faxqFd = Sys::open(faxqFIFOName, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/hfaxd/FIFO.c++:326:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(fifoName, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/hfaxd/FIFO.c++:329:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(fifoName, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/hfaxd/FileSystem.c++:88:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = (u_int) atoi(user);
data/hylafax-6.0.7/hfaxd/FileSystem.c++:590:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fspec[MAXSPEC];
data/hylafax-6.0.7/hfaxd/FileSystem.c++:645:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char prot[10]; // XXX HP C++
data/hylafax-6.0.7/hfaxd/FileSystem.c++:674:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
HylaFAXServer::makeProt(const struct stat& sb, bool withGrp, char prot[10])
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:150:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(name, "r");
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:275:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(name, O_RDONLY);
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:399:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { int32 i; char c[4]; } u; u.i = 1;
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:437:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf.dirstuff, &templ, sizeof (templ));
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:521:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fout = fopen(name, restart_point ? "r+w" : mode);
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:570:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fout = fopen(filename, "w");
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:697:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[16*1024];
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:703:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:834:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024]; // XXX better if page-aligned
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:861:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[16*1024];
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:865:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:969:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(docname, O_RDONLY);
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:974:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/hylafax-6.0.7/hfaxd/HylaFAXServer.c++:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/hylafax-6.0.7/hfaxd/HylaFAXServer.c++:211:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HylaFAXServer::open(void)
data/hylafax-6.0.7/hfaxd/HylaFAXServer.c++:330:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(fixPathname(shutdownFile), "r");
data/hylafax-6.0.7/hfaxd/HylaFAXServer.c++:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/hylafax-6.0.7/hfaxd/HylaFAXServer.h:275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[512]; // current input line
data/hylafax-6.0.7/hfaxd/HylaFAXServer.h:280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recvBuf[1024]; // input data buffer
data/hylafax-6.0.7/hfaxd/HylaFAXServer.h:446:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void makeProt(const struct stat& sb, bool withGrp, char prot[10]);
data/hylafax-6.0.7/hfaxd/HylaFAXServer.h:618:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(void);
data/hylafax-6.0.7/hfaxd/InetFaxServer.c++:76:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr, ai->ai_addr, ai->ai_addrlen);
data/hylafax-6.0.7/hfaxd/InetFaxServer.c++:96:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[128];
data/hylafax-6.0.7/hfaxd/InetFaxServer.c++:156:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
InetFaxServer::open(void)
data/hylafax-6.0.7/hfaxd/InetFaxServer.c++:159:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HylaFAXServer::open();
data/hylafax-6.0.7/hfaxd/InetFaxServer.c++:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[128];
data/hylafax-6.0.7/hfaxd/InetFaxServer.c++:327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8];
data/hylafax-6.0.7/hfaxd/InetFaxServer.c++:616:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data_dest, ai->ai_addr, ai->ai_addrlen);
data/hylafax-6.0.7/hfaxd/InetFaxServer.h:82:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(void);
data/hylafax-6.0.7/hfaxd/Jobs.c++:63:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(pathname, 0);
data/hylafax-6.0.7/hfaxd/Jobs.c++:1023:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
job.fd = Sys::open("/" | job.qfile, O_RDWR|O_CREAT, jobProtection);
data/hylafax-6.0.7/hfaxd/Jobs.c++:1077:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(filename, O_RDWR);
data/hylafax-6.0.7/hfaxd/Jobs.c++:1127:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
job.fd = Sys::open("/" | job.qfile, O_RDWR, 0600);
data/hylafax-6.0.7/hfaxd/Jobs.c++:1166:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
job.fd = Sys::open("/" | job.qfile, O_RDWR, 0600);
data/hylafax-6.0.7/hfaxd/Jobs.c++:1703:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/hylafax-6.0.7/hfaxd/Jobs.c++:1801:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fspec[MAXSPEC];
data/hylafax-6.0.7/hfaxd/Jobs.c++:1900:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char tbuf[30]; // XXX HP C++
data/hylafax-6.0.7/hfaxd/Login.c++:201:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xferfaxlog = Sys::open(xferfaxLogFile, O_WRONLY|O_APPEND|O_CREAT, 0600);
data/hylafax-6.0.7/hfaxd/Parser.c++:1588:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&recvBuf[recvNext], data, n);
data/hylafax-6.0.7/hfaxd/RecvQueue.c++:90:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(ri.qfile, O_RDWR); // RDWR for flock emulation
data/hylafax-6.0.7/hfaxd/RecvQueue.c++:376:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[15];
data/hylafax-6.0.7/hfaxd/RecvQueue.c++:402:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fspec[MAXSPEC];
data/hylafax-6.0.7/hfaxd/RecvQueue.c++:458:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char prot[8]; // XXX HP C++
data/hylafax-6.0.7/hfaxd/RecvQueue.c++:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char tbuf[30]; // XXX HP C++
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:80:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(cp));
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:105:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SNPPServer::open(void)
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:247:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(fixPathname(pagerIDMapFile), "r");
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:249:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:863:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fout = Sys::fopen(msgFile, "w");
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:869:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:1065:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fout = Sys::fopen(msgFile, "w");
data/hylafax-6.0.7/hfaxd/SNPPServer.h:87:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(void);
data/hylafax-6.0.7/hfaxd/Status.c++:80:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Sys::close(fifo = Sys::open(fifoFile, O_WRONLY|O_NDELAY));
data/hylafax-6.0.7/hfaxd/Status.c++:119:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Sys::close(fifo = Sys::open("/" FAX_FIFO, O_WRONLY|O_NDELAY));
data/hylafax-6.0.7/hfaxd/Status.c++:183:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(fileName, O_RDONLY);
data/hylafax-6.0.7/hfaxd/Status.c++:245:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fspec[MAXSPEC];
data/hylafax-6.0.7/hfaxd/SuperServer.c++:103:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
app->open(); // opening greeting
data/hylafax-6.0.7/hfaxd/Trigger.c++:121:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tid = atoi(&fifoResponse[2]);
data/hylafax-6.0.7/hfaxd/UnixFaxServer.c++:93:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
UnixFaxServer::open(void)
data/hylafax-6.0.7/hfaxd/UnixFaxServer.c++:98:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HylaFAXServer::open();
data/hylafax-6.0.7/hfaxd/UnixFaxServer.h:57:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(void);
data/hylafax-6.0.7/hfaxd/User.c++:56:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* db = fopen(fixPathname(userAccessFile), "r");
data/hylafax-6.0.7/hfaxd/User.c++:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/hfaxd/User.c++:179:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid = atoi(cp);
data/hylafax-6.0.7/hfaxd/User.c++:228:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* db = fopen(fixPathname(userAccessFile), "r");
data/hylafax-6.0.7/hfaxd/User.c++:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/hfaxd/User.c++:245:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(cp);
data/hylafax-6.0.7/hfaxd/User.c++:333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[9];
data/hylafax-6.0.7/hfaxd/User.c++:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/hfaxd/User.c++:381:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u_int uid = (u_int) atoi(cp+1);
data/hylafax-6.0.7/hfaxd/User.c++:406:19: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = Sys::mkstemp(buff);
data/hylafax-6.0.7/hfaxd/User.c++:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8*1024];
data/hylafax-6.0.7/hfaxd/User.c++:456:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* db = fopen(fixPathname(userAccessFile), "r");
data/hylafax-6.0.7/hfaxd/User.c++:476:19: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = Sys::mkstemp(buff);
data/hylafax-6.0.7/hfaxd/User.c++:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8*1024];
data/hylafax-6.0.7/hfaxd/User.c++:532:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* db = fopen(fixPathname(userAccessFile), "r");
data/hylafax-6.0.7/hfaxd/main.c++:115:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int src = Sys::open("/" PATH_NETCONFIG, O_RDONLY);
data/hylafax-6.0.7/hfaxd/main.c++:117:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int dst = Sys::open(PATH_NETCONFIG, O_WRONLY|O_CREAT, 0444);
data/hylafax-6.0.7/hfaxd/main.c++:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/hylafax-6.0.7/hfaxd/main.c++:159:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(_PATH_DEVNULL, O_RDWR);
data/hylafax-6.0.7/hfaxd/main.c++:189:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
server->open();
data/hylafax-6.0.7/hfaxd/main.c++:236:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'D': HylaFAXServer::_debugSleep = atoi(optarg); break;
data/hylafax-6.0.7/hfaxd/main.c++:264:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
server->open();
data/hylafax-6.0.7/hfaxd/main.c++:288:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
server->open();
data/hylafax-6.0.7/libhylafax/Array.c++:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[TEMPSIZE];
data/hylafax-6.0.7/libhylafax/Array.c++:235:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp,(void*)(data+p1),elementsize);
data/hylafax-6.0.7/libhylafax/Array.c++:236:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)(data+p1),(void*)(data+p2),elementsize);
data/hylafax-6.0.7/libhylafax/Array.c++:237:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)(data+p2),tmp,elementsize);
data/hylafax-6.0.7/libhylafax/Array.c++:277:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp,that[i],e);
data/hylafax-6.0.7/libhylafax/Array.c++:278:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(that[i],that[k],e);
data/hylafax-6.0.7/libhylafax/Array.c++:279:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(that[k],tmp,e);
data/hylafax-6.0.7/libhylafax/Array.c++:281:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp,that[l],e);
data/hylafax-6.0.7/libhylafax/Array.c++:282:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(that[l],that[k],e);
data/hylafax-6.0.7/libhylafax/Array.c++:283:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(that[k],tmp,e);
data/hylafax-6.0.7/libhylafax/Array.c++:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smallbuffer[SMALLBUFFERSIZE];
data/hylafax-6.0.7/libhylafax/Array.c++:331:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, (void*)(data+start), len);
data/hylafax-6.0.7/libhylafax/DialRules.c++:93:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/hylafax-6.0.7/libhylafax/DialRules.c++:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/libhylafax/DialRules.c++:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/libhylafax/Dictionary.c++:196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v,VALUE(bucket),valuesize);
data/hylafax-6.0.7/libhylafax/FaxClient.c++:170:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(host.tail(host.length() - (pos+1)));
data/hylafax-6.0.7/libhylafax/FaxClient.c++:301:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*this).*numbers[ix].p = atoi(value);
data/hylafax-6.0.7/libhylafax/FaxClient.c++:977:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(filename, "r");
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1160:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32*1024]; // XXX better if page-aligned
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[32*1024]; // XXX better if page-aligned
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32*1024];
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[16*1024];
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1406:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1588:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fspec[MAXSPEC];
data/hylafax-6.0.7/libhylafax/FaxClient.h:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; // input buffer
data/hylafax-6.0.7/libhylafax/FaxConfig.c++:55:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = Sys::fopen(tildeExpand(filename), "r");
data/hylafax-6.0.7/libhylafax/FaxConfig.c++:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/libhylafax/FaxConfig.c++:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/hylafax-6.0.7/libhylafax/FaxDB.c++:69:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(file, "r");
data/hylafax-6.0.7/libhylafax/FaxDB.c++:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/hylafax-6.0.7/libhylafax/FaxDB.c++:217:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(temp, "w");
data/hylafax-6.0.7/libhylafax/FmtTime.c++:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[10];
data/hylafax-6.0.7/libhylafax/InetTransport.c++:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256]; // For inet_ntop use
data/hylafax-6.0.7/libhylafax/InetTransport.c++:258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/hylafax-6.0.7/libhylafax/InetTransport.c++:344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[128];
data/hylafax-6.0.7/libhylafax/InetTransport.c++:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portbuf[64];
data/hylafax-6.0.7/libhylafax/JobExt.c++:41:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tts, cp, sizeof (JobExtFixed)), cp += sizeof (JobExtFixed);
data/hylafax-6.0.7/libhylafax/ModemExt.c++:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, cp+2, sizeof (u_int));
data/hylafax-6.0.7/libhylafax/ModemExt.c++:51:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&priority, cp+2+sizeof (v), sizeof (u_short));
data/hylafax-6.0.7/libhylafax/PageSize.c++:80:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(file, "r");
data/hylafax-6.0.7/libhylafax/PageSize.c++:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/libhylafax/RE.c++:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:145:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(host.tail(host.length() - (pos+1)));
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:487:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(cproto));
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:493:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin.sin_addr, *cpp, hp->h_length);
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:940:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32*1024];
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:961:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(filename, O_RDONLY);
data/hylafax-6.0.7/libhylafax/SNPPClient.h:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; // input buffer
data/hylafax-6.0.7/libhylafax/SNPPJob.c++:95:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[64];
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:197:19: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = Sys::mkstemp(buff);
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[16*1024]; // XXX for HP C++ compiler
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:460:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(info.temp, O_RDONLY);
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:715:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(filename, O_RDONLY);
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:774:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(filename, "r");
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:776:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[2048];
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:816:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, cp, endbuf-cp);
data/hylafax-6.0.7/libhylafax/SendFaxJob.c++:177:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*this).*numbers[ix].p = atoi(value);
data/hylafax-6.0.7/libhylafax/SendFaxJob.c++:246:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[64];
data/hylafax-6.0.7/libhylafax/SendFaxJob.c++:298:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
priority = atoi(pri);
data/hylafax-6.0.7/libhylafax/SendFaxJob.c++:348:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(value)) {
data/hylafax-6.0.7/libhylafax/SendFaxJob.c++:390:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
desiredst = atoi(v);
data/hylafax-6.0.7/libhylafax/SendFaxJob.c++:407:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
desireddf = atoi(v);
data/hylafax-6.0.7/libhylafax/SendFaxJob.c++:428:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pagechop = atoi(v);
data/hylafax-6.0.7/libhylafax/SendFaxJob.c++:538:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = Sys::open(coverFile, O_RDONLY);
data/hylafax-6.0.7/libhylafax/Sequence.c++:49:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(name, O_CREAT | O_RDWR | O_EXCL, 0600);
data/hylafax-6.0.7/libhylafax/Sequence.c++:51:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = Sys::open(name, O_RDWR, 0600);
data/hylafax-6.0.7/libhylafax/Sequence.c++:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/libhylafax/Sequence.c++:76:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqnum = atol(line);
data/hylafax-6.0.7/libhylafax/StackBuffer.c++:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base, other.base, len);
data/hylafax-6.0.7/libhylafax/StackBuffer.c++:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base, buf, sizeof(buf));
data/hylafax-6.0.7/libhylafax/StackBuffer.c++:94:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(next, c, len);
data/hylafax-6.0.7/libhylafax/StackBuffer.c++:128:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base, other.base, len);
data/hylafax-6.0.7/libhylafax/StackBuffer.h:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/hylafax-6.0.7/libhylafax/Str.c++:52:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,s,l);
data/hylafax-6.0.7/libhylafax/Str.c++:63:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,s,len);
data/hylafax-6.0.7/libhylafax/Str.c++:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,s.data,slength);
data/hylafax-6.0.7/libhylafax/Str.c++:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,t.data,slength);
data/hylafax-6.0.7/libhylafax/Str.c++:98:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, s.data, slength);
data/hylafax-6.0.7/libhylafax/Str.c++:110:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, s.data, slength);
data/hylafax-6.0.7/libhylafax/Str.c++:122:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, s.data, slength);
data/hylafax-6.0.7/libhylafax/Str.c++:134:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, s.data, slength);
data/hylafax-6.0.7/libhylafax/Str.c++:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+posn, v, len);
data/hylafax-6.0.7/libhylafax/Str.c++:434:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,s.data,s.slength);
data/hylafax-6.0.7/libhylafax/Str.c++:443:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,s.data,s.slength);
data/hylafax-6.0.7/libhylafax/Str.c++:452:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,s,slength);
data/hylafax-6.0.7/libhylafax/Str.c++:461:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+slength-1, s, l);
data/hylafax-6.0.7/libhylafax/Str.c++:760:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&k + (sizeof(k) - slen), elementc, slen);
data/hylafax-6.0.7/libhylafax/Str.c++:763:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&k + (sizeof(k)*2 - slen), elementc, slen-sizeof(k));
data/hylafax-6.0.7/libhylafax/Str.c++:785:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,d1,l1);
data/hylafax-6.0.7/libhylafax/Str.c++:786:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+l1,d2,l2);
data/hylafax-6.0.7/libhylafax/Str.c++:798:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, other.data, slength);
data/hylafax-6.0.7/libhylafax/Str.c++:825:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, indata, slength - 1);
data/hylafax-6.0.7/libhylafax/Str.c++:833:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data+slength-1, b, bl);
data/hylafax-6.0.7/libhylafax/Str.h:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indata[100]; // inline data, avoiding malloc
data/hylafax-6.0.7/libhylafax/Str.h:101:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ return atoi(data); }
data/hylafax-6.0.7/libhylafax/Sys.h:90:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static int open(const char* filename, int flags, mode_t m = 0)
data/hylafax-6.0.7/libhylafax/Sys.h:91:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return ::open(filename, flags, m); }
data/hylafax-6.0.7/libhylafax/Sys.h:129:16: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
static int mkstemp(char* templ) {
data/hylafax-6.0.7/libhylafax/Sys.h:130:20: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = ::mkstemp(templ);
data/hylafax-6.0.7/libhylafax/Sys.h:141:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
static FILE* tmpfile() { return ::tmpfile(); }
data/hylafax-6.0.7/libhylafax/Sys.h:141:39: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
static FILE* tmpfile() { return ::tmpfile(); }
data/hylafax-6.0.7/libhylafax/Sys.h:142:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static FILE* fopen(const char* filename, const char* mode)
data/hylafax-6.0.7/libhylafax/Sys.h:143:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ return ::fopen(filename, mode); }
data/hylafax-6.0.7/libhylafax/TextFormat.c++:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/hylafax-6.0.7/libhylafax/TextFormat.c++:251:15: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tf = Sys::tmpfile();
data/hylafax-6.0.7/libhylafax/TextFormat.c++:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/libhylafax/TextFormat.c++:715:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(name, "r");
data/hylafax-6.0.7/libhylafax/TextFormat.c++:1163:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = Sys::fopen(fontMapFile, "r");
data/hylafax-6.0.7/libhylafax/TextFormat.c++:1166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/hylafax-6.0.7/libhylafax/TextFormat.c++:1377:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return Sys::fopen(fontpath, "r");
data/hylafax-6.0.7/libhylafax/TextFormat.c++:1399:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/hylafax-6.0.7/libhylafax/TypeRules.c++:160:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&w, cp+off, 2);
data/hylafax-6.0.7/libhylafax/TypeRules.c++:169:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, cp+off, 4);
data/hylafax-6.0.7/libhylafax/TypeRules.c++:323:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "r");
data/hylafax-6.0.7/libhylafax/TypeRules.c++:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/hylafax-6.0.7/libhylafax/TypeRules.c++:423:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rule.value.s, vp, len);
data/hylafax-6.0.7/port/mkstemp.c:33:1: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
mkstemp(char* fpat)
data/hylafax-6.0.7/port/mkstemp.c:35:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (open(mktemp(fpat), O_RDWR|O_CREAT, 0644));
data/hylafax-6.0.7/port/setegid.c:52:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((myfile = open("/dev/socksys", O_RDWR)) < NULL)
data/hylafax-6.0.7/port/seteuid.c:52:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((myfile = open("/dev/socksys", O_RDWR)) < NULL)
data/hylafax-6.0.7/port/syslog.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[2048], fmt_cpy[1024], *stdp, *ctime();
data/hylafax-6.0.7/port/syslog.c:172:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(_PATH_CONSOLE, O_WRONLY, 0)) >= 0) {
data/hylafax-6.0.7/port/syslog.c:173:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(tbuf, "\r\n");
data/hylafax-6.0.7/port/vsyslog.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[2048], fmt_cpy[1024];
data/hylafax-6.0.7/regex/engine.c:1066:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pbuf[10];
data/hylafax-6.0.7/regex/regcomp.c:130:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nuls[10]; /* place to point scanner in event of error */
data/hylafax-6.0.7/regex/regcomp.c:939:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bracket[3];
data/hylafax-6.0.7/regex/regcomp.c:985:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bracket[4];
data/hylafax-6.0.7/regex/regcomp.c:1446:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy((char *)(p->strip + p->slen),
data/hylafax-6.0.7/regex/regerror.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convbuf[50];
data/hylafax-6.0.7/regex/regexec.c:120:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ASSIGN(d, s) memcpy(d, s, m->g->nstates)
data/hylafax-6.0.7/regex/utils.h:59:26: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memmove(d, s, c) bcopy(s, d, c)
data/hylafax-6.0.7/sendfax/sendfax.c++:195:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proto.setMaxRetries(atoi(optarg));
data/hylafax-6.0.7/sendfax/sendfax.c++:198:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proto.setMaxDials(atoi(optarg));
data/hylafax-6.0.7/sendfax/sendfax.c++:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[256];
data/hylafax-6.0.7/sendfax/sendfax.c++:344:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((destfile = fopen(filename, "r")) != NULL) {
data/hylafax-6.0.7/sendfax/sendfax.c++:364:19: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = Sys::mkstemp(buff);
data/hylafax-6.0.7/sendfax/sendfax.c++:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/sendpage/sendpage.c++:108:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proto.setRetryTime(atoi(optarg));
data/hylafax-6.0.7/sendpage/sendpage.c++:111:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proto.setServiceLevel(atoi(optarg));
data/hylafax-6.0.7/sendpage/sendpage.c++:129:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proto.setMaxTries(atoi(optarg));
data/hylafax-6.0.7/sendpage/sendpage.c++:132:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proto.setMaxDials(atoi(optarg));
data/hylafax-6.0.7/sendpage/sendpage.c++:202:19: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = Sys::mkstemp(buff);
data/hylafax-6.0.7/sendpage/sendpage.c++:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16*1024];
data/hylafax-6.0.7/sgi2fax/imgtofax.c:107:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char row[(MAXXSIZE+7) &~ 7], *rp = row;
data/hylafax-6.0.7/sgi2fax/imgtofax.c:216:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char buf[1024];
data/hylafax-6.0.7/sgi2fax/imgtofax.c:296:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_RILUM = CVT(atoi(optarg));
data/hylafax-6.0.7/sgi2fax/imgtofax.c:299:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_GILUM = CVT(atoi(optarg));
data/hylafax-6.0.7/sgi2fax/imgtofax.c:302:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_BILUM = CVT(atoi(optarg));
data/hylafax-6.0.7/sgi2fax/izoom.c:158:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,z->abuf,z->bnx*sizeof(short));
data/hylafax-6.0.7/sgi2fax/izoom.c:167:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,z->bbuf,z->bnx*sizeof(short));
data/hylafax-6.0.7/sgi2fax/izoom.c:176:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,z->tbuf,z->bnx*sizeof(short));
data/hylafax-6.0.7/sgi2fax/izoom.c:178:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,z->filtrows[0],z->bnx*sizeof(short));
data/hylafax-6.0.7/sgi2fax/izoom.c:196:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,z->tbuf,z->bnx*sizeof(short));
data/hylafax-6.0.7/sgi2fax/izoom.c:198:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,z->filtrows[z->nrows-1],z->bnx*sizeof(short));
data/hylafax-6.0.7/sgi2fax/izoom.c:208:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,z->tbuf,z->bnx*sizeof(short));
data/hylafax-6.0.7/sgi2fax/izoom.c:210:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,z->bbuf,z->bnx*sizeof(short));
data/hylafax-6.0.7/sgi2fax/row.c:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,s,n*sizeof(short));
data/hylafax-6.0.7/util/dialtest.c++:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hylafax-6.0.7/util/faxadduser.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/hylafax-6.0.7/util/faxadduser.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt_buff[2];
data/hylafax-6.0.7/util/faxadduser.c:83:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid = atoi(optarg);
data/hylafax-6.0.7/util/faxadduser.c:91:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hf = fopen(hostfile, "a+");
data/hylafax-6.0.7/util/faxconfig.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fifoname[80];
data/hylafax-6.0.7/util/faxconfig.c:102:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fifo = open(fifoname, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/util/faxdeluser.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/hylafax-6.0.7/util/faxdeluser.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newhostfile[256];
data/hylafax-6.0.7/util/faxdeluser.c:66:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hf = fopen(hostfile, "r+")) == NULL) {
data/hylafax-6.0.7/util/faxdeluser.c:72:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(newhostfile, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);
data/hylafax-6.0.7/util/faxfetch.c++:80:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
page = atol(optarg);
data/hylafax-6.0.7/util/faxinfo.c++:363:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/hylafax-6.0.7/util/faxmodem.c:241:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[80];
data/hylafax-6.0.7/util/faxmodem.c:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[80];
data/hylafax-6.0.7/util/faxmodem.c:281:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
priority = atoi(optarg);
data/hylafax-6.0.7/util/faxmodem.c:309:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fifo = open(FAX_FIFO, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/util/faxmsg.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fifoname[256];
data/hylafax-6.0.7/util/faxmsg.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[80];
data/hylafax-6.0.7/util/faxmsg.c:145:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fifo = open(fifoname, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/util/faxstate.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fifoname[256];
data/hylafax-6.0.7/util/faxstate.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devid[256];
data/hylafax-6.0.7/util/faxstate.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[80];
data/hylafax-6.0.7/util/faxstate.c:133:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fifo = open(FAX_FIFO, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/util/faxstate.c:144:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fifo = open(fifoname, O_WRONLY|O_NDELAY);
data/hylafax-6.0.7/util/textfmt.c++:121:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fmt.setNumberOfColumns(atoi(optarg));
data/hylafax-6.0.7/util/typetest.c++:50:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/hylafax-6.0.7/util/typetest.c++:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/hylafax-6.0.7/faxcover/faxcover.c++:362:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(fd, buf, sizeof (buf))) > 0)
data/hylafax-6.0.7/faxd/Class1Recv.c++:875:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Sys::read(fcfd[0], NULL, 1);
data/hylafax-6.0.7/faxd/Class1Recv.c++:1798:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Sys::read(fcfd[0], NULL, 1);
data/hylafax-6.0.7/faxd/Class2.c++:882:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hangupCode, cp, sizeof (hangupCode));
data/hylafax-6.0.7/faxd/ClassModem.c++:168:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strneq(s, noiseMsgs[i], strlen(noiseMsgs[i])))
data/hylafax-6.0.7/faxd/ClassModem.c++:547:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int cc = strlen(cp);
data/hylafax-6.0.7/faxd/ClassModem.c++:834:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, &buf[pos], 1);
data/hylafax-6.0.7/faxd/CopyQuality.c++:1024:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Sys::read(counterFd[0], (char*) &recvEOLCount, sizeof(recvEOLCount));
data/hylafax-6.0.7/faxd/CopyQuality.c++:1118:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (Sys::read(decoderFd[0], buf, 2) < 1);
data/hylafax-6.0.7/faxd/FaxFont.h:43:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const char* filename) = 0;
data/hylafax-6.0.7/faxd/FaxMachineInfo.c++:335:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t omask = umask(022);
data/hylafax-6.0.7/faxd/FaxMachineInfo.c++:337:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask(omask);
data/hylafax-6.0.7/faxd/FaxRequest.c++:221:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Sys::read(fd, bp, (u_int) sb.st_size) != sb.st_size) {
data/hylafax-6.0.7/faxd/FaxServer.c++:68:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostname.resize(strlen(hostname));
data/hylafax-6.0.7/faxd/GettyBSD.c++:205:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (Sys::read(ufd, (char *)&ut, sizeof (ut)) == sizeof (ut))
data/hylafax-6.0.7/faxd/GettyBSD.c++:225:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (Sys::read(ufd, (char *)&ut, sizeof (ut)) == sizeof (ut))
data/hylafax-6.0.7/faxd/GettySysV.c++:202:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ut.ut_user, "LOGIN", sizeof (ut.ut_user));
data/hylafax-6.0.7/faxd/GettySysV.c++:211:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ut.ut_id, (const char*) id, sizeof (ut.ut_id));
data/hylafax-6.0.7/faxd/GettySysV.c++:212:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ut.ut_line, getLine(), sizeof (ut.ut_line));
data/hylafax-6.0.7/faxd/Job.c++:52:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = Sys::read(fd, data, sizeof(data))) > 0)
data/hylafax-6.0.7/faxd/ModemConfig.c++:690:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cin) < 3) return;
data/hylafax-6.0.7/faxd/ModemConfig.c++:692:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, cin, sizeof (buf));
data/hylafax-6.0.7/faxd/ModemServer.c++:139:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077); // keep all temp files private
data/hylafax-6.0.7/faxd/ModemServer.c++:680:20: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t omask = umask(022);
data/hylafax-6.0.7/faxd/ModemServer.c++:682:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/hylafax-6.0.7/faxd/ModemServer.c++:1485:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rcvCC = Sys::read(modemFd, (char*) rcvBuf, sizeof (rcvBuf));
data/hylafax-6.0.7/faxd/PCFFont.c++:127:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
PCFFont::read(const char* name)
data/hylafax-6.0.7/faxd/PCFFont.c++:308:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
u_long c = getc(file);
data/hylafax-6.0.7/faxd/PCFFont.c++:309:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file) << 8;
data/hylafax-6.0.7/faxd/PCFFont.c++:310:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file) << 16;
data/hylafax-6.0.7/faxd/PCFFont.c++:311:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file) << 24;
data/hylafax-6.0.7/faxd/PCFFont.c++:320:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(file) << 24;
data/hylafax-6.0.7/faxd/PCFFont.c++:321:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file) << 16;
data/hylafax-6.0.7/faxd/PCFFont.c++:322:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file) << 8;
data/hylafax-6.0.7/faxd/PCFFont.c++:323:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file);
data/hylafax-6.0.7/faxd/PCFFont.c++:325:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(file);
data/hylafax-6.0.7/faxd/PCFFont.c++:326:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file) << 8;
data/hylafax-6.0.7/faxd/PCFFont.c++:327:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file) << 16;
data/hylafax-6.0.7/faxd/PCFFont.c++:328:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file) << 24;
data/hylafax-6.0.7/faxd/PCFFont.c++:338:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(file) << 8;
data/hylafax-6.0.7/faxd/PCFFont.c++:339:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file);
data/hylafax-6.0.7/faxd/PCFFont.c++:341:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(file);
data/hylafax-6.0.7/faxd/PCFFont.c++:342:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c |= getc(file) << 8;
data/hylafax-6.0.7/faxd/PCFFont.c++:347:33: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int PCFFont::getINT8() { return getc(file); }
data/hylafax-6.0.7/faxd/PCFFont.h:81:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(const char* filename);
data/hylafax-6.0.7/faxd/TagLine.c++:52:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) tagLineFont->read(conf.tagLineFontFile);
data/hylafax-6.0.7/faxd/UUCPLock.c++:326:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Sys::read(fd, buf, UUCP_PIDDIGITS) == UUCP_PIDDIGITS) {
data/hylafax-6.0.7/faxd/UUCPLock.c++:358:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Sys::read(fd, (char*) &data, sizeof (data)) == sizeof (data)) {
data/hylafax-6.0.7/faxd/faxApp.c++:156:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = Sys::read(fd, buf, sizeof (buf)-1)) > 0) {
data/hylafax-6.0.7/faxd/faxGettyApp.c++:372:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1]='\0'; // Nuke \n at end of line
data/hylafax-6.0.7/faxd/faxQCleanApp.c++:378:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(base, &file[docDir.length()+1], sl);
data/hylafax-6.0.7/faxd/faxQCleanApp.c++:390:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(dp1->d_name) > sl && dp1->d_name[sl] == '.' &&
data/hylafax-6.0.7/faxd/faxQueueApp.c++:1332:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = Sys::read(fd, buf, sizeof (buf))) > 0 && !timer.wasTimeout()) {
data/hylafax-6.0.7/faxd/pageSendApp.c++:290:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Sys::read(fd, &msg[0], (u_int) sb.st_size) != sb.st_size) {
data/hylafax-6.0.7/faxd/tagtest.c++:77:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) tagLineFont->read(tagLineFontFile);
data/hylafax-6.0.7/faxd/trigtest.c++:332:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = read(fd, buf, sizeof (buf)-1)) > 0) {
data/hylafax-6.0.7/faxd/trigtest.c++:426:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/hylafax-6.0.7/faxmail/MIMEState.c++:307:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fd);
data/hylafax-6.0.7/faxmail/MIMEState.c++:333:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fd);
data/hylafax-6.0.7/faxmail/MIMEState.c++:395:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fd);
data/hylafax-6.0.7/faxmail/MIMEState.c++:479:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fd);
data/hylafax-6.0.7/faxmail/MIMEState.c++:537:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fd);
data/hylafax-6.0.7/faxmail/MsgFmt.c++:75:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fd);
data/hylafax-6.0.7/faxmail/MsgFmt.c++:214:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* cp = strcpy(new char[strlen(value) + 1], value);
data/hylafax-6.0.7/faxmail/faxmail.c++:545:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fd);
data/hylafax-6.0.7/faxmail/faxmail.c++:737:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buff = new char[strlen(templ) + 1];
data/hylafax-6.0.7/faxmail/faxmail.c++:833:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = Sys::read(fp, buf, sizeof (buf))) > 0)
data/hylafax-6.0.7/faxstat/faxstat.c++:143:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cc = read(getDataFd(), buf, sizeof (buf));
data/hylafax-6.0.7/hfaxd/Admin.c++:138:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/hfaxd/FIFO.c++:74:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = Sys::read(fd, buf, sizeof (buf)-1)) > 0) {
data/hylafax-6.0.7/hfaxd/FIFO.c++:114:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc = Sys::read(fd, buf+left, (sizeof(buf)-1) - left) + left;
data/hylafax-6.0.7/hfaxd/FIFO.c++:145:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc = Sys::read(fd, buf+(cp-bp), (sizeof(buf)-1) - (cp-bp)) + (cp-bp);
data/hylafax-6.0.7/hfaxd/FileSystem.c++:459:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int len = strlen(cwd->pathname)-1; // strip trailing "/"
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:133:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fd)) != EOF)
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:281:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t cc = Sys::read(fd, (char*) &b, sizeof (b));
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:520:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t omask = umask(027);
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:544:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask(omask);
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:630:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fdin);
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:672:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cc = read(fdin, buf, sizeof (buf));
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:704:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc = read(fdin, buf, sizeof (buf));
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:788:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(fdin);
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:808:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fdin);
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:836:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cc = read(fdin, buf, sizeof (buf));
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:866:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cc = read(fdin, buf, sizeof (buf));
data/hylafax-6.0.7/hfaxd/FileTransfer.c++:977:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t cc = Sys::read(fd, (char*) &b, sizeof (b));
data/hylafax-6.0.7/hfaxd/HylaFAXServer.c++:419:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int len = strlen(cwd->pathname)-1; // strip trailing "/"
data/hylafax-6.0.7/hfaxd/InetFaxServer.c++:348:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pushCmdData(line, strlen(line));
data/hylafax-6.0.7/hfaxd/Login.c++:199:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask(077);
data/hylafax-6.0.7/hfaxd/Parser.c++:1549:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
recvCC = Sys::read(STDIN_FILENO, recvBuf, sizeof (recvBuf));
data/hylafax-6.0.7/hfaxd/Parser.c++:1738:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(c->name);
data/hylafax-6.0.7/hfaxd/Parser.c++:1757:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int w = strlen(c->name) + 1;
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:285:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = re->Find(pagerID, strlen(pagerID));
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:880:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int blen = strlen(bp);
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:928:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(c->name);
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:947:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int w = strlen(c->name) + 1;
data/hylafax-6.0.7/hfaxd/SNPPServer.c++:1051:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int len = strlen(msg);
data/hylafax-6.0.7/hfaxd/Status.c++:189:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = Sys::read(fd, buff, (size_t) sb.st_size);
data/hylafax-6.0.7/hfaxd/UnixFaxServer.c++:58:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Sun.sun_path, fileName, sizeof (Sun.sun_path));
data/hylafax-6.0.7/hfaxd/UnixFaxServer.c++:197:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data_dest.sun_path, s, sizeof (data_dest.sun_path));
data/hylafax-6.0.7/hfaxd/User.c++:324:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pass) <= 5) {
data/hylafax-6.0.7/hfaxd/User.c++:405:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/hfaxd/User.c++:417:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = Sys::read(fileno(db), buf, sizeof (buf))) > 0)
data/hylafax-6.0.7/hfaxd/User.c++:475:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/hfaxd/main.c++:86:20: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t omask = umask(0);
data/hylafax-6.0.7/hfaxd/main.c++:122:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = read(src, buf, sizeof (buf))) > 0)
data/hylafax-6.0.7/hfaxd/main.c++:141:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask(omask);
data/hylafax-6.0.7/libhylafax/AtSyntax.c++:228:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int len = strlen(days[i]);
data/hylafax-6.0.7/libhylafax/AtSyntax.c++:277:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int len = strlen(months[i]);
data/hylafax-6.0.7/libhylafax/FaxClient.c++:590:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (Sys::read(fdData, buf, sizeof (buf)) > 0);
data/hylafax-6.0.7/libhylafax/FaxClient.c++:711:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fdIn)) != '\n') {
data/hylafax-6.0.7/libhylafax/FaxClient.c++:713:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (c = getc(fdIn)) {
data/hylafax-6.0.7/libhylafax/FaxClient.c++:716:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fdIn);
data/hylafax-6.0.7/libhylafax/FaxClient.c++:722:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fdIn);
data/hylafax-6.0.7/libhylafax/FaxClient.c++:998:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Sys::read(fileno(fp), addr, (u_int) sb.st_size) == sb.st_size)
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1162:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, n) != (ssize_t)n) {
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1231:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, n) != n) {
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1348:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cc = read(fdData, buf, sizeof (buf));
data/hylafax-6.0.7/libhylafax/FaxClient.c++:1407:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cc = read(fdData, buf, sizeof (buf));
data/hylafax-6.0.7/libhylafax/FaxConfig.c++:60:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(line);
data/hylafax-6.0.7/libhylafax/FaxConfig.c++:159:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, b, sizeof (buf));
data/hylafax-6.0.7/libhylafax/FaxDB.c++:157:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(fd)) == EOF)
data/hylafax-6.0.7/libhylafax/FaxDB.c++:162:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fd);
data/hylafax-6.0.7/libhylafax/FaxDB.c++:165:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fd)) != EOF && c != '\n')
data/hylafax-6.0.7/libhylafax/FaxDB.c++:181:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fd)) != EOF) {
data/hylafax-6.0.7/libhylafax/FaxDB.c++:183:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fd);
data/hylafax-6.0.7/libhylafax/FaxDB.c++:202:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fd)) != EOF && !isspace(c) &&
data/hylafax-6.0.7/libhylafax/PageSize.c++:151:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(name);
data/hylafax-6.0.7/libhylafax/RE.c++:33:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: _pattern(pat, len == 0 ? strlen(pat) : len)
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:697:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fdIn)) != '\n') {
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:699:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (c = getc(fdIn)) {
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:702:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fdIn);
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:708:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fdIn);
data/hylafax-6.0.7/libhylafax/SNPPClient.c++:942:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, n) != (ssize_t) n) {
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:101:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
typeRules = TypeRules::read(typeRulesFile);
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:196:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:255:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = read(pfd[0], buf, sizeof (buf))) > 0)
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:665:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/libhylafax/SendFaxClient.c++:731:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cc = Sys::read(fd, buf, sizeof (buf));
data/hylafax-6.0.7/libhylafax/Sequence.c++:73:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = read(fd, line, sizeof (line));
data/hylafax-6.0.7/libhylafax/StackBuffer.h:75:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inline void fxStackBuffer::put(char const* c) { put(c, strlen(c)); }
data/hylafax-6.0.7/libhylafax/Str.c++:49:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int l = strlen(s)+1;
data/hylafax-6.0.7/libhylafax/Str.c++:335:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!len) len = strlen(v);
data/hylafax-6.0.7/libhylafax/Str.c++:449:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int nl = strlen(s) + 1;
data/hylafax-6.0.7/libhylafax/Str.c++:457:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!l) l = strlen(s);
data/hylafax-6.0.7/libhylafax/Str.c++:481:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (a.slength == strlen(b)+1) && (memcmp(a.data,b,a.slength) == 0);
data/hylafax-6.0.7/libhylafax/Str.c++:486:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (a.slength == strlen(b)+1) && (memcmp(a.data,b,a.slength) == 0);
data/hylafax-6.0.7/libhylafax/Str.c++:496:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (a.slength != strlen(b)+1) || (memcmp(a.data,b,a.slength) != 0);
data/hylafax-6.0.7/libhylafax/Str.c++:501:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (a.slength != strlen(b)+1) || (memcmp(a.data,b,a.slength) != 0);
data/hylafax-6.0.7/libhylafax/Str.c++:604:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!clen) clen = strlen(c);
data/hylafax-6.0.7/libhylafax/Str.c++:629:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!clen) clen = strlen(c);
data/hylafax-6.0.7/libhylafax/Str.c++:642:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!clen) clen = strlen(c);
data/hylafax-6.0.7/libhylafax/Str.c++:656:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!clen) clen = strlen(c);
data/hylafax-6.0.7/libhylafax/Str.c++:682:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!clen) clen = strlen(c);
data/hylafax-6.0.7/libhylafax/Str.c++:707:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!clen) clen = strlen(c);
data/hylafax-6.0.7/libhylafax/Str.c++:718:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dlen) dlen = strlen(delim);
data/hylafax-6.0.7/libhylafax/Str.c++:737:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dlen) dlen = strlen(delim);
data/hylafax-6.0.7/libhylafax/Str.c++:814:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((fxTempStr &)ts).concat(b, strlen(b));
data/hylafax-6.0.7/libhylafax/Str.c++:846:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fxTempStr(a.data, a.slength-1, b, strlen(b));
data/hylafax-6.0.7/libhylafax/Str.c++:851:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fxTempStr(a, strlen(a), b.data, b.slength-1);
data/hylafax-6.0.7/libhylafax/Sys.c++:91:18: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
return (int) ulimit(UL_GDESLIM, 0);
data/hylafax-6.0.7/libhylafax/Sys.h:96:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static ssize_t read(int fd, char* buf, u_int cc)
data/hylafax-6.0.7/libhylafax/Sys.h:97:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ return ::read(fd, buf, cc); }
data/hylafax-6.0.7/libhylafax/TextFormat.c++:735:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) == '\f') // discard initial form feeds
data/hylafax-6.0.7/libhylafax/TextFormat.c++:759:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) != EOF) {
data/hylafax-6.0.7/libhylafax/TextFormat.c++:777:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = getc(fp)) == '\n') {
data/hylafax-6.0.7/libhylafax/TextFormat.c++:801:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while ((cc = getc(fp)) == '\t' || cc == ' ');
data/hylafax-6.0.7/libhylafax/TextFormat.c++:1169:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen(buf)) {
data/hylafax-6.0.7/libhylafax/TextFormat.c++:1360:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(fp)) != '\n') // skip to end of line
data/hylafax-6.0.7/libhylafax/TypeRules.c++:145:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fxmin((u_int) strlen(value.s), (u_int)(size-off))) == 0);
data/hylafax-6.0.7/libhylafax/TypeRules.c++:149:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fxmin((u_int) strlen(value.s), (u_int)(size-off))) == 0);
data/hylafax-6.0.7/libhylafax/TypeRules.c++:319:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TypeRules::read(const fxStr& file)
data/hylafax-6.0.7/libhylafax/TypeRules.h:105:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static TypeRules* read(const fxStr& file); // read rule database
data/hylafax-6.0.7/libhylafax/TypeRules.h:168:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
friend TypeRules* TypeRules::read(const fxStr& file);
data/hylafax-6.0.7/libhylafax/UnixTransport.c++:60:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Sun.sun_path, client.getHost(), sizeof (Sun.sun_path));
data/hylafax-6.0.7/port/setenv.c:55:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + strlen(value) + 2;
data/hylafax-6.0.7/port/setenv.c:55:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + strlen(value) + 2;
data/hylafax-6.0.7/port/syslog.c:142:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cnt = strlen(tbuf);
data/hylafax-6.0.7/port/syslog.c:198:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(SyslogAddr.sa_data, _PATH_LOG,
data/hylafax-6.0.7/regex/engine.c:164:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stop = start + strlen(start);
data/hylafax-6.0.7/regex/regcomp.c:206:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)pattern);
data/hylafax-6.0.7/regex/regcomp.c:839:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (u = cp->multis; *u != '\0'; u += strlen(u) + 1)
data/hylafax-6.0.7/regex/regcomp.c:1252:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cs->smultis += strlen(cp) + 1;
data/hylafax-6.0.7/regex/regcomp.c:1277:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
register size_t len = strlen(fp);
data/hylafax-6.0.7/regex/regcomp.c:1319:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = cs->multis; *p != '\0'; p += strlen(p) + 1)
data/hylafax-6.0.7/regex/regerror.c:140:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(convbuf) < sizeof(convbuf));
data/hylafax-6.0.7/regex/regerror.c:146:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s) + 1;
data/hylafax-6.0.7/regex/regerror.c:151:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void) strncpy(errbuf, s, errbuf_size-1);
data/hylafax-6.0.7/sendfax/sendfax.c++:307:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sublen = strlen(subaddress) + 1;
data/hylafax-6.0.7/sendfax/sendfax.c++:311:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fxStr dest(cp, strlen(cp) - sublen);
data/hylafax-6.0.7/sendfax/sendfax.c++:363:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/sendfax/sendfax.c++:372:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = Sys::read(fin, buf, sizeof (buf))) > 0) {
data/hylafax-6.0.7/sendpage/sendpage.c++:201:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buff = strcpy(new char[strlen(templ) + 1], templ);
data/hylafax-6.0.7/sendpage/sendpage.c++:208:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = Sys::read(fin, buf, sizeof (buf))) > 0) {
data/hylafax-6.0.7/util/faxconfig.c:84:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(devid) < sizeof(fifoname)) {
data/hylafax-6.0.7/util/faxconfig.c:122:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdsize = strlen(argv[optind]) + strlen(argv[optind+1]) + 10;
data/hylafax-6.0.7/util/faxconfig.c:122:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdsize = strlen(argv[optind]) + strlen(argv[optind+1]) + 10;
data/hylafax-6.0.7/util/faxdeluser.c:83:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(argv[i]);
data/hylafax-6.0.7/util/faxdeluser.c:94:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, buff, strlen(buff)) == -1) {
data/hylafax-6.0.7/util/faxinfo.c++:103:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/hylafax-6.0.7/util/faxmodem.c:290:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdevlen = strlen(_PATH_DEV);
data/hylafax-6.0.7/util/faxmodem.c:292:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[optind] + pdevlen) < sizeof(devname)) {
data/hylafax-6.0.7/util/faxmodem.c:298:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[optind]) < sizeof(devname)) {
data/hylafax-6.0.7/util/faxmsg.c:108:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) > sizeof(cmd)-2) {
data/hylafax-6.0.7/util/faxmsg.c:123:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[optind]) < sizeof(fifoname)) {
data/hylafax-6.0.7/util/faxstate.c:119:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[optind]) < sizeof(devid)) {
data/hylafax-6.0.7/util/typetest.c++:66:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int cc = read(fd, buf, sizeof (buf));
data/hylafax-6.0.7/util/typetest.c++:115:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
typeRules = TypeRules::read(file);
ANALYSIS SUMMARY:
Hits = 926
Lines analyzed = 88389 in approximately 2.86 seconds (30878 lines/second)
Physical Source Lines of Code (SLOC) = 62734
Hits@level = [0] 348 [1] 207 [2] 490 [3] 56 [4] 133 [5] 40
Hits@level+ = [0+] 1274 [1+] 926 [2+] 719 [3+] 229 [4+] 173 [5+] 40
Hits/KSLOC@level+ = [0+] 20.308 [1+] 14.7607 [2+] 11.4611 [3+] 3.65033 [4+] 2.75768 [5+] 0.637613
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.