Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ibm-3270-4.0ga12/c3270/keymap.h Examining data/ibm-3270-4.0ga12/c3270/screen.c Examining data/ibm-3270-4.0ga12/Common/actions.c Examining data/ibm-3270-4.0ga12/Common/apl.c Examining data/ibm-3270-4.0ga12/Common/asprintf.c Examining data/ibm-3270-4.0ga12/Common/b3270/async.c Examining data/ibm-3270-4.0ga12/Common/b3270/b3270.c Examining data/ibm-3270-4.0ga12/Common/b3270/b_password.h Examining data/ibm-3270-4.0ga12/Common/b3270/bscreen.h Examining data/ibm-3270-4.0ga12/Common/b3270/ft.c Examining data/ibm-3270-4.0ga12/Common/b3270/localdefs.h Examining data/ibm-3270-4.0ga12/Common/b3270/password.c Examining data/ibm-3270-4.0ga12/Common/b3270/popups.c Examining data/ibm-3270-4.0ga12/Common/b3270/screen.c Examining data/ibm-3270-4.0ga12/Common/b3270/status.c Examining data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c Examining data/ibm-3270-4.0ga12/Common/b8.c Examining data/ibm-3270-4.0ga12/Common/base64.c Examining data/ibm-3270-4.0ga12/Common/bind-opt.c Examining data/ibm-3270-4.0ga12/Common/boolstr.c Examining data/ibm-3270-4.0ga12/Common/c3270/c3270.c Examining data/ibm-3270-4.0ga12/Common/c3270/c3270.h Examining data/ibm-3270-4.0ga12/Common/c3270/cmenubar.h Examining data/ibm-3270-4.0ga12/Common/c3270/cscreen.h Examining data/ibm-3270-4.0ga12/Common/c3270/cstatus.h Examining data/ibm-3270-4.0ga12/Common/c3270/ft_gui.c Examining data/ibm-3270-4.0ga12/Common/c3270/help.c Examining data/ibm-3270-4.0ga12/Common/c3270/help.h Examining data/ibm-3270-4.0ga12/Common/c3270/keymap.c Examining data/ibm-3270-4.0ga12/Common/c3270/keypad.c Examining data/ibm-3270-4.0ga12/Common/c3270/localdefs.h Examining data/ibm-3270-4.0ga12/Common/c3270/menubar.c Examining data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c Examining data/ibm-3270-4.0ga12/Common/c3270/tls_passwd_gui.c Examining data/ibm-3270-4.0ga12/Common/c3270/status_dump.c Examining data/ibm-3270-4.0ga12/Common/child.c Examining data/ibm-3270-4.0ga12/Common/childscript.c Examining data/ibm-3270-4.0ga12/Common/ckeypad.h Examining data/ibm-3270-4.0ga12/Common/codepage.c Examining data/ibm-3270-4.0ga12/Common/copyright.c Examining data/ibm-3270-4.0ga12/Common/ctlr.c Examining data/ibm-3270-4.0ga12/Common/event.c Examining data/ibm-3270-4.0ga12/Common/find_console.c Examining data/ibm-3270-4.0ga12/Common/fprint_screen.c Examining data/ibm-3270-4.0ga12/Common/ft.c Examining data/ibm-3270-4.0ga12/Common/ft_cut.c Examining data/ibm-3270-4.0ga12/Common/ft_dft.c Examining data/ibm-3270-4.0ga12/Common/ft_gui_stubs.c Examining data/ibm-3270-4.0ga12/Common/glue.c Examining data/ibm-3270-4.0ga12/Common/glue_gui_stubs.c Examining data/ibm-3270-4.0ga12/Common/host.c Examining data/ibm-3270-4.0ga12/Common/host_gui_stubs.c Examining data/ibm-3270-4.0ga12/Common/httpd-core.c Examining data/ibm-3270-4.0ga12/Common/httpd-io.c Examining data/ibm-3270-4.0ga12/Common/httpd-nodes.c Examining data/ibm-3270-4.0ga12/Common/icmd.c Examining data/ibm-3270-4.0ga12/Common/idle.c Examining data/ibm-3270-4.0ga12/Common/idle_stubs.c Examining data/ibm-3270-4.0ga12/Common/indent_s.c Examining data/ibm-3270-4.0ga12/Common/kybd.c Examining data/ibm-3270-4.0ga12/Common/lazya.c Examining data/ibm-3270-4.0ga12/Common/libexpat/amigaconfig.h Examining data/ibm-3270-4.0ga12/Common/libexpat/ascii.h Examining data/ibm-3270-4.0ga12/Common/libexpat/asciitab.h Examining data/ibm-3270-4.0ga12/Common/libexpat/expat_external.h Examining data/ibm-3270-4.0ga12/Common/libexpat/expat.h Examining data/ibm-3270-4.0ga12/Common/libexpat/iasciitab.h Examining data/ibm-3270-4.0ga12/Common/libexpat/internal.h Examining data/ibm-3270-4.0ga12/Common/libexpat/latin1tab.h Examining data/ibm-3270-4.0ga12/Common/libexpat/macconfig.h Examining data/ibm-3270-4.0ga12/Common/libexpat/nametab.h Examining data/ibm-3270-4.0ga12/Common/libexpat/utf8tab.h Examining data/ibm-3270-4.0ga12/Common/libexpat/watcomconfig.h Examining data/ibm-3270-4.0ga12/Common/libexpat/winconfig.h Examining data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c Examining data/ibm-3270-4.0ga12/Common/libexpat/xmlrole.c Examining data/ibm-3270-4.0ga12/Common/libexpat/xmlrole.h Examining data/ibm-3270-4.0ga12/Common/libexpat/xmltok.c Examining data/ibm-3270-4.0ga12/Common/libexpat/xmltok.h Examining data/ibm-3270-4.0ga12/Common/libexpat/xmltok_impl.c Examining data/ibm-3270-4.0ga12/Common/libexpat/xmltok_impl.h Examining data/ibm-3270-4.0ga12/Common/libexpat/xmltok_ns.c Examining data/ibm-3270-4.0ga12/Common/linemode.c Examining data/ibm-3270-4.0ga12/Common/llist.c Examining data/ibm-3270-4.0ga12/Common/login_macro.c Examining data/ibm-3270-4.0ga12/Common/Malloc.c Examining data/ibm-3270-4.0ga12/Common/menubar_stubs.c Examining data/ibm-3270-4.0ga12/Common/min_version.c Examining data/ibm-3270-4.0ga12/Common/mkfb.c Examining data/ibm-3270-4.0ga12/Common/mkicon.c Examining data/ibm-3270-4.0ga12/Common/model.c Examining data/ibm-3270-4.0ga12/Common/model_stubs.c Examining data/ibm-3270-4.0ga12/Common/Nodisplay/resources.c Examining data/ibm-3270-4.0ga12/Common/nvt.c Examining data/ibm-3270-4.0ga12/Common/nvt_gui_stubs.c Examining data/ibm-3270-4.0ga12/Common/peerscript.c Examining data/ibm-3270-4.0ga12/Common/popups_stubs.c Examining data/ibm-3270-4.0ga12/Common/popups_glue.c Examining data/ibm-3270-4.0ga12/Common/pr3287/codepage.c Examining data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c Examining data/ibm-3270-4.0ga12/Common/pr3287/ctlrc.h Examining data/ibm-3270-4.0ga12/Common/pr3287/globals.h Examining data/ibm-3270-4.0ga12/Common/pr3287/localdefs.h Examining data/ibm-3270-4.0ga12/Common/pr3287/popupsc.h Examining data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c Examining data/ibm-3270-4.0ga12/Common/pr3287/pr3287.h Examining data/ibm-3270-4.0ga12/Common/pr3287/pr_telnet.h Examining data/ibm-3270-4.0ga12/Common/pr3287/sf.c Examining data/ibm-3270-4.0ga12/Common/pr3287/telnet.c Examining data/ibm-3270-4.0ga12/Common/pr3287/trace.c Examining data/ibm-3270-4.0ga12/Common/pr3287/trace.h Examining data/ibm-3270-4.0ga12/Common/pr3287/xtable.c Examining data/ibm-3270-4.0ga12/Common/pr3287/xtablec.h Examining data/ibm-3270-4.0ga12/Common/pr3287_session.c Examining data/ibm-3270-4.0ga12/Common/pr3287_session_stubs.c Examining data/ibm-3270-4.0ga12/Common/print_command.c Examining data/ibm-3270-4.0ga12/Common/print_gui_stubs.c Examining data/ibm-3270-4.0ga12/Common/print_screen.c Examining data/ibm-3270-4.0ga12/Common/product_stubs1.c Examining data/ibm-3270-4.0ga12/Common/product_stubs2.c Examining data/ibm-3270-4.0ga12/Common/product_stubs3.c Examining data/ibm-3270-4.0ga12/Common/product_stubs4.c Examining data/ibm-3270-4.0ga12/Common/proxy.c Examining data/ibm-3270-4.0ga12/Common/proxy_http.c Examining data/ibm-3270-4.0ga12/Common/proxy_passthru.c Examining data/ibm-3270-4.0ga12/Common/proxy_socks4.c Examining data/ibm-3270-4.0ga12/Common/proxy_socks5.c Examining data/ibm-3270-4.0ga12/Common/proxy_telnet.c Examining data/ibm-3270-4.0ga12/Common/proxy_toggle.c Examining data/ibm-3270-4.0ga12/Common/query.c Examining data/ibm-3270-4.0ga12/Common/readres.c Examining data/ibm-3270-4.0ga12/Common/resolver.c Examining data/ibm-3270-4.0ga12/Common/rpq.c Examining data/ibm-3270-4.0ga12/Common/run_action.c Examining data/ibm-3270-4.0ga12/Common/s3270.c Examining data/ibm-3270-4.0ga12/Common/s3270/localdefs.h Examining data/ibm-3270-4.0ga12/Common/save_stubs.c Examining data/ibm-3270-4.0ga12/Common/screentrace.c Examining data/ibm-3270-4.0ga12/Common/screen_stubs1.c Examining data/ibm-3270-4.0ga12/Common/screen_stubs2.c Examining data/ibm-3270-4.0ga12/Common/screen_stubs3.c Examining data/ibm-3270-4.0ga12/Common/screen_stubs4.c Examining data/ibm-3270-4.0ga12/Common/screen_stubs5.c Examining data/ibm-3270-4.0ga12/Common/screen_stubs6.c Examining data/ibm-3270-4.0ga12/Common/screen_stubs7.c Examining data/ibm-3270-4.0ga12/Common/scroll.c Examining data/ibm-3270-4.0ga12/Common/scroll_stubs.c Examining data/ibm-3270-4.0ga12/Common/see.c Examining data/ibm-3270-4.0ga12/Common/select_stubs.c Examining data/ibm-3270-4.0ga12/Common/sf.c Examining data/ibm-3270-4.0ga12/Common/sioc.c Examining data/ibm-3270-4.0ga12/Common/sio_glue.c Examining data/ibm-3270-4.0ga12/Common/sio_none.c Examining data/ibm-3270-4.0ga12/Common/sio_openssl.c Examining data/ibm-3270-4.0ga12/Common/sio_secure_transport.c Examining data/ibm-3270-4.0ga12/Common/source.c Examining data/ibm-3270-4.0ga12/Common/split_host.c Examining data/ibm-3270-4.0ga12/Common/stats_stubs.c Examining data/ibm-3270-4.0ga12/Common/status_stubs.c Examining data/ibm-3270-4.0ga12/Common/stdinscript.c Examining data/ibm-3270-4.0ga12/Common/stringscript.c Examining data/ibm-3270-4.0ga12/Common/tables.c Examining data/ibm-3270-4.0ga12/Common/task.c Examining data/ibm-3270-4.0ga12/Common/telnet.c Examining data/ibm-3270-4.0ga12/Common/telnet_gui_stubs.c Examining data/ibm-3270-4.0ga12/Common/telnet_new_environ.c Examining data/ibm-3270-4.0ga12/Common/telnet_sio.c Examining data/ibm-3270-4.0ga12/Common/tls_passwd_gui_stubs.c Examining data/ibm-3270-4.0ga12/Common/toggles.c Examining data/ibm-3270-4.0ga12/Common/toupper.c Examining data/ibm-3270-4.0ga12/Common/trace.c Examining data/ibm-3270-4.0ga12/Common/trace_gui_stubs.c Examining data/ibm-3270-4.0ga12/Common/unicode.c Examining data/ibm-3270-4.0ga12/Common/unicode_dbcs.c Examining data/ibm-3270-4.0ga12/Common/utf8.c Examining data/ibm-3270-4.0ga12/Common/util.c Examining data/ibm-3270-4.0ga12/Common/varbuf.c Examining data/ibm-3270-4.0ga12/Common/Win32/gdi_print.c Examining data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c Examining data/ibm-3270-4.0ga12/Common/Win32/mkversion.c Examining data/ibm-3270-4.0ga12/Common/Win32/sio_schannel.c Examining data/ibm-3270-4.0ga12/Common/Win32/snprintf.c Examining data/ibm-3270-4.0ga12/Common/Win32/w3misc.c Examining data/ibm-3270-4.0ga12/Common/Win32/windirs.c Examining data/ibm-3270-4.0ga12/Common/Win32/winvers.c Examining data/ibm-3270-4.0ga12/Common/winprint.c Examining data/ibm-3270-4.0ga12/Common/x3270if.c Examining data/ibm-3270-4.0ga12/Common/xio.c Examining data/ibm-3270-4.0ga12/Common/xpopen.c Examining data/ibm-3270-4.0ga12/Common/xs_buffer.c Examining data/ibm-3270-4.0ga12/Common/XtGlue.c Examining data/ibm-3270-4.0ga12/include/3270ds.h Examining data/ibm-3270-4.0ga12/include/actions.h Examining data/ibm-3270-4.0ga12/include/apl.h Examining data/ibm-3270-4.0ga12/include/appres.h Examining data/ibm-3270-4.0ga12/include/arpa_telnet.h Examining data/ibm-3270-4.0ga12/include/asprintf.h Examining data/ibm-3270-4.0ga12/include/b3270proto.h Examining data/ibm-3270-4.0ga12/include/b8.h Examining data/ibm-3270-4.0ga12/include/base64.h Examining data/ibm-3270-4.0ga12/include/bind-opt.h Examining data/ibm-3270-4.0ga12/include/boolstr.h Examining data/ibm-3270-4.0ga12/include/child.h Examining data/ibm-3270-4.0ga12/include/child_popups.h Examining data/ibm-3270-4.0ga12/include/childscript.h Examining data/ibm-3270-4.0ga12/include/codepage.h Examining data/ibm-3270-4.0ga12/include/copyright.h Examining data/ibm-3270-4.0ga12/include/ctlrc.h Examining data/ibm-3270-4.0ga12/include/ctlr.h Examining data/ibm-3270-4.0ga12/include/fallbacks.h Examining data/ibm-3270-4.0ga12/include/find_console.h Examining data/ibm-3270-4.0ga12/include/fprint_screen.h Examining data/ibm-3270-4.0ga12/include/ft_cut_ds.h Examining data/ibm-3270-4.0ga12/include/ft_cut.h Examining data/ibm-3270-4.0ga12/include/ft_dft_ds.h Examining data/ibm-3270-4.0ga12/include/ft_dft.h Examining data/ibm-3270-4.0ga12/include/ft_gui.h Examining data/ibm-3270-4.0ga12/include/ft.h Examining data/ibm-3270-4.0ga12/include/ft_private.h Examining data/ibm-3270-4.0ga12/include/gdi_print.h Examining data/ibm-3270-4.0ga12/include/globals.h Examining data/ibm-3270-4.0ga12/include/glue_gui.h Examining data/ibm-3270-4.0ga12/include/glue.h Examining data/ibm-3270-4.0ga12/include/host_gui.h Examining data/ibm-3270-4.0ga12/include/host.h Examining data/ibm-3270-4.0ga12/include/httpd-core.h Examining data/ibm-3270-4.0ga12/include/httpd-io.h Examining data/ibm-3270-4.0ga12/include/httpd-nodes.h Examining data/ibm-3270-4.0ga12/include/icmdc.h Examining data/ibm-3270-4.0ga12/include/idle.h Examining data/ibm-3270-4.0ga12/include/indent_s.h Examining data/ibm-3270-4.0ga12/include/kybd.h Examining data/ibm-3270-4.0ga12/include/latin1.h Examining data/ibm-3270-4.0ga12/include/lazya.h Examining data/ibm-3270-4.0ga12/include/linemode.h Examining data/ibm-3270-4.0ga12/include/login_macro.h Examining data/ibm-3270-4.0ga12/include/menubar.h Examining data/ibm-3270-4.0ga12/include/min_version.h Examining data/ibm-3270-4.0ga12/include/model.h Examining data/ibm-3270-4.0ga12/include/names.h Examining data/ibm-3270-4.0ga12/include/nvt_gui.h Examining data/ibm-3270-4.0ga12/include/nvt.h Examining data/ibm-3270-4.0ga12/include/opts.h Examining data/ibm-3270-4.0ga12/include/peerscript.h Examining data/ibm-3270-4.0ga12/include/popups.h Examining data/ibm-3270-4.0ga12/include/pr3287_session.h Examining data/ibm-3270-4.0ga12/include/print_command.h Examining data/ibm-3270-4.0ga12/include/print_gui.h Examining data/ibm-3270-4.0ga12/include/print_screen.h Examining data/ibm-3270-4.0ga12/include/product.h Examining data/ibm-3270-4.0ga12/include/proxy.h Examining data/ibm-3270-4.0ga12/include/proxy_http.h Examining data/ibm-3270-4.0ga12/include/proxy_names.h Examining data/ibm-3270-4.0ga12/include/proxy_passthru.h Examining data/ibm-3270-4.0ga12/include/proxy_private.h Examining data/ibm-3270-4.0ga12/include/proxy_socks4.h Examining data/ibm-3270-4.0ga12/include/proxy_socks5.h Examining data/ibm-3270-4.0ga12/include/proxy_telnet.h Examining data/ibm-3270-4.0ga12/include/proxy_toggle.h Examining data/ibm-3270-4.0ga12/include/query.h Examining data/ibm-3270-4.0ga12/include/readres.h Examining data/ibm-3270-4.0ga12/include/resolver.h Examining data/ibm-3270-4.0ga12/include/resources.h Examining data/ibm-3270-4.0ga12/include/rpq.h Examining data/ibm-3270-4.0ga12/include/s3270_proto.h Examining data/ibm-3270-4.0ga12/include/save.h Examining data/ibm-3270-4.0ga12/include/screen.h Examining data/ibm-3270-4.0ga12/include/screentrace.h Examining data/ibm-3270-4.0ga12/include/scroll.h Examining data/ibm-3270-4.0ga12/include/see.h Examining data/ibm-3270-4.0ga12/include/selectc.h Examining data/ibm-3270-4.0ga12/include/sf.h Examining data/ibm-3270-4.0ga12/include/sio.h Examining data/ibm-3270-4.0ga12/include/sio_glue.h Examining data/ibm-3270-4.0ga12/include/sio_internal.h Examining data/ibm-3270-4.0ga12/include/sioc.h Examining data/ibm-3270-4.0ga12/include/source.h Examining data/ibm-3270-4.0ga12/include/split_host.h Examining data/ibm-3270-4.0ga12/include/stats.h Examining data/ibm-3270-4.0ga12/include/status.h Examining data/ibm-3270-4.0ga12/include/status_dump.h Examining data/ibm-3270-4.0ga12/include/stdinscript.h Examining data/ibm-3270-4.0ga12/include/stringscript.h Examining data/ibm-3270-4.0ga12/include/tables.h Examining data/ibm-3270-4.0ga12/include/task.h Examining data/ibm-3270-4.0ga12/include/telnet_core.h Examining data/ibm-3270-4.0ga12/include/telnet_gui.h Examining data/ibm-3270-4.0ga12/include/telnet.h Examining data/ibm-3270-4.0ga12/include/telnet_private.h Examining data/ibm-3270-4.0ga12/include/telnet_sio.h Examining data/ibm-3270-4.0ga12/include/tls_config.h Examining data/ibm-3270-4.0ga12/include/tls_passwd_gui.h Examining data/ibm-3270-4.0ga12/include/tn3270e.h Examining data/ibm-3270-4.0ga12/include/toggles.h Examining data/ibm-3270-4.0ga12/include/toupper.h Examining data/ibm-3270-4.0ga12/include/trace_gui.h Examining data/ibm-3270-4.0ga12/include/trace.h Examining data/ibm-3270-4.0ga12/include/ui_stream.h Examining data/ibm-3270-4.0ga12/include/unicodec.h Examining data/ibm-3270-4.0ga12/include/unicode_dbcs.h Examining data/ibm-3270-4.0ga12/include/utf8.h Examining data/ibm-3270-4.0ga12/include/utils.h Examining data/ibm-3270-4.0ga12/include/varbuf.h Examining data/ibm-3270-4.0ga12/include/w3misc.h Examining data/ibm-3270-4.0ga12/include/wincmn.h Examining data/ibm-3270-4.0ga12/include/windirs.h Examining data/ibm-3270-4.0ga12/include/winprint.h Examining data/ibm-3270-4.0ga12/include/winvers.h Examining data/ibm-3270-4.0ga12/include/xio.h Examining data/ibm-3270-4.0ga12/include/xpopen.h Examining data/ibm-3270-4.0ga12/include/xscroll.h Examining data/ibm-3270-4.0ga12/lib/3270stubs/child_stubs.c Examining data/ibm-3270-4.0ga12/lib/include/localdefs.h Examining data/ibm-3270-4.0ga12/lib/include/windows/conf.h Examining data/ibm-3270-4.0ga12/mitm/localdefs.h Examining data/ibm-3270-4.0ga12/Playback/playback.c Examining data/ibm-3270-4.0ga12/tcl3270/localdefs.h Examining data/ibm-3270-4.0ga12/tcl3270/tcl3270.c Examining data/ibm-3270-4.0ga12/wb3270/conf.h Examining data/ibm-3270-4.0ga12/wc3270/catf.c Examining data/ibm-3270-4.0ga12/wc3270/conf.h Examining data/ibm-3270-4.0ga12/wc3270/keymap.c Examining data/ibm-3270-4.0ga12/wc3270/keymap.h Examining data/ibm-3270-4.0ga12/wc3270/mkshort.c Examining data/ibm-3270-4.0ga12/wc3270/nvt_gui.c Examining data/ibm-3270-4.0ga12/wc3270/relink.c Examining data/ibm-3270-4.0ga12/wc3270/relinkc.h Examining data/ibm-3270-4.0ga12/wc3270/screen.c Examining data/ibm-3270-4.0ga12/wc3270/select.c Examining data/ibm-3270-4.0ga12/wc3270/shortcut.c Examining data/ibm-3270-4.0ga12/wc3270/shortcutc.h Examining data/ibm-3270-4.0ga12/wc3270/wc3270.h Examining data/ibm-3270-4.0ga12/wc3270/wizard.c Examining data/ibm-3270-4.0ga12/wc3270/wselectc.h Examining data/ibm-3270-4.0ga12/wpr3287/conf.h Examining data/ibm-3270-4.0ga12/wpr3287/ws.c Examining data/ibm-3270-4.0ga12/wpr3287/wsc.h Examining data/ibm-3270-4.0ga12/ws3270/conf.h Examining data/ibm-3270-4.0ga12/wx3270if/conf.h Examining data/ibm-3270-4.0ga12/x3270/about.c Examining data/ibm-3270-4.0ga12/x3270/about.h Examining data/ibm-3270-4.0ga12/x3270/cg.h Examining data/ibm-3270-4.0ga12/x3270/CmeBSB.c Examining data/ibm-3270-4.0ga12/x3270/CmeBSB.h Examining data/ibm-3270-4.0ga12/x3270/CmeBSBP.h Examining data/ibm-3270-4.0ga12/x3270/Cme.c Examining data/ibm-3270-4.0ga12/x3270/Cme.h Examining data/ibm-3270-4.0ga12/x3270/CmeLine.c Examining data/ibm-3270-4.0ga12/x3270/CmeLine.h Examining data/ibm-3270-4.0ga12/x3270/CmeLineP.h Examining data/ibm-3270-4.0ga12/x3270/CmeP.h Examining data/ibm-3270-4.0ga12/x3270/CmplxMenu.c Examining data/ibm-3270-4.0ga12/x3270/CmplxMenu.h Examining data/ibm-3270-4.0ga12/x3270/CmplxMenuP.h Examining data/ibm-3270-4.0ga12/x3270/dialog.c Examining data/ibm-3270-4.0ga12/x3270/dialog.h Examining data/ibm-3270-4.0ga12/x3270/display8.c Examining data/ibm-3270-4.0ga12/x3270/display8.h Examining data/ibm-3270-4.0ga12/x3270/display_charsets.c Examining data/ibm-3270-4.0ga12/x3270/display_charsets_dbcs.c Examining data/ibm-3270-4.0ga12/x3270/display_charsets_dbcs.h Examining data/ibm-3270-4.0ga12/x3270/display_charsets.h Examining data/ibm-3270-4.0ga12/x3270/ft_gui.c Examining data/ibm-3270-4.0ga12/x3270/host_gui.c Examining data/ibm-3270-4.0ga12/x3270/Husk.c Examining data/ibm-3270-4.0ga12/x3270/Husk.h Examining data/ibm-3270-4.0ga12/x3270/HuskP.h Examining data/ibm-3270-4.0ga12/x3270/idle_gui.c Examining data/ibm-3270-4.0ga12/x3270/idle_gui.h Examining data/ibm-3270-4.0ga12/x3270/keymap.c Examining data/ibm-3270-4.0ga12/x3270/keymap.h Examining data/ibm-3270-4.0ga12/x3270/keypad.c Examining data/ibm-3270-4.0ga12/x3270/keysym2ucs.c Examining data/ibm-3270-4.0ga12/x3270/keysym2ucs.h Examining data/ibm-3270-4.0ga12/x3270/localdefs.h Examining data/ibm-3270-4.0ga12/x3270/menubar.c Examining data/ibm-3270-4.0ga12/x3270/nvt_gui.c Examining data/ibm-3270-4.0ga12/x3270/objects.h Examining data/ibm-3270-4.0ga12/x3270/popups.c Examining data/ibm-3270-4.0ga12/x3270/printer_gui.c Examining data/ibm-3270-4.0ga12/x3270/printer_gui.h Examining data/ibm-3270-4.0ga12/x3270/print_gui.c Examining data/ibm-3270-4.0ga12/x3270/print_window.c Examining data/ibm-3270-4.0ga12/x3270/print_window.h Examining data/ibm-3270-4.0ga12/x3270/resources.c Examining data/ibm-3270-4.0ga12/x3270/resourcesc.h Examining data/ibm-3270-4.0ga12/x3270/save.c Examining data/ibm-3270-4.0ga12/x3270/screen.c Examining data/ibm-3270-4.0ga12/x3270/select.c Examining data/ibm-3270-4.0ga12/x3270/status.c Examining data/ibm-3270-4.0ga12/x3270/stmenu.c Examining data/ibm-3270-4.0ga12/x3270/stmenu.h Examining data/ibm-3270-4.0ga12/x3270/tls_passwd_gui.c Examining data/ibm-3270-4.0ga12/x3270/trace_gui.c Examining data/ibm-3270-4.0ga12/x3270/x3270.c Examining data/ibm-3270-4.0ga12/x3270/xaa.c Examining data/ibm-3270-4.0ga12/x3270/xaa.h Examining data/ibm-3270-4.0ga12/x3270/xactions.c Examining data/ibm-3270-4.0ga12/x3270/xactions.h Examining data/ibm-3270-4.0ga12/x3270/xappres.h Examining data/ibm-3270-4.0ga12/x3270/xft_gui.h Examining data/ibm-3270-4.0ga12/x3270/xglobals.h Examining data/ibm-3270-4.0ga12/x3270/xkeypad.h Examining data/ibm-3270-4.0ga12/x3270/xkybd.c Examining data/ibm-3270-4.0ga12/x3270/xkybd.h Examining data/ibm-3270-4.0ga12/x3270/xmenubar.h Examining data/ibm-3270-4.0ga12/x3270/xpopups.h Examining data/ibm-3270-4.0ga12/x3270/xsave.h Examining data/ibm-3270-4.0ga12/x3270/xscreen.h Examining data/ibm-3270-4.0ga12/x3270/xselectc.h Examining data/ibm-3270-4.0ga12/x3270/xstatus.h Examining data/ibm-3270-4.0ga12/x3270/xtables.c Examining data/ibm-3270-4.0ga12/x3270/xtables.h Examining data/ibm-3270-4.0ga12/x3270/xutil.c Examining data/ibm-3270-4.0ga12/x3270if/localdefs.h FINAL RESULTS: data/ibm-3270-4.0ga12/Common/Malloc.c:80:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(Malloc(strlen(s) + 1), s); data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:95:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(Malloc(strlen(s) + 1), s); data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:319:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ybuf, "%.*s%s%s", data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:78:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(t, s); data/ibm-3270-4.0ga12/Common/Win32/snprintf.c:55:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(str, size, fmt, ap); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:119:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xwd, wd); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:228:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*instdir, path); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:268:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wsl, "%s\\", *desktop); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:282:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wsl, "%s\\%s\\", *xappdata, appname); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:301:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wsl, "%s\\", *common_desktop); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:319:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wsl, "%s%s%s\\", data/ibm-3270-4.0ga12/Common/actions.c:113:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->name, action); data/ibm-3270-4.0ga12/Common/asprintf.c:51:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. return vsnprintf(NULL, 0, fmt, ap); data/ibm-3270-4.0ga12/Common/asprintf.c:77:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, buflen + 1, fmt, ap); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:303:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(g->name, name); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:455:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(uia->tag, tag); data/ibm-3270-4.0ga12/Common/bind-opt.c:121:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(port_str, rbrack + 2); data/ibm-3270-4.0ga12/Common/bind-opt.c:150:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(port_str, colon + 1); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1331:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%s%s", pager_cmd, or_cat); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1419:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcat(pager.residual, "\n"), s); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1432:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. pager.nw = printf(PAGER_PROMPT); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1563:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(matches[j], "\"%s\"", h->name); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1662:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(vmsgbuf, fmt, args); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1976:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(linkpath, "%s\\wcsa%u.lnk", tempdir, getpid()); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1977:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(exepath, "%s%s", instdir, "wc3270.exe"); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:2022:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(delenv, "%s=%s", DELENV, linkpath); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:2024:9: [4] (shell) ShellExecute: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. h = ShellExecute(NULL, "open", linkpath, "", tempdir, SW_SHOW); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:2052:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:324:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. a = access(fnx, R_OK); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1071:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "<Key>%s", n); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1087:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, latin1_name); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1107:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "<Key>%s", mb); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1139:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(s, " %s", decode_key(k->codes[i].key, data/ibm-3270-4.0ga12/Common/c3270/menubar.c:144:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(c->title, title); data/ibm-3270-4.0ga12/Common/c3270/menubar.c:169:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(i->label, label); data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:56:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/%s", incdir, name); data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:188:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->callback, t); data/ibm-3270-4.0ga12/Common/c3270/status_dump.c:276:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(s, " %s %s", c[i].name, c[i].value); data/ibm-3270-4.0ga12/Common/childscript.c:1271:2: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(argv[0], child_argv); data/ibm-3270-4.0ga12/Common/ctlr.c:277:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(model_name, "327%c-%d%s", data/ibm-3270-4.0ga12/Common/find_console.c:66:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access(program, X_OK) == 0; data/ibm-3270-4.0ga12/Common/find_console.c:73:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(xpath, X_OK) == 0) { data/ibm-3270-4.0ga12/Common/find_console.c:82:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(xpath, X_OK) == 0) { data/ibm-3270-4.0ga12/Common/ft_cut.c:479:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, get_message("ftHostCancel")); data/ibm-3270-4.0ga12/Common/glue.c:186:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(command_string, programname); data/ibm-3270-4.0ga12/Common/glue.c:188:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcat(command_string, " "), argv[i]); data/ibm-3270-4.0ga12/Common/glue.c:204:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xcmd + xcmd_len, argv[i]); data/ibm-3270-4.0ga12/Common/glue.c:440:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cmds_buf, OptLocalProcess); data/ibm-3270-4.0ga12/Common/glue.c:442:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcat(cmds_buf, " "), argv[j]); data/ibm-3270-4.0ga12/Common/glue.c:1337:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, s); data/ibm-3270-4.0ga12/Common/httpd-core.c:1461:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(f->name, name); data/ibm-3270-4.0ga12/Common/httpd-core.c:1463:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(f->value, value); data/ibm-3270-4.0ga12/Common/kybd.c:3333:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(s, argv[i]); data/ibm-3270-4.0ga12/Common/kybd.c:3418:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(s, t); data/ibm-3270-4.0ga12/Common/kybd.c:3468:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(s, t); data/ibm-3270-4.0ga12/Common/linemode.c:575:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). c[0].name = "intr"; strcpy(c[0].value, ctl_see(vintr)); data/ibm-3270-4.0ga12/Common/linemode.c:576:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). c[1].name = "quit"; strcpy(c[1].value, ctl_see(vquit)); data/ibm-3270-4.0ga12/Common/linemode.c:577:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). c[2].name = "erase"; strcpy(c[2].value, ctl_see(verase)); data/ibm-3270-4.0ga12/Common/linemode.c:578:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). c[3].name = "kill"; strcpy(c[3].value, ctl_see(vkill)); data/ibm-3270-4.0ga12/Common/linemode.c:579:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). c[4].name = "eof"; strcpy(c[4].value, ctl_see(veof)); data/ibm-3270-4.0ga12/Common/linemode.c:580:27: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). c[5].name = "werase"; strcpy(c[5].value, ctl_see(vwerase)); data/ibm-3270-4.0ga12/Common/linemode.c:581:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). c[6].name = "rprnt"; strcpy(c[6].value, ctl_see(vrprnt)); data/ibm-3270-4.0ga12/Common/linemode.c:582:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). c[7].name = "lnext"; strcpy(c[7].value, ctl_see(vlnext)); data/ibm-3270-4.0ga12/Common/nvt.c:1983:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *)obptr, s); data/ibm-3270-4.0ga12/Common/nvt.c:2015:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *)obptr, s); data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:1405:2: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl("/bin/sh", "sh", "-c", command, NULL); data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:233:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:278:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:320:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf[ix], fmt, ap); data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:410:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(p, s); data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:1216:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(msgbuf, fmt, args); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:299:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(h, host); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:513:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lu, luname); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:825:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tt_out, "%c%c%c%c%s%s%s%c%c", data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:881:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. t += sprintf(tt_out, "%c%c%c%c%c%s", data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:886:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. t += sprintf(t, "%c%s", TN3270E_OP_ASSOCIATE, try_assoc); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:888:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. t += sprintf(t, "%c%s", TN3270E_OP_CONNECT, try_lu); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1110:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(s, "%s%s", (s == text_buf) ? "" : " ", fnn(buf[i])); data/ibm-3270-4.0ga12/Common/pr3287/trace.c:94:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(tdsbuf, 4096, fmt, args); data/ibm-3270-4.0ga12/Common/pr3287/trace.c:154:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(tdsbuf, 4096, fmt, args); data/ibm-3270-4.0ga12/Common/pr3287_session.c:679:2: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp("/bin/sh", "sh", "-c", cmd_text, NULL); data/ibm-3270-4.0ga12/Common/print_command.c:151:2: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp("/bin/sh", "sh", "-c", command, NULL); data/ibm-3270-4.0ga12/Common/proxy_socks4.c:116:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, ruser); data/ibm-3270-4.0ga12/Common/proxy_socks4.c:118:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, host); data/ibm-3270-4.0ga12/Common/proxy_socks4.c:141:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, ruser); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:227:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char *)upbuf, "\001%c%.*s%c%s", data/ibm-3270-4.0ga12/Common/proxy_socks5.c:320:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, ps.host); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:326:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nbuf, inet_ntoa(ps.ha.sin.sin_addr)); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:490:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nbuf, inet_ntoa(ps.ha.sin.sin_addr)); data/ibm-3270-4.0ga12/Common/rpq.c:756:19: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rpq_wbcnt += vsnprintf(rpq_warnbuf + rpq_wbcnt, data/ibm-3270-4.0ga12/Common/sio_openssl.c:218:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, colon + 1); data/ibm-3270-4.0ga12/Common/sio_openssl.c:220:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, xbuf); data/ibm-3270-4.0ga12/Common/sio_openssl.c:664:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(err_buf + 1, strerror(errno)); data/ibm-3270-4.0ga12/Common/source.c:237:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->path, argv[0]); data/ibm-3270-4.0ga12/Common/stdinscript.c:178:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(DATA_PREFIX "%.*s\n", (int)len, buf); data/ibm-3270-4.0ga12/Common/stringscript.c:327:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->data, st); data/ibm-3270-4.0ga12/Common/task.c:1409:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(q->name, cb->shortname); data/ibm-3270-4.0ga12/Common/telnet.c:788:3: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp("/bin/sh", "sh", "-c", host, NULL); data/ibm-3270-4.0ga12/Common/telnet.c:793:3: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp(host, (arg1 == NULL)? host: arg1 + 1, NULL); data/ibm-3270-4.0ga12/Common/telnet.c:853:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lu, luname); data/ibm-3270-4.0ga12/Common/telnet.c:1854:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tt_out, "%c%c%c%c%s%s%s%c%c", data/ibm-3270-4.0ga12/Common/telnet.c:1952:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. t += sprintf(tt_out, "%c%c%c%c%c%s", data/ibm-3270-4.0ga12/Common/telnet.c:1957:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. t += sprintf(t, "%c%s", TN3270E_OP_CONNECT, force_ascii(try_lu)); data/ibm-3270-4.0ga12/Common/telnet.c:2192:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(s, "%s%s", (s == text_buf)? "": " ", fnn(buf[i])); data/ibm-3270-4.0ga12/Common/telnet.c:2210:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(s, "%s%s", (s == text_buf)? "": " ", fnn(i)); data/ibm-3270-4.0ga12/Common/telnet.c:3734:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret + sl, o); data/ibm-3270-4.0ga12/Common/toggles.c:739:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(u->name, name); data/ibm-3270-4.0ga12/Common/trace.c:320:23: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. tracef_bufptr += sprintf(tracef_bufptr, "%s", gen_ts()); data/ibm-3270-4.0ga12/Common/trace.c:322:19: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. tracef_bufptr += vsprintf(tracef_bufptr, fmt, args); data/ibm-3270-4.0ga12/Common/trace.c:715:2: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(t->program, (char *const*)argv); data/ibm-3270-4.0ga12/Common/util.c:537:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o, vv); data/ibm-3270-4.0ga12/Common/util.c:644:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(r, p->pw_dir); data/ibm-3270-4.0ga12/Common/util.c:645:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(r, rest); data/ibm-3270-4.0ga12/Common/util.c:1028:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. rc = system(command); data/ibm-3270-4.0ga12/Common/varbuf.c:128:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(r->buf + r->len, len + 1, format, ap); data/ibm-3270-4.0ga12/Common/x3270if.c:489:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd_nl, "%s\n", cmd); data/ibm-3270-4.0ga12/Common/x3270if.c:588:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcat(*data_ret, buf + PREFIX_LEN), "\n"); data/ibm-3270-4.0ga12/Common/x3270if.c:1173:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(x_ret, "%s%s", s, a); data/ibm-3270-4.0ga12/Common/x3270if.c:1241:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%s%s", op, sgr0); data/ibm-3270-4.0ga12/Common/x3270if.c:1280:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prompt_setaf, xsetaf(setaf, color_offset + COLOR_BLUE, sgr)); data/ibm-3270-4.0ga12/Common/x3270if.c:1284:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt, prompt_len, LEFT "%s" RIGHT "%s> " LEFT "%s" RIGHT, data/ibm-3270-4.0ga12/Common/x3270if.c:1516:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(response, RESUME_INPUT "(%s)", data/ibm-3270-4.0ga12/Common/xpopen.c:99:6: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl("/bin/sh", "/bin/sh", "-c", command, NULL) < 0) { data/ibm-3270-4.0ga12/Common/xpopen.c:236:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "tr A-Z a-z >%s", outfile); data/ibm-3270-4.0ga12/c3270/screen.c:2358:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(oia_timing, no_time); data/ibm-3270-4.0ga12/include/wincmn.h:89:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf safe_vsnprintf data/ibm-3270-4.0ga12/include/wincmn.h:90:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf safe_snprintf data/ibm-3270-4.0ga12/include/wincmn.h:104:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. # define access _access data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:305:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd_nl, "%s\n", cmd); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:354:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcat(*ret, buf + strlen(DATA_PREFIX)), "\n"); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:501:6: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execvp("s3270", nargv) < 0) { data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:527:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, AnQuery "(" KwActions ") failed:\n%s\n", ret); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:669:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cmd, Tcl_GetString(objv[0])); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:678:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cmd, q); data/ibm-3270-4.0ga12/wc3270/keymap.c:284:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. a = access(fnp, R_OK); data/ibm-3270-4.0ga12/wc3270/keymap.c:297:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. a = access(fnp, R_OK); data/ibm-3270-4.0ga12/wc3270/keymap.c:309:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. a = access(fnp, R_OK); data/ibm-3270-4.0ga12/wc3270/keymap.c:319:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. a = access(fny, R_OK); data/ibm-3270-4.0ga12/wc3270/keymap.c:328:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. a = access(fnx, R_OK); data/ibm-3270-4.0ga12/wc3270/keymap.c:1217:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s<Key>%s", decode_hint(hint), n? n: "???"); data/ibm-3270-4.0ga12/wc3270/keymap.c:1219:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%sCtrl <Key>%c", decode_hint(hint & ~KM_CTRL), data/ibm-3270-4.0ga12/wc3270/keymap.c:1222:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%s<Key>colon", decode_hint(hint)); data/ibm-3270-4.0ga12/wc3270/keymap.c:1224:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%s<Key>space", decode_hint(hint)); data/ibm-3270-4.0ga12/wc3270/keymap.c:1233:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%s<Key>%c", decode_hint(hint), c); data/ibm-3270-4.0ga12/wc3270/keymap.c:1235:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%s<Key>U+%04x", decode_hint(hint), k); data/ibm-3270-4.0ga12/wc3270/keymap.c:1266:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(s, " %s", decode_key(k->codes[i], data/ibm-3270-4.0ga12/wc3270/mkshort.c:63:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(exe_path, "%s\\%s", install_dir, exe_name); data/ibm-3270-4.0ga12/wc3270/relink.c:235:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*usp, buf); data/ibm-3270-4.0ga12/wc3270/screen.c:1201:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("cls"); data/ibm-3270-4.0ga12/wc3270/screen.c:3049:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(oia_timing, no_time); data/ibm-3270-4.0ga12/wc3270/wizard.c:295:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("cls"); data/ibm-3270-4.0ga12/wc3270/wizard.c:308:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/ibm-3270-4.0ga12/wc3270/wizard.c:314:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/ibm-3270-4.0ga12/wc3270/wizard.c:576:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(km->name, keymap_name); data/ibm-3270-4.0ga12/wc3270/wizard.c:633:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(km->description, description); data/ibm-3270-4.0ga12/wc3270/wizard.c:669:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcpy(*def, " "), buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:671:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcat(*def, "\\n\\\n "), buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:695:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dpath, "%s%s", dirname, DONE_FILE); data/ibm-3270-4.0ga12/wc3270/wizard.c:696:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(dpath, R_OK) != 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:697:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dpath, "%s*%s", searchdir, KEYMAP_SUFFIX); data/ibm-3270-4.0ga12/wc3270/wizard.c:701:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fpath, "%s%s", dirname, find_data.cFileName); data/ibm-3270-4.0ga12/wc3270/wizard.c:860:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(condensed, expanded); data/ibm-3270-4.0ga12/wc3270/wizard.c:1081:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) == 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1089:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) == 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1096:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) == 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1104:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) == 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1111:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) == 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1431:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->host, buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:1452:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->host, buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:1530:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->luname, buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:1764:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->codepage, buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:1996:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->proxy_host, hbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2054:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->proxy_port, d->port); data/ibm-3270-4.0ga12/wc3270/wizard.c:2060:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->proxy_port, d->port); data/ibm-3270-4.0ga12/wc3270/wizard.c:2070:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->proxy_port, pbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2107:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(old_proxy, s->proxy_type); data/ibm-3270-4.0ga12/wc3270/wizard.c:2127:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->proxy_type, tbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2141:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->proxy_type, d->name); data/ibm-3270-4.0ga12/wc3270/wizard.c:2160:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->proxy_port, d->port); data/ibm-3270-4.0ga12/wc3270/wizard.c:2213:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->proxy_user, pbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2273:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->proxy_password, pbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2395:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->printerlu, tbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2481:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->printer, tbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2484:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->printer, printer_info[u - 1].pName); data/ibm-3270-4.0ga12/wc3270/wizard.c:2491:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->printer, tbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2539:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->printercp, buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2596:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tknbuf, inbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2613:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s->keymaps, inbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2907:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/ibm-3270-4.0ga12/wc3270/wizard.c:3171:6: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(DISPLAY_NONE"\n"); data/ibm-3270-4.0ga12/wc3270/wizard.c:3892:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) == 0 && unlink(path) < 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:4067:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(from_linkpath, R_OK) == 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:4226:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(dpath, R_OK) == 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:4230:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dpath, "%s*%s", dirname, SESS_SUFFIX); data/ibm-3270-4.0ga12/wc3270/wizard.c:4398:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(linkpath, "%s%s.lnk", data/ibm-3270-4.0ga12/wc3270/wizard.c:4401:24: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. shortcut_exists = (access(linkpath, R_OK) == 0); data/ibm-3270-4.0ga12/wc3270/wizard.c:4423:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(exepath, "%swc3270.exe", installdir); data/ibm-3270-4.0ga12/wc3270/wizard.c:4424:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(args, "+S \"%s\"", sess_path); data/ibm-3270-4.0ga12/wc3270/wizard.c:4556:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s -U", program); data/ibm-3270-4.0ga12/wc3270/wizard.c:4557:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd); data/ibm-3270-4.0ga12/wc3270/wizard.c:4581:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(save_session_name, session.session); data/ibm-3270-4.0ga12/wc3270/wizard.c:4583:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(session.session, save_session_name); data/ibm-3270-4.0ga12/wc3270/wizard.c:4593:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(session.host, session.session); data/ibm-3270-4.0ga12/wc3270/wizard.c:4701:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(keymaps, session->keymaps); data/ibm-3270-4.0ga12/wc3270/wizard.c:5203:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) == 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:5207:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, sizeof(path), "%s*" SESS_SUFFIX, dirname); data/ibm-3270-4.0ga12/wc3270/wizard.c:5216:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, sizeof(path), "%s*" KEYMAP_SUFFIX, dirname); data/ibm-3270-4.0ga12/wc3270/wizard.c:5255:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(wc3270_dir, R_OK) != 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:5272:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(desktop_ini, R_OK) != 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:5390:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(to_path, R_OK) == 0) { data/ibm-3270-4.0ga12/wc3270/wizard.c:5427:24: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. shortcut_exists = (access(link_path, R_OK) == 0); data/ibm-3270-4.0ga12/wc3270/wizard.c:5490:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(to_path, R_OK) == 0) { data/ibm-3270-4.0ga12/x3270/about.c:220:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s1, s1a); data/ibm-3270-4.0ga12/x3270/about.c:221:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(s1, s1b); data/ibm-3270-4.0ga12/x3270/about.c:223:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s2, s2a); data/ibm-3270-4.0ga12/x3270/about.c:224:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(s2, s2b); data/ibm-3270-4.0ga12/x3270/idle_gui.c:450:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(its, "%s%s%c", fuzz? "~": "", tmo, hms); data/ibm-3270-4.0ga12/x3270/keymap.c:552:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(t, " " PA_KEYMAP_TRACE "(%s,%d) ", name, nlines); data/ibm-3270-4.0ga12/x3270/keymap.c:569:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, PA_ENDL); data/ibm-3270-4.0ga12/x3270/keymap.c:597:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keymap_trace, "%s:%s", params[0], params[1]); data/ibm-3270-4.0ga12/x3270/keymap.c:1048:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(x->full_keymap, "%s:%d", x->keymap, x->km_line); data/ibm-3270-4.0ga12/x3270/print_window.c:98:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. print_window_done(system(print_window_command)); data/ibm-3270-4.0ga12/x3270/print_window.c:183:20: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. print_window_done(system(xcommand)); data/ibm-3270-4.0ga12/x3270/save.c:553:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(c2, tmp_cmd[i]); data/ibm-3270-4.0ga12/x3270/save.c:745:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xcmd + len, argv[i]); data/ibm-3270-4.0ga12/x3270/save.c:809:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(t, tlname); data/ibm-3270-4.0ga12/x3270/screen.c:4631:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). return strcat(strcat(r, " or "), t); data/ibm-3270-4.0ga12/x3270/status.c:1463:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(t, "%s %d", (char *)a_scrolled, n_scrolled); data/ibm-3270-4.0ga12/x3270/x3270.c:972:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title, "x3270-%d%s %s", model_num, (IN_NVT ? "A" : ""), data/ibm-3270-4.0ga12/x3270/x3270.c:1073:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*cmds, OptLocalProcess); data/ibm-3270-4.0ga12/x3270/x3270.c:1075:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcat(*cmds, " "), argv[j]); data/ibm-3270-4.0ga12/x3270/xactions.c:518:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rs, comma); data/ibm-3270-4.0ga12/x3270/xactions.c:519:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rs, skeymask[ix_ix[i]].name[ix[ix_ix[i]]]); data/ibm-3270-4.0ga12/x3270/xactions.c:524:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(strchr(rs, '\0'), "%s?%d", comma, state); data/ibm-3270-4.0ga12/x3270/xactions.c:605:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rs, comma); data/ibm-3270-4.0ga12/x3270/xactions.c:606:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(rs, keymask[i].name); data/ibm-3270-4.0ga12/x3270/xactions.c:614:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(strchr(rs, '\0'), "%s?%d", comma, state); data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:167:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. user = getenv("USERNAME"); data/ibm-3270-4.0ga12/Common/Win32/w3misc.c:195:1: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt(int argc, char * const argv[], const char *optstring) data/ibm-3270-4.0ga12/Common/Win32/windirs.c:182:9: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. h = LoadLibrary("CATF.EXE"); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:643:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. delenv = getenv(DELENV); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1320:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((pager_env = getenv("PAGER")) != NULL) { data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1903:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv(NO_PROFILE_ENV) != NULL) { data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1908:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. fname = getenv(PROFILE_ENV); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1970:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tempdir = getenv("TEMP"); data/ibm-3270-4.0ga12/Common/childscript.c:1339:9: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, args, NULL, NULL, TRUE, data/ibm-3270-4.0ga12/Common/childscript.c:1339:9: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, args, NULL, NULL, TRUE, data/ibm-3270-4.0ga12/Common/find_console.c:68:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. path = getenv("PATH"); data/ibm-3270-4.0ga12/Common/glue.c:167:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *path = getenv("PATH"); data/ibm-3270-4.0ga12/Common/host.c:356:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. r = getenv("SHELL"); data/ibm-3270-4.0ga12/Common/idle.c:110:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned int)time(NULL)); data/ibm-3270-4.0ga12/Common/idle.c:112:5: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/ibm-3270-4.0ga12/Common/idle.c:228:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. idle_ms_now -= random() % (idle_ms / 10L); data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:697:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seed); data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:495:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((options.printer = getenv("PRINTER")) == NULL) { data/ibm-3270-4.0ga12/Common/pr3287_session.c:758:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (!CreateProcess(NULL, cp_cmdline, NULL, NULL, TRUE, DETACHED_PROCESS, data/ibm-3270-4.0ga12/Common/pr3287_session.c:758:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (!CreateProcess(NULL, cp_cmdline, NULL, NULL, TRUE, DETACHED_PROCESS, data/ibm-3270-4.0ga12/Common/print_screen.c:102:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. user = getenv("USER"); data/ibm-3270-4.0ga12/Common/print_screen.c:119:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. username = getenv("USERNAME"); data/ibm-3270-4.0ga12/Common/print_screen.c:123:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. computername = getenv("COMPUTERNAME"); data/ibm-3270-4.0ga12/Common/print_screen.c:133:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. userdomain = getenv("USERDOMAIN"); data/ibm-3270-4.0ga12/Common/proxy_socks4.c:99:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ruser = getenv("USER"); data/ibm-3270-4.0ga12/Common/proxy_socks4.c:101:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ruser = getenv("USERNAME"); data/ibm-3270-4.0ga12/Common/rpq.c:277:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((x3270rpq = getenv("X3270RPQ")) == NULL) { data/ibm-3270-4.0ga12/Common/sio_openssl.c:209:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("SSL_VERBOSE_ERRORS")) { data/ibm-3270-4.0ga12/Common/telnet.c:646:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. hn = getenv("INTERNET_HOST"); data/ibm-3270-4.0ga12/Common/telnet_new_environ.c:167:38: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. user = appres.user? appres.user: getenv("USER"); data/ibm-3270-4.0ga12/Common/telnet_new_environ.c:169:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. user = getenv("USERNAME"); data/ibm-3270-4.0ga12/Common/util.c:431:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return getenv(name); data/ibm-3270-4.0ga12/Common/util.c:655:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (*s != '~' || (t = getenv("HOMEPATH")) == NULL) { data/ibm-3270-4.0ga12/Common/winprint.c:88:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. s = getenv("TEMP"); data/ibm-3270-4.0ga12/Common/winprint.c:90:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. s = getenv("TMP"); data/ibm-3270-4.0ga12/Common/x3270if.c:172:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. fdname = getenv(name); data/ibm-3270-4.0ga12/Common/x3270if.c:230:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, OPTS)) != -1) { data/ibm-3270-4.0ga12/Common/x3270if.c:891:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. port_env = getenv(PORT_ENV); data/ibm-3270-4.0ga12/Playback/playback.c:112:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "p:")) != -1) { data/ibm-3270-4.0ga12/c3270/screen.c:713:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (((colorterm = getenv("COLORTERM")) != NULL && data/ibm-3270-4.0ga12/c3270/screen.c:715:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("VTE_VERSION") != NULL)) && data/ibm-3270-4.0ga12/include/wincmn.h:129:5: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt(int argc, char * const argv[], const char *optstring); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:117:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *path = getenv("PATH"); data/ibm-3270-4.0ga12/wc3270/wizard.c:5169:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("NOTADMIN")) { data/ibm-3270-4.0ga12/x3270/about.c:409:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. } else if (getenv("XMODIFIERS") != NULL) { data/ibm-3270-4.0ga12/x3270/keymap.c:133:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (km = (char *)getenv("KEYMAP")) == NULL && data/ibm-3270-4.0ga12/x3270/keymap.c:134:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (km = (char *)getenv("KEYBD")) == NULL) { data/ibm-3270-4.0ga12/x3270/save.c:848:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (session == NULL && getenv(NO_PROFILE_ENV) != NULL) { data/ibm-3270-4.0ga12/x3270/save.c:855:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. fname = getenv(PROFILE_ENV); data/ibm-3270-4.0ga12/x3270/save.c:873:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_resources = getenv(RDB_ENV); data/ibm-3270-4.0ga12/x3270/screen.c:763:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((xs = getenv("X3270_XWIDTH")) != NULL) { data/ibm-3270-4.0ga12/x3270/screen.c:815:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((xs = getenv("X3270_XHEIGHT")) != NULL) { data/ibm-3270-4.0ga12/x3270/x3270.c:449:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *path = getenv("PATH"); data/ibm-3270-4.0ga12/Common/Win32/gdi_print.c:462:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char get_fail[1024]; data/ibm-3270-4.0ga12/Common/Win32/gdi_print.c:1293:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dm, pi->pDevMode, dmsize); data/ibm-3270-4.0ga12/Common/Win32/gdi_print.c:1315:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)dn + offset, pi->pDriverName, ldn); data/ibm-3270-4.0ga12/Common/Win32/gdi_print.c:1318:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)dn + offset, pi->pPrinterName, lpn); data/ibm-3270-4.0ga12/Common/Win32/gdi_print.c:1321:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)dn + offset, pi->pPortName, ltn); data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[256]; data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:196:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:250:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(version, "r"); data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:299:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(manifest, "r"); data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sccsdate[128]; data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpqtime[128]; data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:118:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(vtname, "r"); data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:176:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sccsdate, "%d/%02d/%02d", data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:180:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rpqtime, "%02d%02d%02d%02d%02d%02d", data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:191:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(ofile, "w"); data/ibm-3270-4.0ga12/Common/Win32/sio_schannel.c:446:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rgbLine[100]; data/ibm-3270-4.0ga12/Common/Win32/sio_schannel.c:451:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rgbLine, "%4.4x ", index); data/ibm-3270-4.0ga12/Common/Win32/sio_schannel.c:821:24: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). server_name_size = MultiByteToWideChar(CP_ACP, 0, server_name, -1, NULL, 0); data/ibm-3270-4.0ga12/Common/Win32/sio_schannel.c:823:5: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP, 0, server_name, -1, server_name_wide, data/ibm-3270-4.0ga12/Common/Win32/sio_schannel.c:1378:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->prbuf, data_buffer_ptr->pvBuffer, data/ibm-3270-4.0ga12/Common/Win32/sio_schannel.c:1431:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->sendbuf + s->sizes.cbHeader, buf, len); data/ibm-3270-4.0ga12/Common/Win32/sio_schannel.c:1599:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, s->prbuf, copy_len); data/ibm-3270-4.0ga12/Common/Win32/w3misc.c:123:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[4096]; data/ibm-3270-4.0ga12/Common/Win32/w3misc.c:141:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "Windows error %d", e); data/ibm-3270-4.0ga12/Common/Win32/w3misc.c:179:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&u, &t, sizeof(ULARGE_INTEGER)); data/ibm-3270-4.0ga12/Common/Win32/w3misc.c:241:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. optarg = (char *)argv[optind++]; data/ibm-3270-4.0ga12/Common/Win32/windirs.c:209:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_PATH]; data/ibm-3270-4.0ga12/Common/XtGlue.c:437:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(u, &t, sizeof(unsigned long long)); data/ibm-3270-4.0ga12/Common/actions.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[1024]; data/ibm-3270-4.0ga12/Common/b3270/b3270.c:599:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). row = atoi(argv[0]); data/ibm-3270-4.0ga12/Common/b3270/b3270.c:600:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). column = atoi(argv[1]); data/ibm-3270-4.0ga12/Common/b3270/b3270.c:601:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rows = atoi(argv[2]); data/ibm-3270-4.0ga12/Common/b3270/b3270.c:602:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). columns = atoi(argv[3]); data/ibm-3270-4.0ga12/Common/b3270/b3270.c:747:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(argv[1]); data/ibm-3270-4.0ga12/Common/b3270/screen.c:301:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char varr[32] = "0123456789ABCDEFGHIJKLMNOPQRSTUV"; data/ibm-3270-4.0ga12/Common/b3270/screen.c:757:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *args[13]; /* col, fg, bg, gr, text, count, NULL */ data/ibm-3270-4.0ga12/Common/b3270/screen.c:781:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8_buf[6]; data/ibm-3270-4.0ga12/Common/b3270/screen.c:971:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(saved_ea, ea_buf, se); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:74:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char peer_buf[INBUF_SIZE]; data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:362:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strchr(uia->result, '\0'), "\n%.*s", (int)len, buf); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:619:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INBUF_SIZE]; data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:622:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bom_read[BOM_SIZE]; data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:623:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bom_value[BOM_SIZE] = { 0xef, 0xbb, 0xbf }; data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:637:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, peer_buf, nr); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:698:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bom_read + bom_count, buf, nc); data/ibm-3270-4.0ga12/Common/bind-opt.c:186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[RET_LEN]; data/ibm-3270-4.0ga12/Common/c3270/c3270.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; /* input buffer */ data/ibm-3270-4.0ga12/Common/c3270/c3270.c:313:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[10]; data/ibm-3270-4.0ga12/Common/c3270/c3270.c:538:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1066:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[1024]; data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1657:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vmsgbuf[4096]; data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1929:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exepath[MAX_PATH]; data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1930:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkpath[MAX_PATH]; data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1931:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sesspath[MAX_PATH]; data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1932:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delenv[32 + MAX_PATH]; data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1952:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(profile_path, "r"); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:351:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(k->codes, codes, ncodes * sizeof(k_t)); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:353:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(k->hints, hints, ncodes * sizeof(int)); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:430:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; /* file read buffer */ data/ibm-3270-4.0ga12/Common/c3270/keymap.c:443:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "r"); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:870:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[10]; data/ibm-3270-4.0ga12/Common/c3270/keymap.c:872:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "F%d", i); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1065:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1073:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "[unknown curses key 0x%x]", k); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1079:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "Alt"); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1089:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "Ctrl<Key>%c", (int)(ucs4 + '@') & 0xff); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1096:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "colon"); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1100:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "space"); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1109:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "<Key>U+%04x", k); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1133:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1135:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[128]; data/ibm-3270-4.0ga12/Common/c3270/keypad.c:144:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). xxx = fopen("/tmp/ccc", "a"); data/ibm-3270-4.0ga12/Common/c3270/menubar.c:128:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char menu_rv[MODEL_2_COLS * MODEL_2_ROWS]; data/ibm-3270-4.0ga12/Common/c3270/menubar.c:129:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char menu_acs[MODEL_2_COLS * MODEL_2_ROWS]; data/ibm-3270-4.0ga12/Common/c3270/menubar.c:788:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file_menu_names[FM_COUNT] = { data/ibm-3270-4.0ga12/Common/c3270/menubar.c:869:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *option_names[OM_COUNT] = { data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:49:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(name, "r")) != NULL) { data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:57:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "r"); data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/ibm-3270-4.0ga12/Common/c3270/status_dump.c:266:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/ibm-3270-4.0ga12/Common/child.c:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CHILD_BUF]; /* input buffer */ data/ibm-3270-4.0ga12/Common/child.c:79:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CHILD_BUF]; data/ibm-3270-4.0ga12/Common/childscript.c:154:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CHILD_BUF]; /* input buffer */ data/ibm-3270-4.0ga12/Common/childscript.c:383:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/ibm-3270-4.0ga12/Common/childscript.c:449:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/ibm-3270-4.0ga12/Common/childscript.c:480:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->output_buf + c->output_buflen, buf, nr); data/ibm-3270-4.0ga12/Common/childscript.c:668:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->output_buf + c->output_buflen, cr->buf, cr->nr); data/ibm-3270-4.0ga12/Common/childscript.c:1255:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dup2(open("/dev/null", O_WRONLY), 1); data/ibm-3270-4.0ga12/Common/childscript.c:1266:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. child_argv[i] = (char *)argv[i]; data/ibm-3270-4.0ga12/Common/childscript.c:1416:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *params[3] = { programname, NULL, NULL }; data/ibm-3270-4.0ga12/Common/ctlr.c:95:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char crm_attr[16]; data/ibm-3270-4.0ga12/Common/ctlr.c:120:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char code_table[64] = { data/ibm-3270-4.0ga12/Common/ctlr.c:1267:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/event.c:109:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *st_name[N_ST] = { data/ibm-3270-4.0ga12/Common/fprint_screen.c:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/fprint_screen.c:170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char u8buf[16]; data/ibm-3270-4.0ga12/Common/fprint_screen.c:271:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pt_nsize = atoi(pt_size); data/ibm-3270-4.0ga12/Common/fprint_screen.c:357:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fps->spp = atoi(pt_spp); data/ibm-3270-4.0ga12/Common/fprint_screen.c:516:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/ft.c:76:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char i_asc2ft[256] = { data/ibm-3270-4.0ga12/Common/ft.c:95:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char i_ft2asc[256] = { data/ibm-3270-4.0ga12/Common/ft.c:139:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keyword[4]; data/ibm-3270-4.0ga12/Common/ft.c:447:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ret[3]; data/ibm-3270-4.0ga12/Common/ft.c:631:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fts.resolved_local_filename, p->ascii_flag? "r": "rb"); data/ibm-3270-4.0ga12/Common/ft.c:640:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fts.resolved_local_filename, ft_local_fflag(p)); data/ibm-3270-4.0ga12/Common/ft.c:907:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p->lrecl = atoi(tp[PARM_LRECL].value); data/ibm-3270-4.0ga12/Common/ft.c:910:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p->blksize = atoi(tp[PARM_BLKSIZE].value); data/ibm-3270-4.0ga12/Common/ft.c:916:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p->primary_space = atoi(tp[PARM_PRIMARY_SPACE].value); data/ibm-3270-4.0ga12/Common/ft.c:919:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p->secondary_space = atoi(tp[PARM_SECONDARY_SPACE].value); data/ibm-3270-4.0ga12/Common/ft.c:922:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p->dft_buffersize = atoi(tp[PARM_BUFFER_SIZE].value); data/ibm-3270-4.0ga12/Common/ft.c:925:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p->avblock = atoi(tp[PARM_AVBLOCK].value); data/ibm-3270-4.0ga12/Common/ft.c:929:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p->windows_codepage = atoi(tp[PARM_WINDOWS_CODEPAGE].value); data/ibm-3270-4.0ga12/Common/ft_cut.c:61:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char alphas[NE + 1] = data/ibm-3270-4.0ga12/Common/ft_cut.c:66:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char xlate[NE]; data/ibm-3270-4.0ga12/Common/ft_cut.c:115:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char xlate_buf[XLATE_NBUF]; /* buffer */ data/ibm-3270-4.0ga12/Common/ft_cut.c:278:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ixp = (unsigned char *)memchr(conv[quadrant].xlate, c, NE); data/ibm-3270-4.0ga12/Common/ft_cut.c:292:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ixp = (unsigned char *)memchr(conv[quadrant].xlate, c, NE); data/ibm-3270-4.0ga12/Common/ft_cut.c:600:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char cvbuf[O_RESPONSE - O_DT_DATA]; data/ibm-3270-4.0ga12/Common/ft_cut.c:601:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char cvobuf[4 * (O_RESPONSE - O_DT_DATA)]; data/ibm-3270-4.0ga12/Common/ft_cut.c:687:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cbuf[32]; data/ibm-3270-4.0ga12/Common/ft_cut.c:691:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/ft_dft.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sf_length[2]; /* SF length = 0x0023 */ data/ibm-3270-4.0ga12/Common/ft_dft.c:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sf_request_type[2]; /* request type */ data/ibm-3270-4.0ga12/Common/ft_dft.c:63:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char compress_indic[2]; /* 0xc080 */ data/ibm-3270-4.0ga12/Common/ft_dft.c:65:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_length[2]; /* Data Length in 3270 byte order+5 */ data/ibm-3270-4.0ga12/Common/ft_dft.c:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[256]; /* The actual data */ data/ibm-3270-4.0ga12/Common/ft_dft.c:79:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char dft_ungetc_cache[DFT_MAX_UNGETC]; data/ibm-3270-4.0ga12/Common/ft_dft.c:142:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[8]; data/ibm-3270-4.0ga12/Common/ft_dft.c:159:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(namebuf, name, 7); data/ibm-3270-4.0ga12/Common/ft_dft.c:257:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msgp, data_bufr->data, my_length); data/ibm-3270-4.0ga12/Common/ft_dft.c:442:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[16]; data/ibm-3270-4.0ga12/Common/ft_dft.c:462:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufptr, dft_ungetc_cache, nm); data/ibm-3270-4.0ga12/Common/ft_dft.c:663:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dft_savebuf, obuf, dft_savebuf_len); data/ibm-3270-4.0ga12/Common/ft_dft.c:721:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(obptr, dft_savebuf, dft_savebuf_len); data/ibm-3270-4.0ga12/Common/glue.c:94:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *session_suffix[4]; data/ibm-3270-4.0ga12/Common/glue.c:102:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_model_name[13] = "IBM-"; data/ibm-3270-4.0ga12/Common/glue.c:660:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *(const char **)opts[j].aoff = NewString(argv[++i]); data/ibm-3270-4.0ga12/Common/glue.c:685:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *(int *)opts[j].aoff = atoi(argv[++i]); data/ibm-3270-4.0ga12/Common/glue.c:702:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)argv, (char *)argv_out, data/ibm-3270-4.0ga12/Common/glue.c:921:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)(tn + ntn), nxnames, nx * sizeof(ccp_t)); data/ibm-3270-4.0ga12/Common/glue.c:938:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)argv, (char *)argv_out, (argc_out + 1) * sizeof(char *)); data/ibm-3270-4.0ga12/Common/glue.c:1001:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(m); data/ibm-3270-4.0ga12/Common/glue.c:1472:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t, "\\u%04x", u); data/ibm-3270-4.0ga12/Common/glue.c:1477:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t + tlen - 1, s, consumed); data/ibm-3270-4.0ga12/Common/host.c:68:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char luname[LUNAME_SIZE+1]; data/ibm-3270-4.0ga12/Common/host.c:125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/host.c:140:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). hf = fopen(hostfile_name, "r"); data/ibm-3270-4.0ga12/Common/host.c:847:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lcf = fopen(lcf_name, "r"); data/ibm-3270-4.0ga12/Common/host.c:850:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/host.c:947:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lcf = fopen(lcf_name, "w"); data/ibm-3270-4.0ga12/Common/httpd-core.c:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char request_buf[MAX_HTTPD_REQUEST + 1]; /* request buffer */ data/ibm-3270-4.0ga12/Common/httpd-core.c:192:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char linebuf[BPL]; data/ibm-3270-4.0ga12/Common/httpd-io.c:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/httpd-io.c:263:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostbuf[128]; data/ibm-3270-4.0ga12/Common/httpd-io.c:361:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostbuf[128]; data/ibm-3270-4.0ga12/Common/httpd-nodes.c:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/ibm-3270-4.0ga12/Common/httpd-nodes.c:82:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(temp_name); data/ibm-3270-4.0ga12/Common/kybd.c:347:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[2]; data/ibm-3270-4.0ga12/Common/kybd.c:847:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). k = atoi(argv[0]); data/ibm-3270-4.0ga12/Common/kybd.c:872:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). k = atoi(argv[0]); data/ibm-3270-4.0ga12/Common/kybd.c:1052:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/kybd.c:1059:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ebc = atoi(argv[0]); data/ibm-3270-4.0ga12/Common/kybd.c:1347:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ebc_pair[2]; data/ibm-3270-4.0ga12/Common/kybd.c:1353:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ebc_wide = atoi(argv[0]); data/ibm-3270-4.0ga12/Common/kybd.c:1393:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/kybd.c:1740:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ebc_pair[2]; data/ibm-3270-4.0ga12/Common/kybd.c:1750:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/kybd.c:1791:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *toggle_argv[2] = { ResRightToLeftMode, NULL }; data/ibm-3270-4.0ga12/Common/kybd.c:3096:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *set_argv[3] = { ResInsertMode, ResTrue, NULL }; data/ibm-3270-4.0ga12/Common/kybd.c:3111:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *toggle_argv[2] = { ResInsertMode, NULL }; data/ibm-3270-4.0ga12/Common/kybd.c:3126:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *toggle_argv[2] = { ResReverseInputMode, NULL }; data/ibm-3270-4.0ga12/Common/kybd.c:3211:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). baddr = atoi(argv[0]); data/ibm-3270-4.0ga12/Common/kybd.c:3213:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). row = atoi(argv[0]); data/ibm-3270-4.0ga12/Common/kybd.c:3219:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). col = atoi(argv[1]); data/ibm-3270-4.0ga12/Common/kybd.c:3598:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *args[2]; data/ibm-3270-4.0ga12/Common/kybd.c:3969:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ebc_pair[2]; data/ibm-3270-4.0ga12/Common/kybd.c:4264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ksname[3][64]; data/ibm-3270-4.0ga12/Common/kybd.c:4265:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char junk[2]; data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:81:24: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memmove(d,s,l) bcopy((s),(d),(l)) data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:200:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). XML_Bool open; data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:1600:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, end, nLeftOver); data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:1616:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, s, len); data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:1745:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuf, &bufferPtr[-keep], bufferEnd - bufferPtr + keep); data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:1757:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuf, bufferPtr, bufferEnd - bufferPtr); data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:2103:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rawNameBuf, tag->rawName, tag->rawNameLength); data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:2356:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:3039:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uri, binding->uri, binding->uriLen * sizeof(XML_Char)); data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:3048:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uri, localPart, i * sizeof(XML_Char)); data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:3053:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uri + 1, binding->prefix->name, prefixLen * sizeof(XML_Char)); data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:3156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b->uri, uri, len * sizeof(XML_Char)); data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:3407:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encodingBuf[128]; data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:4528:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:5062:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) { data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:5149:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (entity->open) { data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:5561:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!e->open) data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:6242:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pool->blocks->s, pool->start, data/ibm-3270-4.0ga12/Common/libexpat/xmlparse.c:6279:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tem->s, pool->start, data/ibm-3270-4.0ga12/Common/libexpat/xmltok.c:178:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char type[256]; data/ibm-3270-4.0ga12/Common/libexpat/xmltok.c:950:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/ibm-3270-4.0ga12/Common/libexpat/xmltok.c:985:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). char open; data/ibm-3270-4.0ga12/Common/libexpat/xmltok.c:1044:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (c == open) data/ibm-3270-4.0ga12/Common/libexpat/xmltok.c:1252:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8[256][4]; data/ibm-3270-4.0ga12/Common/libexpat/xmltok.c:1297:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[XML_UTF8_ENCODE_MAX]; data/ibm-3270-4.0ga12/Common/libexpat/xmltok.c:1354:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)mem)[i] = ((char *)&latin1_encoding)[i]; data/ibm-3270-4.0ga12/Common/libexpat/xmltok_impl.c:576:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open; data/ibm-3270-4.0ga12/Common/libexpat/xmltok_impl.c:587:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). switch (open) { data/ibm-3270-4.0ga12/Common/libexpat/xmltok_impl.c:604:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (t == open) data/ibm-3270-4.0ga12/Common/libexpat/xmltok_impl.c:940:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). PREFIX(scanLit)(int open, const ENCODING *enc, data/ibm-3270-4.0ga12/Common/libexpat/xmltok_impl.c:951:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (t != open) data/ibm-3270-4.0ga12/Common/libexpat/xmltok_impl.c:1500:60: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). || BYTE_TYPE(enc, ptr + MINBPC(enc)) == open)) data/ibm-3270-4.0ga12/Common/libexpat/xmltok_ns.c:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ENCODING_MAX]; data/ibm-3270-4.0ga12/Common/linemode.c:97:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[3]; data/ibm-3270-4.0ga12/Common/mkfb.c:117:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). f = tmpfile(); data/ibm-3270-4.0ga12/Common/mkfb.c:128:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(n, "w+b"); data/ibm-3270-4.0ga12/Common/mkfb.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSZ]; data/ibm-3270-4.0ga12/Common/mkicon.c:21:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[1], "rb"); data/ibm-3270-4.0ga12/Common/nvt.c:256:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char st[NUM_STATES][256] = { data/ibm-3270-4.0ga12/Common/nvt.c:479:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char text[NT + 1]; data/ibm-3270-4.0ga12/Common/nvt.c:513:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pending_mbs[MB_MAX]; data/ibm-3270-4.0ga12/Common/nvt.c:515:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char ped[PE_MAX]; data/ibm-3270-4.0ga12/Common/nvt.c:1123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbs[2]; data/ibm-3270-4.0ga12/Common/nvt.c:1923:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char code[4] = { 'P', 'Q', 'R', 'S' }; data/ibm-3270-4.0ga12/Common/nvt.c:2059:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/nvt.c:2245:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char csdsel[4] = "()*+"; data/ibm-3270-4.0ga12/Common/nvt.c:2461:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. obptr += sprintf((char *)obptr, "\033[%d;%dr", scroll_top, data/ibm-3270-4.0ga12/Common/nvt.c:2476:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. obptr += sprintf((char *)obptr, data/ibm-3270-4.0ga12/Common/nvt.c:2489:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. obptr += sprintf((char *)obptr, data/ibm-3270-4.0ga12/Common/peerscript.c:240:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/ibm-3270-4.0ga12/Common/peerscript.c:509:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostbuf[128]; data/ibm-3270-4.0ga12/Common/peerscript.c:632:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostbuf[128]; data/ibm-3270-4.0ga12/Common/pr3287/codepage.c:98:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(codeset_name, "CP%d", GetACP()); data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:91:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *xlate_buf[MAX_BUF]; data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:128:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char htabs[MAX_MPP+1]; data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:129:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vtabs[MAX_MPL+1]; data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:666:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:856:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(trnbuf[pp].buf + trnbuf[pp].data_len, cp, cnt); data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:900:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scs_leftover_buf, cp, scs_leftover_len); \ data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:1314:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:1350:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(contig, scs_leftover_buf, scs_leftover_len); data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:1351:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(contig + scs_leftover_len, buf, buflen); data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:1713:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, uo_data[uo_col].trn, uo_data[uo_col].trn_len); data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:1715:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new + uo_data[uo_col].trn_len, s, len); data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:1735:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:1954:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:2160:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(filename, "rb")) == NULL) { data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:316:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[2][4096] = { "", "" }; data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:448:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:881:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tracefile[4096]; data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:891:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dashu[32]; data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:915:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(tracefile, O_WRONLY | O_CREAT | O_EXCL, 0600); data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:1214:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[4096]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:139:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char myopts[N_OPTS], hisopts[N_OPTS]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:211:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *telquals[2] = { "IS", "SEND" }; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:212:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *reason_code[8] = { "CONN-PARTNER", "DEVICE-IN-USE", "INV-ASSOCIATE", data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:217:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *function_name[5] = { "BIND-IMAGE", "DATA-STREAM-CTL", "RESPONSES", data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:221:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *data_type[9] = { "3270-DATA", "SCS-DATA", "RESPONSE", "BIND-IMAGE", data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:225:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *req_flag[1] = { " ERR-COND-CLEARED" }; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:229:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *hrsp_flag[3] = { "NO-RESPONSE", "ERROR-RESPONSE", data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:233:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *trsp_flag[2] = { "POSITIVE-RESPONSE", "NEGATIVE-RESPONSE" }; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:237:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *neg_type[4] = { "COMMAND-REJECT", "INTERVENTION-REQUIRED", data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:253:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:891:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t, "%c%c", IAC, SE); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:914:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char reported_lu[LU_MAX + 1]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:915:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char reported_type[LU_MAX + 1]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1103:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char text_buf[1024]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1119:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char proto_buf[7 + 32]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1124:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(proto_buf, functions_req, 4); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1503:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[64]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1505:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", c); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1650:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rsp_buf[7]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1668:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rsp_buf[7]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1707:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rsp_buf[9]; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1734:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rsp_buf[9], r; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:1781:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rsp_buf[9]; data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:62:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char expansion[MAX_EX]; data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:144:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:158:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xl[64]; data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:429:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xls[ebc].expansion, xl, sx); data/ibm-3270-4.0ga12/Common/pr3287_session.c:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PRINTER_BUF]; /* input buffer */ data/ibm-3270-4.0ga12/Common/pr3287_session.c:1162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/print_screen.c:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[132]; data/ibm-3270-4.0ga12/Common/print_screen.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ComputerName[MAX_COMPUTERNAME_LENGTH + 1]; data/ibm-3270-4.0ga12/Common/print_screen.c:379:11: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(temp_name); data/ibm-3270-4.0ga12/Common/print_screen.c:392:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(name, replace? "w": "a"); data/ibm-3270-4.0ga12/Common/print_screen.c:475:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/ibm-3270-4.0ga12/Common/proxy.c:60:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *type_name[PT_MAX] = { data/ibm-3270-4.0ga12/Common/proxy_socks4.c:61:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rbuf[REPLY_LEN]; data/ibm-3270-4.0ga12/Common/proxy_socks4.c:85:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ipaddr, hp->h_addr, hp->h_length); data/ibm-3270-4.0ga12/Common/proxy_socks4.c:198:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&a, &ps.rbuf[4], 4); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:66:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rbuf[REPLY_LEN]; data/ibm-3270-4.0ga12/Common/proxy_socks5.c:100:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sbuf[8]; data/ibm-3270-4.0ga12/Common/proxy_socks5.c:132:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)sbuf, "\005\002\000\002", 4); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:137:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *)sbuf, "\005\001\000"); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:215:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char upbuf[1 + 1 + 255 + 1 + 255 + 1]; data/ibm-3270-4.0ga12/Common/proxy_socks5.c:310:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[256]; data/ibm-3270-4.0ga12/Common/proxy_socks5.c:324:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, &ps.ha.sin.sin_addr, 4); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:330:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, &ps.ha.sin6.sin6_addr, sizeof(struct in6_addr)); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:360:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[256]; data/ibm-3270-4.0ga12/Common/proxy_socks5.c:489:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ps.ha.sin.sin_addr, &ps.vrbuf[4], 4); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:500:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ps.ha.sin6.sin6_addr, &ps.vrbuf[4], data/ibm-3270-4.0ga12/Common/query.c:301:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, queries, sizeof(query_t) * num_queries); data/ibm-3270-4.0ga12/Common/query.c:302:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q + num_queries, new_queries, sizeof(query_t) * count); data/ibm-3270-4.0ga12/Common/readres.c:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/ibm-3270-4.0ga12/Common/readres.c:132:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/ibm-3270-4.0ga12/Common/resolver.c:122:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rsa, res->ai_addr, res->ai_addrlen); data/ibm-3270-4.0ga12/Common/resolver.c:338:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rsa, res->ai_addr, res->ai_addrlen); data/ibm-3270-4.0ga12/Common/resolver.c:400:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rsa, res->ai_addr, res->ai_addrlen); data/ibm-3270-4.0ga12/Common/resolver.c:537:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rsin->sin_addr, hp->h_addr_list[i], hp->h_length); data/ibm-3270-4.0ga12/Common/rpq.c:430:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&here_tm, localtime(&here), sizeof(struct tm)); data/ibm-3270-4.0ga12/Common/rpq.c:491:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexstr[512]; /* more than enough room to copy */ data/ibm-3270-4.0ga12/Common/rpq.c:655:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, src, len); data/ibm-3270-4.0ga12/Common/rpq.c:679:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ia, h->h_addr_list[0], h->h_length); data/ibm-3270-4.0ga12/Common/rpq.c:684:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &ia, sizeof(in_addr_t)); data/ibm-3270-4.0ga12/Common/rpq.c:726:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, src, len); data/ibm-3270-4.0ga12/Common/screentrace.c:258:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). screentracef = fopen(xtfn, "a"); data/ibm-3270-4.0ga12/Common/scroll.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ea_save[scroll_next] + COLS, defaults_buf, data/ibm-3270-4.0ga12/Common/scroll.c:204:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ea_save[scroll_next], defaults_buf, data/ibm-3270-4.0ga12/Common/scroll.c:214:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ea_save[scroll_next], defaults_buf, data/ibm-3270-4.0ga12/Common/scroll.c:232:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ea_save[scroll_next], defaults_buf, data/ibm-3270-4.0ga12/Common/see.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/sf.c:430:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *bit4[16] = { data/ibm-3270-4.0ga12/Common/sio_openssl.c:212:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xbuf[120]; data/ibm-3270-4.0ga12/Common/sio_openssl.c:292:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/ibm-3270-4.0ga12/Common/sio_openssl.c:340:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, list, count * sizeof(char *)); data/ibm-3270-4.0ga12/Common/sio_openssl.c:389:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/ibm-3270-4.0ga12/Common/sio_openssl.c:473:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err_buf[120]; data/ibm-3270-4.0ga12/Common/sio_openssl.c:655:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err_buf[1024]; data/ibm-3270-4.0ga12/Common/sio_openssl.c:844:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err_buf[1024]; data/ibm-3270-4.0ga12/Common/sio_openssl.c:882:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err_buf[120]; data/ibm-3270-4.0ga12/Common/sio_openssl.c:945:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err_buf[120]; data/ibm-3270-4.0ga12/Common/sio_openssl.c:955:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(err_buf, "unknown error"); data/ibm-3270-4.0ga12/Common/sio_openssl.c:990:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err_buf[120]; data/ibm-3270-4.0ga12/Common/sio_secure_transport.c:347:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/sio_secure_transport.c:388:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/sio_secure_transport.c:468:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[1024]; data/ibm-3270-4.0ga12/Common/sio_secure_transport.c:701:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char common_name[1024]; data/ibm-3270-4.0ga12/Common/sioc.c:98:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "r"); data/ibm-3270-4.0ga12/Common/source.c:222:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(expanded_filename, O_RDONLY); data/ibm-3270-4.0ga12/Common/split_host.c:103:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *part[4] = { NULL, NULL, NULL, NULL }; data/ibm-3270-4.0ga12/Common/stdinscript.c:72:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char stdin_buf[256]; data/ibm-3270-4.0ga12/Common/tables.c:41:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char ebc2asc0[256] = { data/ibm-3270-4.0ga12/Common/tables.c:74:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char asc2ebc0[256] = { data/ibm-3270-4.0ga12/Common/task.c:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last[LAST_BUF]; /* last command */ data/ibm-3270-4.0ga12/Common/task.c:220:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *st_name[NUM_ST] = { data/ibm-3270-4.0ga12/Common/task.c:826:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aname[MAX_ANAME+1]; data/ibm-3270-4.0ga12/Common/task.c:1341:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->macro.msc, st, len); data/ibm-3270-4.0ga12/Common/task.c:1985:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/task.c:2071:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). len = atoi(params[0]); data/ibm-3270-4.0ga12/Common/task.c:2074:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). row = atoi(params[0]); data/ibm-3270-4.0ga12/Common/task.c:2075:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). col = atoi(params[1]); data/ibm-3270-4.0ga12/Common/task.c:2076:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). len = atoi(params[2]); data/ibm-3270-4.0ga12/Common/task.c:2079:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). row = atoi(params[0]); data/ibm-3270-4.0ga12/Common/task.c:2080:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). col = atoi(params[1]); data/ibm-3270-4.0ga12/Common/task.c:2081:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rows = atoi(params[2]); data/ibm-3270-4.0ga12/Common/task.c:2082:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cols = atoi(params[3]); data/ibm-3270-4.0ga12/Common/task.c:2372:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/Common/task.c:2699:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snap_buf, ea_buf, ROWS*COLS*sizeof(struct ea)); data/ibm-3270-4.0ga12/Common/task.c:3170:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[NVT_SAVE_SIZE]; data/ibm-3270-4.0ga12/Common/task.c:3392:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmo = atoi(argv[1]); data/ibm-3270-4.0ga12/Common/task.c:4230:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s->passthru_index == atoi(tag + 4)) { data/ibm-3270-4.0ga12/Common/telnet.c:125:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *telquals[3] = { "IS", "SEND", "INFO" }; data/ibm-3270-4.0ga12/Common/telnet.c:132:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char myopts[N_OPTS], hisopts[N_OPTS]; data/ibm-3270-4.0ga12/Common/telnet.c:154:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ttype_tmpval[13]; data/ibm-3270-4.0ga12/Common/telnet.c:237:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *reason_code[8] = { "CONN-PARTNER", "DEVICE-IN-USE", data/ibm-3270-4.0ga12/Common/telnet.c:242:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *function_name[5] = { "BIND-IMAGE", "DATA-STREAM-CTL", data/ibm-3270-4.0ga12/Common/telnet.c:246:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *data_type[9] = { "3270-DATA", "SCS-DATA", "RESPONSE", data/ibm-3270-4.0ga12/Common/telnet.c:251:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *req_flag[1] = { " ERR-COND-CLEARED" }; data/ibm-3270-4.0ga12/Common/telnet.c:255:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *hrsp_flag[3] = { "NO-RESPONSE", "ERROR-RESPONSE", data/ibm-3270-4.0ga12/Common/telnet.c:259:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *trsp_flag[2] = { "POSITIVE-RESPONSE", "NEGATIVE-RESPONSE" }; data/ibm-3270-4.0ga12/Common/telnet.c:263:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *state_name[NUM_CSTATE] = { data/ibm-3270-4.0ga12/Common/telnet.c:394:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hn[256]; data/ibm-3270-4.0ga12/Common/telnet.c:395:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pn[256]; data/ibm-3270-4.0ga12/Common/telnet.c:608:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passthru_haddr[8]; data/ibm-3270-4.0ga12/Common/telnet.c:1468:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char naws_msg[14]; data/ibm-3270-4.0ga12/Common/telnet.c:1475:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(naws_msg + naws_len, "%c%c", IAC, SE); data/ibm-3270-4.0ga12/Common/telnet.c:1500:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/ibm-3270-4.0ga12/Common/telnet.c:1960:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t, "%c%c", IAC, SE); data/ibm-3270-4.0ga12/Common/telnet.c:2003:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char reported_lu[LU_MAX+1]; data/ibm-3270-4.0ga12/Common/telnet.c:2004:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char reported_type[LU_MAX+1]; data/ibm-3270-4.0ga12/Common/telnet.c:2185:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char text_buf[1024]; data/ibm-3270-4.0ga12/Common/telnet.c:2202:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char text_buf[1024]; data/ibm-3270-4.0ga12/Common/telnet.c:2220:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char proto_buf[7 + MX8]; data/ibm-3270-4.0ga12/Common/telnet.c:2225:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(proto_buf, functions_req, 4); data/ibm-3270-4.0ga12/Common/telnet.c:2276:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bind_image, buf, buflen); data/ibm-3270-4.0ga12/Common/telnet.c:2389:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(plu_name, &buf[BIND_OFF_PLU_NAME], namelen); data/ibm-3270-4.0ga12/Common/telnet.c:3074:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rsp_buf[10]; data/ibm-3270-4.0ga12/Common/telnet.c:3102:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rsp_buf[10]; data/ibm-3270-4.0ga12/Common/telnet.c:3402:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(obptr, connected_type, strlen(connected_type)); data/ibm-3270-4.0ga12/Common/telnet.c:3407:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(obptr, connected_lu, strlen(connected_lu)); data/ibm-3270-4.0ga12/Common/telnet.c:3414:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(obptr, functions_req, 4); data/ibm-3270-4.0ga12/Common/telnet_new_environ.c:60:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *telobjs[4] = { "VAR", "VALUE", "ESC", "USERVAR" }; data/ibm-3270-4.0ga12/Common/telnet_new_environ.c:499:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*reply_buf + 2, reply_body, reply_body_len); data/ibm-3270-4.0ga12/Common/telnet_sio.c:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password_buf[1024]; data/ibm-3270-4.0ga12/Common/telnet_sio.c:140:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(config, &appres.tls, sizeof(tls_config_t)); data/ibm-3270-4.0ga12/Common/trace.c:191:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(w_chunk, w_cur, plen * sizeof(wchar_t)); data/ibm-3270-4.0ga12/Common/trace.c:210:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(w_chunk, w_cur, wlen * sizeof(wchar_t)); data/ibm-3270-4.0ga12/Common/trace.c:449:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracef = fopen(tracefile_name, "w"); data/ibm-3270-4.0ga12/Common/trace.c:795:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracef = fopen(stfn + 2, "a"); data/ibm-3270-4.0ga12/Common/trace.c:797:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracef = fopen(stfn, "w"); data/ibm-3270-4.0ga12/Common/unicode.c:839:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char u8b[7]; data/ibm-3270-4.0ga12/Common/unicode.c:928:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mb, u8b, nu8); data/ibm-3270-4.0ga12/Common/unicode.c:1108:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wc[3]; data/ibm-3270-4.0ga12/Common/unicode.c:1113:11: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). nw = MultiByteToWideChar(u_local_cp, MB_ERR_INVALID_CHARS, data/ibm-3270-4.0ga12/Common/unicode.c:1127:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wc[3]; data/ibm-3270-4.0ga12/Common/unicode.c:1157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8buf[16]; data/ibm-3270-4.0ga12/Common/unicode.c:1353:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char u8b[16]; data/ibm-3270-4.0ga12/Common/unicode.c:1368:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mb, u8b, nu8); data/ibm-3270-4.0ga12/Common/unicode_dbcs.c:46:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *u2ebc[512]; /* Unicode to EBCDIC vectors */ data/ibm-3270-4.0ga12/Common/unicode_dbcs.c:47:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *ebc2u[512]; /* EBCDIC to Unicode vectors */ data/ibm-3270-4.0ga12/Common/util.c:575:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(ob, O_WRONLY | O_EXCL | O_CREAT, 0600); data/ibm-3270-4.0ga12/Common/util.c:702:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[64]; data/ibm-3270-4.0ga12/Common/util.c:807:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return s? atoi(s): 0; data/ibm-3270-4.0ga12/Common/varbuf.c:87:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->buf + r->len, buf, len); data/ibm-3270-4.0ga12/Common/winprint.c:100:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(*path, O_CREAT | O_EXCL | O_RDWR | xflags, data/ibm-3270-4.0ga12/Common/x3270if.c:182:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fd = atoi(fdname); data/ibm-3270-4.0ga12/Common/x3270if.c:427:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[IBS]; data/ibm-3270-4.0ga12/Common/x3270if.c:724:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IBS]; data/ibm-3270-4.0ga12/Common/x3270if.c:834:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char stdin_buf[1024]; data/ibm-3270-4.0ga12/Common/x3270if.c:887:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/x3270if.c:896:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(port_env); data/ibm-3270-4.0ga12/Common/x3270if.c:1083:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(filename, "r"); data/ibm-3270-4.0ga12/Common/x3270if.c:1084:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/x3270if.c:1386:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[1024]; data/ibm-3270-4.0ga12/Common/xpopen.c:185:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/Common/xpopen.c:186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[256]; data/ibm-3270-4.0ga12/Common/xpopen.c:187:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024]; data/ibm-3270-4.0ga12/Common/xpopen.c:235:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(outfile, "/tmp/xpopen.%d", getpid()); data/ibm-3270-4.0ga12/Common/xpopen.c:248:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(outfile, "r"); data/ibm-3270-4.0ga12/Playback/playback.c:115:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/ibm-3270-4.0ga12/Playback/playback.c:127:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(argv[optind], "r"); data/ibm-3270-4.0ga12/Playback/playback.c:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/ibm-3270-4.0ga12/Playback/playback.c:237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/ibm-3270-4.0ga12/Playback/playback.c:337:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BSIZE]; data/ibm-3270-4.0ga12/Playback/playback.c:399:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuf[BSIZE]; data/ibm-3270-4.0ga12/c3270/screen.c:1192:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char varr[32] = "0123456789ABCDEFGHIJKLMNOPQRSTUV"; data/ibm-3270-4.0ga12/c3270/screen.c:1250:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/c3270/screen.c:1276:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/c3270/screen.c:1457:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/c3270/screen.c:1619:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[128]; data/ibm-3270-4.0ga12/c3270/screen.c:1660:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[2]; data/ibm-3270-4.0ga12/c3270/screen.c:1679:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbs[16]; data/ibm-3270-4.0ga12/c3270/screen.c:1680:6: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wcs[2]; data/ibm-3270-4.0ga12/c3270/screen.c:1799:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/ibm-3270-4.0ga12/c3270/screen.c:1906:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", i); data/ibm-3270-4.0ga12/c3270/screen.c:1914:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ks[16]; data/ibm-3270-4.0ga12/c3270/screen.c:1916:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ks, "U+%04x", ucs4); data/ibm-3270-4.0ga12/c3270/screen.c:2093:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oia_lu[LUCNT+1]; data/ibm-3270-4.0ga12/c3270/screen.c:2094:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oia_timing[32]; /* :ss.s*/ data/ibm-3270-4.0ga12/c3270/screen.c:2711:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msbuf[3]; data/ibm-3270-4.0ga12/c3270/screen.c:2921:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/c3270/screen.c:3036:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[16]; data/ibm-3270-4.0ga12/include/arpa_telnet.h:96:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *telopts[NTELOPTS+1] = { data/ibm-3270-4.0ga12/include/kybd.h:61:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int state_from_keymap(char keymap[32]); data/ibm-3270-4.0ga12/include/linemode.h:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[3]; data/ibm-3270-4.0ga12/include/tables.h:33:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char ebc2asc0[256]; data/ibm-3270-4.0ga12/include/tables.h:34:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char asc2ebc0[256]; data/ibm-3270-4.0ga12/include/tn3270e.h:95:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char seq_number[2]; /* actually, 16 bits, unaligned (!) */ data/ibm-3270-4.0ga12/include/wincmn.h:111:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define open _open data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:86:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s3270_errmsg[1024]; data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:161:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nbuf[256]; data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:201:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nbuf, "%d", i? i - 1 : 0); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:253:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IBS]; data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[IBS]; data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:468:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. nargv[i_out++] = (char *)argv[i_in]; data/ibm-3270-4.0ga12/wc3270/catf.c:92:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[BUFFER_SIZE]; data/ibm-3270-4.0ga12/wc3270/catf.c:93:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t rbuf_w[BUFFER_SIZE]; data/ibm-3270-4.0ga12/wc3270/catf.c:95:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY | O_BINARY); data/ibm-3270-4.0ga12/wc3270/catf.c:132:3: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP, 0, rbuf, nr, rbuf_w, BUFFER_SIZE); data/ibm-3270-4.0ga12/wc3270/keymap.c:217:11: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). nc = MultiByteToWideChar(CP_ACP, 0, s, 1, &w, 1); data/ibm-3270-4.0ga12/wc3270/keymap.c:381:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(k->codes, codes, ncodes * sizeof(int)); data/ibm-3270-4.0ga12/wc3270/keymap.c:383:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(k->hints, hints, ncodes * sizeof(int)); data/ibm-3270-4.0ga12/wc3270/keymap.c:459:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; /* file read buffer */ data/ibm-3270-4.0ga12/wc3270/keymap.c:475:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "r"); data/ibm-3270-4.0ga12/wc3270/keymap.c:979:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[2]; data/ibm-3270-4.0ga12/wc3270/keymap.c:1172:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128]; data/ibm-3270-4.0ga12/wc3270/keymap.c:1178:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "Shift "); data/ibm-3270-4.0ga12/wc3270/keymap.c:1182:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "Ctrl "); data/ibm-3270-4.0ga12/wc3270/keymap.c:1184:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "LeftCtrl"); data/ibm-3270-4.0ga12/wc3270/keymap.c:1186:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "RightCtrl"); data/ibm-3270-4.0ga12/wc3270/keymap.c:1190:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "Alt "); data/ibm-3270-4.0ga12/wc3270/keymap.c:1192:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "LeftAlt"); data/ibm-3270-4.0ga12/wc3270/keymap.c:1194:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "RightAlt"); data/ibm-3270-4.0ga12/wc3270/keymap.c:1196:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "Enhanced"); data/ibm-3270-4.0ga12/wc3270/keymap.c:1260:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/wc3270/keymap.c:1262:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[128]; data/ibm-3270-4.0ga12/wc3270/mkshort.c:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exe_path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/relink.c:111:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t data[1024]; data/ibm-3270-4.0ga12/wc3270/relink.c:114:12: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t font[1024]; data/ibm-3270-4.0ga12/wc3270/relink.c:180:17: [2] (integer) _wtoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *codepage = _wtoi(cpname); data/ibm-3270-4.0ga12/wc3270/relink.c:204:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/wc3270/relink.c:247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/wc3270/relink.c:329:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)s)[s_off++] = (hex(*t) << 4) | hex(*(t + 1)); data/ibm-3270-4.0ga12/wc3270/relinkc.h:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char session[STR_SIZE]; /* session name */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[STR_SIZE]; /* host name */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char luname[STR_SIZE]; /* LU name */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proxy_type[STR_SIZE]; /* proxy type */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proxy_host[STR_SIZE]; /* proxy host */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proxy_port[STR_SIZE]; /* proxy port */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char codepage[STR_SIZE]; /* code page name */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printerlu[STR_SIZE]; /* printer LU */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printer[STR_SIZE]; /* Windows printer name */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printercp[STR_SIZE]; /* pr3287 code page */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keymaps[STR_SIZE]; /* keymap names */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proxy_user[STR_SIZE]; /* proxy username */ data/ibm-3270-4.0ga12/wc3270/relinkc.h:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proxy_password[STR_SIZE]; /* proxy password */ data/ibm-3270-4.0ga12/wc3270/screen.c:640:10: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). nc = MultiByteToWideChar(CP_ACP, 0, buf, (int)sl, wbuf, (int)sl); data/ibm-3270-4.0ga12/wc3270/screen.c:667:10: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). nc = MultiByteToWideChar(CP_ACP, 0, buf, (int)sl, wbuf, (int)sl); data/ibm-3270-4.0ga12/wc3270/screen.c:876:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&onscreen[ix(xrow, col)], &toscreen[ix(xrow, col)], data/ibm-3270-4.0ga12/wc3270/screen.c:1764:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char varr[32] = "0123456789ABCDEFGHIJKLMNOPQRSTUV"; data/ibm-3270-4.0ga12/wc3270/screen.c:2796:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oia_lu[LUCNT+1]; data/ibm-3270-4.0ga12/wc3270/screen.c:2797:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oia_timing[6]; /* :ss.s*/ data/ibm-3270-4.0ga12/wc3270/screen.c:3056:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(oia_timing, ":%02ld.%ld", cs / 10, cs % 10); data/ibm-3270-4.0ga12/wc3270/screen.c:3058:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(oia_timing, "%02ld:%02ld", cs / CM, (cs % CM) / 10); data/ibm-3270-4.0ga12/wc3270/screen.c:3484:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_window_title[MY_BUFSIZE]; /* fabricated WindowTitle */ data/ibm-3270-4.0ga12/wc3270/screen.c:3485:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_window_title[MY_BUFSIZE]; /* original WindowTitle */ data/ibm-3270-4.0ga12/wc3270/select.c:651:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/ibm-3270-4.0ga12/wc3270/select.c:809:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sp_save, s_pending, ROWS * COLS); data/ibm-3270-4.0ga12/wc3270/select.c:924:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s_onscreen[(r * COLS) + col], data/ibm-3270-4.0ga12/wc3270/shortcut.c:239:5: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP, 0, path_link, -1, wsz, MAX_PATH); data/ibm-3270-4.0ga12/wc3270/wizard.c:182:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char default_printer[1024]; data/ibm-3270-4.0ga12/wc3270/wizard.c:247:8: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static TCHAR username[UNLEN + 1]; data/ibm-3270-4.0ga12/wc3270/wizard.c:433:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yn[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:535:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_PATH]; /* Name */ data/ibm-3270-4.0ga12/wc3270/wizard.c:536:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char description[STR_SIZE]; /* Description */ data/ibm-3270-4.0ga12/wc3270/wizard.c:639:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "r"); data/ibm-3270-4.0ga12/wc3270/wizard.c:641:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:671:14: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(strcat(*def, "\\n\\\n "), buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:690:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dpath[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:691:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fpath[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:747:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:933:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char enq[256]; data/ibm-3270-4.0ga12/wc3270/wizard.c:934:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *token[MAX_TOKENS + 1]; data/ibm-3270-4.0ga12/wc3270/wizard.c:1011:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mo = atoi(token[0]); data/ibm-3270-4.0ga12/wc3270/wizard.c:1305:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "r"); data/ibm-3270-4.0ga12/wc3270/wizard.c:1395:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:1469:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:1503:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:1547:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:1596:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:1683:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:1733:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s->codepage, "bracket"); data/ibm-3270-4.0ga12/wc3270/wizard.c:1748:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). u == atoi(codepages[k].hostcp)) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1782:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). u == atoi(codepages[k].hostcp)) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1855:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:1973:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2033:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2088:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2089:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_proxy[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2130:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(tbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2180:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2376:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2413:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2417:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2512:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2535:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cp = atoi(buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:2579:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2580:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tknbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2674:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2717:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2861:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAX_PATH + 64]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2864:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/ibm-3270-4.0ga12/wc3270/wizard.c:2891:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(t, "w"); data/ibm-3270-4.0ga12/wc3270/wizard.c:2910:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(t, "r"); data/ibm-3270-4.0ga12/wc3270/wizard.c:2947:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *how_name[N_SP] = { data/ibm-3270-4.0ga12/wc3270/wizard.c:2964:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ac[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3013:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t data[1024]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3016:12: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t font[1024]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3085:17: [2] (integer) _wtoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *codepage = _wtoi(cpname); data/ibm-3270-4.0ga12/wc3270/wizard.c:3108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char choicebuf[32]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3123:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&old_session, s, sizeof(session_t)); data/ibm-3270-4.0ga12/wc3270/wizard.c:3213:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3275:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(choicebuf)) { data/ibm-3270-4.0ga12/wc3270/wizard.c:3740:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[64]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3762:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(nbuf); data/ibm-3270-4.0ga12/wc3270/wizard.c:3822:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3846:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3922:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_name[64]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3925:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3926:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:3927:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_linkpath[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:4035:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(from_path, "r"); data/ibm-3270-4.0ga12/wc3270/wizard.c:4133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:4175:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(from_path, "r"); data/ibm-3270-4.0ga12/wc3270/wizard.c:4219:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dpath[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:4380:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkpath[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:4381:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exepath[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:4382:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char args[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:4472:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save_session_name[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:4473:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:4602:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(session.codepage, "bracket"); data/ibm-3270-4.0ga12/wc3270/wizard.c:4695:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keymaps[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:4774:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ibm-3270-4.0ga12/wc3270/wizard.c:4784:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "w+"); data/ibm-3270-4.0ga12/wc3270/wizard.c:4907:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fprintf(f, "%02x", ((unsigned char *)session)[i]); data/ibm-3270-4.0ga12/wc3270/wizard.c:5049:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[STR_SIZE]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5197:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5248:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wc3270_dir[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5249:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desktop_ini[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5250:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wc3270_exe[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5251:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t lwc3270_exe[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5275:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(desktop_ini, "wb"); data/ibm-3270-4.0ga12/wc3270/wizard.c:5307:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char link_path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5308:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5309:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5311:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exepath[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5312:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char args[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5329:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[16]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5403:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(from_path, "r"); data/ibm-3270-4.0ga12/wc3270/wizard.c:5410:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g = fopen(to_path, "w"); data/ibm-3270-4.0ga12/wc3270/wizard.c:5449:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(to_path, "r"); data/ibm-3270-4.0ga12/wc3270/wizard.c:5477:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5478:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5518:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(from_path, "r"); data/ibm-3270-4.0ga12/wc3270/wizard.c:5524:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g = fopen(to_path, "w"); data/ibm-3270-4.0ga12/wc3270/wizard.c:5552:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_dir[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5597:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char done_path[MAX_PATH]; data/ibm-3270-4.0ga12/wc3270/wizard.c:5715:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(done_path, "w")) != NULL) { data/ibm-3270-4.0ga12/wc3270/wizard.c:5721:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(done_path, "w")) != NULL) { data/ibm-3270-4.0ga12/wpr3287/ws.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char printer_buf[PRINTER_BUFSIZE]; data/ibm-3270-4.0ga12/wpr3287/ws.c:231:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pstring[1024]; data/ibm-3270-4.0ga12/x3270/CmeBSB.c:501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[BUFSIZ]; data/ibm-3270-4.0ga12/x3270/CmeBSB.c:653:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/ibm-3270-4.0ga12/x3270/CmeBSB.c:782:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[BUFSIZ]; data/ibm-3270-4.0ga12/x3270/CmplxMenu.c:646:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[BUFSIZ]; data/ibm-3270-4.0ga12/x3270/CmplxMenu.c:655:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[BUFSIZ]; data/ibm-3270-4.0ga12/x3270/CmplxMenu.c:1000:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[BUFSIZ]; data/ibm-3270-4.0ga12/x3270/CmplxMenu.c:1170:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[BUFSIZ]; data/ibm-3270-4.0ga12/x3270/display8.c:1100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *u[512]; /* Vectors, 128 Unicode positions -> BE display code */ data/ibm-3270-4.0ga12/x3270/ft_gui.c:1066:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(s); data/ibm-3270-4.0ga12/x3270/ft_gui.c:1123:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fts.local_file = fopen(path, xftc.ascii_flag? "r": "rb"); data/ibm-3270-4.0ga12/x3270/keymap.c:95:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char km_file[128]; data/ibm-3270-4.0ga12/x3270/keymap.c:853:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(km_file, "w"); data/ibm-3270-4.0ga12/x3270/keymap.c:1042:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x->km_line = atoi(k); data/ibm-3270-4.0ga12/x3270/keymap.c:1169:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(s1 + 4) - atoi(s2 + 4); data/ibm-3270-4.0ga12/x3270/keymap.c:1169:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(s1 + 4) - atoi(s2 + 4); data/ibm-3270-4.0ga12/x3270/keymap.c:1282:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(s1 + KPL) - atoi(s2 + KPL); data/ibm-3270-4.0ga12/x3270/keymap.c:1282:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(s1 + KPL) - atoi(s2 + KPL); data/ibm-3270-4.0ga12/x3270/menubar.c:308:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[64]; data/ibm-3270-4.0ga12/x3270/menubar.c:330:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(namebuf, "csMenu%d", menu_num++); data/ibm-3270-4.0ga12/x3270/menubar.c:1901:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m = atoi(client_data); data/ibm-3270-4.0ga12/x3270/save.c:637:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(n, "r"); data/ibm-3270-4.0ga12/x3270/save.c:642:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(n, "a"); data/ibm-3270-4.0ga12/x3270/screen.c:200:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *color_name[16] = { data/ibm-3270-4.0ga12/x3270/screen.c:257:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char blank_map[32]; data/ibm-3270-4.0ga12/x3270/screen.c:567:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rdpi = atoi(res_dpi); data/ibm-3270-4.0ga12/x3270/screen.c:570:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rdpi = atoi(value.addr); data/ibm-3270-4.0ga12/x3270/screen.c:764:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xx = atoi(xs); data/ibm-3270-4.0ga12/x3270/screen.c:816:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xx = atoi(xs); data/ibm-3270-4.0ga12/x3270/screen.c:2797:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char varr[32] = { data/ibm-3270-4.0ga12/x3270/screen.c:3807:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tmp_color_name[16]; data/ibm-3270-4.0ga12/x3270/screen.c:3861:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp_field_colors[i-19] = atoi(tk); data/ibm-3270-4.0ga12/x3270/screen.c:4627:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(r, ", "); data/ibm-3270-4.0ga12/x3270/screen.c:4631:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. return strcat(strcat(r, " or "), t); data/ibm-3270-4.0ga12/x3270/screen.c:6031:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ovs_offset = atoi(im_style + OTS_LEN); data/ibm-3270-4.0ga12/x3270/screen.c:6255:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. split_name(const char *name, char res[15][256]) data/ibm-3270-4.0ga12/x3270/screen.c:6255:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. split_name(const char *name, char res[15][256]) data/ibm-3270-4.0ga12/x3270/screen.c:6296:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nl_arr[15][256]; data/ibm-3270-4.0ga12/x3270/screen.c:6338:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->points = atoi(nl_arr[7]); data/ibm-3270-4.0ga12/x3270/select.c:1471:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char osc[16]; data/ibm-3270-4.0ga12/x3270/status.c:223:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oia_lu[LUCNT+1]; data/ibm-3270-4.0ga12/x3270/status.c:923:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[32]; data/ibm-3270-4.0ga12/x3270/status.c:952:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[CCNT+1]; data/ibm-3270-4.0ga12/x3270/status.c:1467:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nnn[5]; data/ibm-3270-4.0ga12/x3270/status.c:1470:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nnn, "%d", n_scrolled); data/ibm-3270-4.0ga12/x3270/status.c:1471:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)&scrolled[11], (char *)spaces, sizeof(spaces)); data/ibm-3270-4.0ga12/x3270/x3270.c:110:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_model_name[13] = "IBM-"; data/ibm-3270-4.0ga12/x3270/x3270.c:622:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, resources, num_resources * sizeof(XtResource)); data/ibm-3270-4.0ga12/x3270/x3270.c:949:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(m); data/ibm-3270-4.0ga12/x3270/x3270.c:963:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char icon_label[8]; data/ibm-3270-4.0ga12/x3270/x3270.c:982:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(title, "x3270-%d", model_num); data/ibm-3270-4.0ga12/x3270/x3270.c:983:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(icon_label, "x3270-%d", model_num); data/ibm-3270-4.0ga12/x3270/x3270.c:1229:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tn + ntn, nxnames, nx * sizeof(char **)); data/ibm-3270-4.0ga12/x3270/x3270.c:1245:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)argv, (char *)argv_out, data/ibm-3270-4.0ga12/x3270/xactions.c:75:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *name[MAX_MODS_PER]; data/ibm-3270-4.0ga12/x3270/xactions.c:483:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rs[64]; data/ibm-3270-4.0ga12/x3270/xactions.c:579:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rs[64]; data/ibm-3270-4.0ga12/x3270/xactions.c:612:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rs, "%d", state); data/ibm-3270-4.0ga12/x3270/xactions.c:659:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummystr[KSBUF+1]; data/ibm-3270-4.0ga12/x3270/xactions.c:807:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[1024]; data/ibm-3270-4.0ga12/x3270/xkybd.c:229:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. state_from_keymap(char keymap[32]) data/ibm-3270-4.0ga12/x3270/xkybd.c:273:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keys[32]; data/ibm-3270-4.0ga12/x3270/xkybd.c:290:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/ibm-3270-4.0ga12/x3270/xtables.c:42:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char asc2cg0[256] = { data/ibm-3270-4.0ga12/x3270/xtables.c:76:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char ebc2cg0[256] = { data/ibm-3270-4.0ga12/x3270/xtables.h:33:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char asc2cg0[256]; data/ibm-3270-4.0ga12/x3270/xtables.h:34:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char ebc2cg0[256]; data/ibm-3270-4.0ga12/Common/Malloc.c:80:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strcpy(Malloc(strlen(s) + 1), s); data/ibm-3270-4.0ga12/Common/Win32/gdi_print.c:938:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstate.caption, (UINT)strlen(pstate.caption), NULL); data/ibm-3270-4.0ga12/Common/Win32/gdi_print.c:1300:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldn = strlen(pi->pDriverName) + 1; data/ibm-3270-4.0ga12/Common/Win32/gdi_print.c:1301:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lpn = strlen(pi->pPrinterName) + 1; data/ibm-3270-4.0ga12/Common/Win32/gdi_print.c:1302:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ltn = strlen(pi->pPortName) + 1; data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:95:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strcpy(Malloc(strlen(s) + 1), s); data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:313:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t middle_len = strlen(middle_string); data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:314:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *right_string = s + strlen(substs[i].keyword); data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:315:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t right_len = strlen(right_string); data/ibm-3270-4.0ga12/Common/Win32/mkmanifest.c:327:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(1, xbuf, (int)strlen(xbuf)); data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:72:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *t = malloc(strlen(s) + 1); data/ibm-3270-4.0ga12/Common/Win32/mkversion.c:188:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). builddate[strlen(builddate) - 1] = '\0'; data/ibm-3270-4.0ga12/Common/Win32/sio_schannel.c:1208:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s->session_info); data/ibm-3270-4.0ga12/Common/Win32/sio_schannel.c:1216:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s->server_cert_info); data/ibm-3270-4.0ga12/Common/Win32/w3misc.c:136:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while ((sl = strlen(buffer)) > 0 && data/ibm-3270-4.0ga12/Common/Win32/windirs.c:110:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(wd); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:120:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(xwd, "\\"); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:224:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *instdir = malloc(strlen(path) + 1); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:263:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*desktop)[strlen(*desktop) - 1] != '\\') { data/ibm-3270-4.0ga12/Common/Win32/windirs.c:264:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsl = malloc(strlen(*desktop) + 2); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:275:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(*xappdata); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:277:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsl = malloc(sl + 1 + strlen(appname) + 2); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:295:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*common_desktop)[strlen(*common_desktop) - 1] != '\\') { data/ibm-3270-4.0ga12/Common/Win32/windirs.c:297:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsl = malloc(strlen(*common_desktop) + 2); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:308:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(*common_xappdata); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:315:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsl = malloc(sl + add_bsl + strlen(appname) + 2); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:342:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(d, "\\"); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:359:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(cd, "\\"); data/ibm-3270-4.0ga12/Common/Win32/windirs.c:366:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(d) + strlen(appname) + 2; data/ibm-3270-4.0ga12/Common/Win32/windirs.c:366:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(d) + strlen(appname) + 2; data/ibm-3270-4.0ga12/Common/Win32/windirs.c:375:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(cd) + strlen(appname) + 2; data/ibm-3270-4.0ga12/Common/Win32/windirs.c:375:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(cd) + strlen(appname) + 2; data/ibm-3270-4.0ga12/Common/Win32/windirs.c:399:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/ibm-3270-4.0ga12/Common/XtGlue.c:403:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) == 1 && (*(unsigned char *)s & 0x7f) > ' ') { data/ibm-3270-4.0ga12/Common/actions.c:84:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(action); data/ibm-3270-4.0ga12/Common/b3270/password.c:154:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). push_cb(cmd, strlen(cmd), &password_cb, (task_cbh)&password_cb); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:156:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nw = send(ui_socket, s, strlen(s), 0); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:158:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nw = write(fileno(stdout), s, strlen(s)); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:166:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) > 0 && s[strlen(s) - 1] == '\n') { data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:166:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) > 0 && s[strlen(s) - 1] == '\n') { data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:301:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g = Malloc(sizeof(ui_container_t) + strlen(name) + 1); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:361:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uia->result = Realloc(uia->result, strlen(uia->result) + 1 + len + 1); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:452:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (tag? (strlen(tag) + 1): 0)); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:469:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). push_cb(command, strlen(command), tcb, (task_cbh)uia); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:630:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(fileno(stdin), buf, INBUF_SIZE); data/ibm-3270-4.0ga12/Common/b3270/ui_stream.c:746:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). peer_nr = read(0, peer_buf, sizeof(peer_buf)); data/ibm-3270-4.0ga12/Common/base64.c:60:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nmalloc = (((strlen(s) * BITS_PER_BYTE) + (BITS_PER_BASE64 - 1)) / BITS_PER_BASE64) + MAX_PAD + 1; data/ibm-3270-4.0ga12/Common/base64.c:122:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ret = Malloc(strlen(s) + 1); data/ibm-3270-4.0ga12/Common/bind-opt.c:117:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(host_str, spec + 1, hlen); data/ibm-3270-4.0ga12/Common/bind-opt.c:120:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). port_str = Malloc(strlen(rbrack + 2) + 1); data/ibm-3270-4.0ga12/Common/bind-opt.c:146:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(host_str, spec, hlen); data/ibm-3270-4.0ga12/Common/bind-opt.c:149:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). port_str = Malloc(strlen(colon + 1) + 1); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:831:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(signalpipe[0], &dummy, 1); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1142:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1148:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1238:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inthread.nr = read(0, inthread.buf, sizeof(inthread.buf) - 1); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1322:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(lesspath)) { data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1324:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(morepath)) { data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1330:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = Malloc(strlen(pager_cmd) + strlen(or_cat) + 1); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1330:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = Malloc(strlen(pager_cmd) + strlen(or_cat) + 1); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1418:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pager.residual) + strlen(s) + 2); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1418:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pager.residual) + strlen(s) + 2); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1419:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(strcat(pager.residual, "\n"), s); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1452:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1520:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(h->name, t, strlen(t))) { data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1535:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(h->name, t, strlen(t))) { data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1562:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). matches[j] = Malloc(strlen(h->name) + 3); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1579:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(e->t.name, s, strlen(s))) { data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1594:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(e->t.name, s, strlen(s))) { data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1666:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(vmsgbuf); data/ibm-3270-4.0ga12/Common/c3270/c3270.c:1883:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). push_cb(s, strlen(s), &command_cb, (task_cbh)&command_cb); data/ibm-3270-4.0ga12/Common/c3270/help.c:357:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(cmd_help[i].name, argv[0], strlen(argv[0]))) { data/ibm-3270-4.0ga12/Common/c3270/help.c:371:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(help_subcommand[i].name, argv[0], strlen(argv[0]))) { data/ibm-3270-4.0ga12/Common/c3270/keymap.c:237:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u = multibyte_to_unicode(s, strlen(s), &consumed, &error); data/ibm-3270-4.0ga12/Common/c3270/keymap.c:238:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (u != 0 && (size_t)consumed == strlen(s)) { data/ibm-3270-4.0ga12/Common/c3270/keymap.c:1152:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/c3270/menubar.c:139:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = (cmenu_t *)Malloc(sizeof(cmenu_t) + strlen(title) + 1); data/ibm-3270-4.0ga12/Common/c3270/menubar.c:142:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c->width = strlen(title) + 2; data/ibm-3270-4.0ga12/Common/c3270/menubar.c:168:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i->label = Malloc(strlen(label) + 1); data/ibm-3270-4.0ga12/Common/c3270/menubar.c:182:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(label) + 2 > cmenu->width) { data/ibm-3270-4.0ga12/Common/c3270/menubar.c:183:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmenu->width = strlen(label) + 2; data/ibm-3270-4.0ga12/Common/c3270/menubar.c:199:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) + 2 > i->cmenu->width) { data/ibm-3270-4.0ga12/Common/c3270/menubar.c:200:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i->cmenu->width = strlen(name) + 2; data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:55:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = malloc(strlen(incdir) + 1 + strlen(name) + 1); data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:55:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = malloc(strlen(incdir) + 1 + strlen(name) + 1); data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:105:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(map)) != EOF) { data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:154:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(buf); data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:183:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->callback = malloc(strlen(t) + 1); data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:234:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(labels)) != EOF) { data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:235:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). d = fgetc(outline); data/ibm-3270-4.0ga12/Common/c3270/mkkeypad.c:264:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((d = fgetc(outline)) != EOF) { data/ibm-3270-4.0ga12/Common/c3270/status_dump.c:172:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (local_process && !strlen(current_host))? "(shell)": data/ibm-3270-4.0ga12/Common/c3270/status_dump.c:293:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/child.c:294:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(p->fd, p->buf, CHILD_BUF); data/ibm-3270-4.0ga12/Common/child.c:300:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(p->fd, p->buf + p->count, space); data/ibm-3270-4.0ga12/Common/childscript.c:399:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(c->infd, buf, (int)n2r); data/ibm-3270-4.0ga12/Common/childscript.c:465:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(fd, buf, (int)n2r); data/ibm-3270-4.0ga12/Common/childscript.c:502:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nw = write(c->outfd, s, strlen(s)); data/ibm-3270-4.0ga12/Common/childscript.c:503:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (nw != (ssize_t)strlen(s)) { data/ibm-3270-4.0ga12/Common/childscript.c:526:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nw = write(c->outfd, s, strlen(s)); data/ibm-3270-4.0ga12/Common/childscript.c:527:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (nw != (ssize_t)strlen(s)) { data/ibm-3270-4.0ga12/Common/childscript.c:568:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nw = write(c->outfd, s, strlen(s)); data/ibm-3270-4.0ga12/Common/childscript.c:569:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (nw != (ssize_t)strlen(s)) { data/ibm-3270-4.0ga12/Common/childscript.c:716:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tmp = Malloc(strlen(c->output_buf) + 1); data/ibm-3270-4.0ga12/Common/childscript.c:1331:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argv[i][strlen(argv[i]) - 1] != '"') { data/ibm-3270-4.0ga12/Common/childscript.c:1450:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(params[0]); data/ibm-3270-4.0ga12/Common/childscript.c:1470:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(new_param) > 0) { data/ibm-3270-4.0ga12/Common/find_console.c:122:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pctc == NULL || pctc[strlen(" " COMMAND_SUBST)] != '\0') { data/ibm-3270-4.0ga12/Common/fprint_screen.c:139:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u = multibyte_to_unicode(caption, strlen(caption), &consumed, &error); data/ibm-3270-4.0ga12/Common/fprint_screen.c:177:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u = multibyte_to_unicode(caption, strlen(caption), &consumed, &error); data/ibm-3270-4.0ga12/Common/ft.c:228:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(s, tp[PARM_HOST].keyword[k], strlen(s))) { data/ibm-3270-4.0ga12/Common/ft.c:254:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(s, tp[PARM_RECFM].keyword[k], strlen(s))) { data/ibm-3270-4.0ga12/Common/ft.c:280:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(s, tp[PARM_ALLOCATION].keyword[k], strlen(s))) { data/ibm-3270-4.0ga12/Common/ft.c:813:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). kwlen = strlen(argv[j]); data/ibm-3270-4.0ga12/Common/ft.c:826:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(value))) { data/ibm-3270-4.0ga12/Common/ft_cut.c:707:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fts.local_file); data/ibm-3270-4.0ga12/Common/ft_cut.c:737:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fts.local_file); data/ibm-3270-4.0ga12/Common/ft_dft.c:268:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (memcmp(msgp, END_TRANSFER, strlen(END_TRANSFER)) == 0) { data/ibm-3270-4.0ga12/Common/ft_dft.c:476:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fts.local_file); data/ibm-3270-4.0ga12/Common/ft_dft.c:496:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fts.local_file); data/ibm-3270-4.0ga12/Common/glue.c:122:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). session_suffix_len[n_session_suffixes++] = strlen(suffix); data/ibm-3270-4.0ga12/Common/glue.c:130:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(name); data/ibm-3270-4.0ga12/Common/glue.c:180:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cl = strlen(programname); data/ibm-3270-4.0ga12/Common/glue.c:182:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cl += 1 + strlen(argv[i]); data/ibm-3270-4.0ga12/Common/glue.c:188:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(strcat(command_string, " "), argv[i]); data/ibm-3270-4.0ga12/Common/glue.c:197:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xcmd_len += strlen(argv[i]) + 1; data/ibm-3270-4.0ga12/Common/glue.c:205:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xcmd_len += strlen(argv[i]) + 1; data/ibm-3270-4.0ga12/Common/glue.c:290:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). profile_name[strlen(profile_name) - session_suffix_len[suffix_match]] data/ibm-3270-4.0ga12/Common/glue.c:434:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e_len = strlen(OptLocalProcess) + 1; data/ibm-3270-4.0ga12/Common/glue.c:436:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e_len += 1 + strlen(argv[j]); data/ibm-3270-4.0ga12/Common/glue.c:442:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(strcat(cmds_buf, " "), argv[j]); data/ibm-3270-4.0ga12/Common/glue.c:868:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(argv[i]); data/ibm-3270-4.0ga12/Common/glue.c:952:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(m); data/ibm-3270-4.0ga12/Common/glue.c:1133:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (unk_len != strlen(known)) { data/ibm-3270-4.0ga12/Common/glue.c:1203:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(x->xresources[i].name); data/ibm-3270-4.0ga12/Common/glue.c:1228:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(xbuf) == len && data/ibm-3270-4.0ga12/Common/glue.c:1236:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(xbuf) == len && data/ibm-3270-4.0ga12/Common/glue.c:1322:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = Malloc(strlen(s) + 1); data/ibm-3270-4.0ga12/Common/glue.c:1399:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rsname, name, rnlen); data/ibm-3270-4.0ga12/Common/glue.c:1433:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u = multibyte_to_unicode(s, strlen(s), &consumed, &error); data/ibm-3270-4.0ga12/Common/host.c:147:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > (unsigned)1 && buf[strlen(buf) - 1] == '\n') { data/ibm-3270-4.0ga12/Common/host.c:147:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > (unsigned)1 && buf[strlen(buf) - 1] == '\n') { data/ibm-3270-4.0ga12/Common/host.c:148:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(buf) - 1] = '\0'; data/ibm-3270-4.0ga12/Common/host.c:348:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sl = strlen(OptLocalProcess); data/ibm-3270-4.0ga12/Common/host.c:393:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(xluname, lu, LUNAME_SIZE); data/ibm-3270-4.0ga12/Common/host.c:446:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = nb + strlen(nb) - 1; data/ibm-3270-4.0ga12/Common/host.c:504:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (full_current_host[strlen(OptLocalProcess)] != '\0') { data/ibm-3270-4.0ga12/Common/host.c:506:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(OptLocalProcess) + 1); data/ibm-3270-4.0ga12/Common/host.c:858:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(buf); data/ibm-3270-4.0ga12/Common/httpd-core.c:284:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(buf); data/ibm-3270-4.0ga12/Common/httpd-core.c:360:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). httpd_send(h, cl, strlen(cl)); data/ibm-3270-4.0ga12/Common/httpd-core.c:495:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). httpd_print(h, HP_BUFFER, "Date: %.*s UTC\n", strlen(a) - 1, a); data/ibm-3270-4.0ga12/Common/httpd-core.c:597:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(buf); data/ibm-3270-4.0ga12/Common/httpd-core.c:1026:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nonterm = uri + strlen(reg->path); data/ibm-3270-4.0ga12/Common/httpd-core.c:1126:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(reg->path, uri, strlen(uri)) && data/ibm-3270-4.0ga12/Common/httpd-core.c:1127:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strchr(reg->path + strlen(uri), '/') == NULL && data/ibm-3270-4.0ga12/Common/httpd-core.c:1132:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(reg->path + strlen(uri)); data/ibm-3270-4.0ga12/Common/httpd-core.c:1132:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(reg->path + strlen(uri)); data/ibm-3270-4.0ga12/Common/httpd-core.c:1145:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (q2 = html_quote(reg->path + strlen(uri))), data/ibm-3270-4.0ga12/Common/httpd-core.c:1308:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *canon = Malloc(strlen(candidate) + 1); data/ibm-3270-4.0ga12/Common/httpd-core.c:1386:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (uri[strlen(uri) - 1] == '/') { data/ibm-3270-4.0ga12/Common/httpd-core.c:1388:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(uri); data/ibm-3270-4.0ga12/Common/httpd-core.c:1458:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f = Malloc(sizeof(*f) + strlen(name) + 1 + strlen(value) + 1); data/ibm-3270-4.0ga12/Common/httpd-core.c:1458:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f = Malloc(sizeof(*f) + strlen(name) + 1 + strlen(value) + 1); data/ibm-3270-4.0ga12/Common/httpd-core.c:1462:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f->value = f->name + strlen(name) + 1; data/ibm-3270-4.0ga12/Common/httpd-core.c:1569:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(f->name, field_name, field_name_len); data/ibm-3270-4.0ga12/Common/httpd-core.c:1572:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(f->value, value, value_len); data/ibm-3270-4.0ga12/Common/httpd-core.c:1619:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cand_uri = percent_decode(r->uri, strlen(r->uri), false); data/ibm-3270-4.0ga12/Common/httpd-core.c:1633:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cand_uri) > 7 && !strncasecmp(cand_uri, "http://", 7)) { data/ibm-3270-4.0ga12/Common/httpd-io.c:632:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(prompt)); data/ibm-3270-4.0ga12/Common/httpd-io.c:666:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(cmd); data/ibm-3270-4.0ga12/Common/icmd.c:79:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(response, "yes", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:81:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(response, "no", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:125:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nc = strlen(s); data/ibm-3270-4.0ga12/Common/icmd.c:397:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(r); data/ibm-3270-4.0ga12/Common/icmd.c:558:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(response, "receive", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:560:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(response, "send", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:639:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(response, "ascii", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:641:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(response, "binary", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:661:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(response, "remove", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:664:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(response, "add", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:667:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(response, "keep", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:684:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(response, "yes", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:686:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(response, "no", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:722:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(response, "keep", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:726:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(response, "replace", strlen(response))) { data/ibm-3270-4.0ga12/Common/icmd.c:730:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(response, "append", strlen(response))) { data/ibm-3270-4.0ga12/Common/idle.c:364:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). push_cb(s, strlen(s), &idle_cb, (task_cbh)&idle_cb); data/ibm-3270-4.0ga12/Common/kybd.c:3323:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(argv[i]); data/ibm-3270-4.0ga12/Common/kybd.c:3383:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(t); data/ibm-3270-4.0ga12/Common/kybd.c:3410:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(t); data/ibm-3270-4.0ga12/Common/kybd.c:3454:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(t); data/ibm-3270-4.0ga12/Common/kybd.c:4066:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) % 2) { data/ibm-3270-4.0ga12/Common/kybd.c:4252:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *ucs4 = multibyte_to_unicode(s, strlen(s), &consumed, &error); data/ibm-3270-4.0ga12/Common/kybd.c:4253:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((size_t)consumed != strlen(s)) { data/ibm-3270-4.0ga12/Common/kybd.c:4286:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(ln, " %63[^+ \t] + %63[^= \t] =%63s%1s", data/ibm-3270-4.0ga12/Common/linemode.c:192:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(s) > 1) { data/ibm-3270-4.0ga12/Common/login_macro.c:163:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). push_cb(action, strlen(action), &login_cb, (task_cbh)&login_cb); data/ibm-3270-4.0ga12/Common/mkfb.c:224:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while ((sl = strlen(s)) && isspace((unsigned char)s[sl-1])) { data/ibm-3270-4.0ga12/Common/mkfb.c:325:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last_continue = strlen(s) > 0 && s[strlen(s) - 1] == '\\'; data/ibm-3270-4.0ga12/Common/mkfb.c:325:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last_continue = strlen(s) > 0 && s[strlen(s) - 1] == '\\'; data/ibm-3270-4.0ga12/Common/mkfb.c:370:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > 0 && buf[strlen(buf)-1] == '\n') { data/ibm-3270-4.0ga12/Common/mkfb.c:370:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > 0 && buf[strlen(buf)-1] == '\n') { data/ibm-3270-4.0ga12/Common/mkfb.c:371:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(buf)-1] = '\0'; data/ibm-3270-4.0ga12/Common/mkicon.c:28:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(f)) != EOF) { data/ibm-3270-4.0ga12/Common/model.c:66:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(res); data/ibm-3270-4.0ga12/Common/nvt.c:1981:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/nvt.c:2012:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/peerscript.c:319:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ns = send(p->socket, s, strlen(s), 0); data/ibm-3270-4.0ga12/Common/peerscript.c:341:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ns = send(p->socket, s, strlen(s), 0); data/ibm-3270-4.0ga12/Common/peerscript.c:367:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send(p->socket, s, strlen(s), 0); data/ibm-3270-4.0ga12/Common/pr3287/ctlr.c:2164:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(f)) != EOF) { data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:409:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = Malloc(strlen(s) + 1); data/ibm-3270-4.0ga12/Common/pr3287/pr3287.c:903:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(options.tracedir); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:298:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *h = Malloc(strlen(host) + 1); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:509:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lus = (char **)Malloc((n_lus+1) * sizeof(char *) + strlen(luname) + 1); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:815:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt_len = strlen(termtype); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:817:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt_len += strlen(try_lu) + 1; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:871:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt_len = strlen(termtype); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:873:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt_len += strlen(try_assoc) + 1; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:875:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt_len += strlen(try_lu) + 1; data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:896:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd(SB), opt(TELOPT_TN3270E), strlen(termtype), tt_out + 5, data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:975:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(reported_type, (char *)&sbbuf[3], tnlen); data/ibm-3270-4.0ga12/Common/pr3287/telnet.c:983:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(reported_lu, (char *)&sbbuf[3 + tnlen + 1], snlen); data/ibm-3270-4.0ga12/Common/pr3287/trace.c:110:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/ibm-3270-4.0ga12/Common/pr3287/trace.c:188:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:211:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp(s, "ebcdic", strlen("ebcdic")) || data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:212:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !is_white(*(s + strlen("ebcdic")))) { data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:218:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen("ebcdic"); data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:264:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp(s, "ascii", strlen("ascii")) || data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:265:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !is_white(*(s + strlen("ascii")))) { data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:271:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen("ascii"); data/ibm-3270-4.0ga12/Common/pr3287/xtable.c:397:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(cc[j].name); data/ibm-3270-4.0ga12/Common/pr3287_session.c:797:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(p->fd, p->buf + p->count, space); data/ibm-3270-4.0ga12/Common/pr3287_session.c:819:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p->buf + p->count, exitmsg, space); data/ibm-3270-4.0ga12/Common/pr3287_session.c:820:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->count += strlen(exitmsg); data/ibm-3270-4.0ga12/Common/pr3287_session.c:1165:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(pr3287_stderr.fd, buf, sizeof(buf)); data/ibm-3270-4.0ga12/Common/print_command.c:82:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(c->from_cmd, errout + nerr, nerrbuf - nerr); data/ibm-3270-4.0ga12/Common/print_screen.c:336:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(name); data/ibm-3270-4.0ga12/Common/proxy.c:171:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sl == strlen(PROXY_PASSTHRU) && data/ibm-3270-4.0ga12/Common/proxy.c:182:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sl == strlen(PROXY_HTTP) && !strncasecmp(proxy, PROXY_HTTP, sl)) { data/ibm-3270-4.0ga12/Common/proxy.c:192:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sl == strlen(PROXY_TELNET) && !strncasecmp(proxy, PROXY_TELNET, sl)) { data/ibm-3270-4.0ga12/Common/proxy.c:203:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sl == strlen(PROXY_SOCKS4) && !strncasecmp(proxy, PROXY_SOCKS4, sl)) { data/ibm-3270-4.0ga12/Common/proxy.c:213:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sl == strlen(PROXY_SOCKS4A) && data/ibm-3270-4.0ga12/Common/proxy.c:224:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sl == strlen(PROXY_SOCKS5) && !strncasecmp(proxy, PROXY_SOCKS5, sl)) { data/ibm-3270-4.0ga12/Common/proxy.c:234:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sl == strlen(PROXY_SOCKS5D) && data/ibm-3270-4.0ga12/Common/proxy.c:304:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hlen = strlen(h); data/ibm-3270-4.0ga12/Common/proxy.c:319:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*phost, hstart, hlen); data/ibm-3270-4.0ga12/Common/proxy.c:326:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*puser, s, at - s); data/ibm-3270-4.0ga12/Common/proxy_http.c:83:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vtrace("HTTP Proxy: xmit '%.*s'\n", (int)(strlen(sbuf) - 2), sbuf); data/ibm-3270-4.0ga12/Common/proxy_http.c:84:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). trace_netdata('>', (unsigned char *)sbuf, strlen(sbuf)); data/ibm-3270-4.0ga12/Common/proxy_http.c:86:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (send(fd, sbuf, (int)strlen(sbuf), 0) < 0) { data/ibm-3270-4.0ga12/Common/proxy_http.c:99:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vtrace("HTTP Proxy: xmit '%.*s'\n", (int)(strlen(sbuf) - 2), sbuf); data/ibm-3270-4.0ga12/Common/proxy_http.c:100:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). trace_netdata('>', (unsigned char *)sbuf, strlen(sbuf)); data/ibm-3270-4.0ga12/Common/proxy_http.c:102:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (send(fd, sbuf, (int)strlen(sbuf), 0) < 0) { data/ibm-3270-4.0ga12/Common/proxy_http.c:113:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vtrace("HTTP Proxy: xmit '%.*s'\n", (int)(strlen(sbuf) - 2), sbuf); data/ibm-3270-4.0ga12/Common/proxy_http.c:114:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). trace_netdata('>', (unsigned char *)sbuf, strlen(sbuf)); data/ibm-3270-4.0ga12/Common/proxy_http.c:116:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (send(fd, sbuf, (int)strlen(sbuf), 0) < 0) { data/ibm-3270-4.0ga12/Common/proxy_http.c:126:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). trace_netdata('>', (unsigned char *)sbuf, strlen(sbuf)); data/ibm-3270-4.0ga12/Common/proxy_http.c:128:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (send(fd, sbuf, (int)strlen(sbuf), 0) < 0) { data/ibm-3270-4.0ga12/Common/proxy_passthru.c:49:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vtrace("Passthru Proxy: xmit '%.*s'", (int)(strlen(sbuf) - 2), sbuf); data/ibm-3270-4.0ga12/Common/proxy_passthru.c:50:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). trace_netdata('>', (unsigned char *)sbuf, strlen(sbuf)); data/ibm-3270-4.0ga12/Common/proxy_passthru.c:52:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (send(fd, sbuf, (int)strlen(sbuf), 0) < 0) { data/ibm-3270-4.0ga12/Common/proxy_socks4.c:110:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sbuf = Malloc(32 + strlen(ruser) + strlen(host)); data/ibm-3270-4.0ga12/Common/proxy_socks4.c:110:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sbuf = Malloc(32 + strlen(ruser) + strlen(host)); data/ibm-3270-4.0ga12/Common/proxy_socks4.c:117:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(ruser) + 1; data/ibm-3270-4.0ga12/Common/proxy_socks4.c:119:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(host) + 1; data/ibm-3270-4.0ga12/Common/proxy_socks4.c:134:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sbuf = Malloc(32 + strlen(ruser)); data/ibm-3270-4.0ga12/Common/proxy_socks4.c:142:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(ruser) + 1; data/ibm-3270-4.0ga12/Common/proxy_socks5.c:222:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(colon + 1) > 255) { data/ibm-3270-4.0ga12/Common/proxy_socks5.c:231:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(colon + 1), /* length of password */ data/ibm-3270-4.0ga12/Common/proxy_socks5.c:238:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(colon + 1), data/ibm-3270-4.0ga12/Common/proxy_socks5.c:240:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). trace_netdata('>', upbuf, strlen((char *)upbuf)); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:241:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (send(ps.fd, (char *)upbuf, strlen((char *)upbuf), 0) < 0) { data/ibm-3270-4.0ga12/Common/proxy_socks5.c:311:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *sbuf = Malloc(32 + strlen(ps.host)); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:319:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *s++ = (char)strlen(ps.host); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:321:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(ps.host); data/ibm-3270-4.0ga12/Common/proxy_socks5.c:494:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nbuf, (char *)&ps.vrbuf[5], ps.vrbuf[4]); data/ibm-3270-4.0ga12/Common/proxy_telnet.c:52:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vtrace("TELNET Proxy: xmit '%.*s'", (int)(strlen(sbuf) - 2), sbuf); data/ibm-3270-4.0ga12/Common/proxy_telnet.c:53:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). trace_netdata('>', (unsigned char *)sbuf, strlen(sbuf)); data/ibm-3270-4.0ga12/Common/proxy_telnet.c:55:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (send(fd, sbuf, (int)strlen(sbuf), 0) < 0) { data/ibm-3270-4.0ga12/Common/query.c:175:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(r); data/ibm-3270-4.0ga12/Common/query.c:241:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(argv[0]); data/ibm-3270-4.0ga12/Common/query.c:246:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(queries[i].name) > sl && data/ibm-3270-4.0ga12/Common/readres.c:64:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). me_len = strlen(me_dot); data/ibm-3270-4.0ga12/Common/readres.c:68:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alias_len = strlen(alias_dot); data/ibm-3270-4.0ga12/Common/readres.c:151:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(buf + ilen); data/ibm-3270-4.0ga12/Common/readres.c:171:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ilen += strlen(buf + ilen); data/ibm-3270-4.0ga12/Common/readres.c:192:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/rpq.c:197:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x = strlen(build_rpq_version); data/ibm-3270-4.0ga12/Common/rpq.c:207:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x = strlen(build_rpq_timestamp); data/ibm-3270-4.0ga12/Common/rpq.c:287:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uplist = (char *) malloc(strlen(x3270rpq)+1); data/ibm-3270-4.0ga12/Common/rpq.c:296:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(x3270rpq); ) { data/ibm-3270-4.0ga12/Common/rpq.c:316:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = (kw - uplist) + strlen(kw) + 1; data/ibm-3270-4.0ga12/Common/rpq.c:535:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). is_first_hex_digit = ((strlen(hexstr) % 2) == 0); data/ibm-3270-4.0ga12/Common/rpq.c:553:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (strlen(hexstr) + 1) / 2; data/ibm-3270-4.0ga12/Common/rpq.c:562:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sbuf = sbuf0 = Malloc(strlen(rpqtext) + 1); data/ibm-3270-4.0ga12/Common/rpq.c:573:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xlen = multibyte_to_ebcdic_string(sbuf0, strlen(sbuf0), buf, buflen, data/ibm-3270-4.0ga12/Common/rpq.c:616:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rpqtext = (char *) malloc(strlen(p1) + 1); data/ibm-3270-4.0ga12/Common/run_action.c:102:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(k->result + k->result_len, buf, len); data/ibm-3270-4.0ga12/Common/run_action.c:201:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). push_cb(s, strlen(s), cb, (task_cbh)k); data/ibm-3270-4.0ga12/Common/run_action.c:276:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcspn(s, " ,()\\\b\f\r\n\t\v\"") == strlen(s)) { data/ibm-3270-4.0ga12/Common/screentrace.c:218:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(filename); data/ibm-3270-4.0ga12/Common/sio_openssl.c:179:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pass_len = (int)strlen(p); data/ibm-3270-4.0ga12/Common/sio_openssl.c:183:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, p, pass_len); data/ibm-3270-4.0ga12/Common/sio_openssl.c:261:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cn) < len) { data/ibm-3270-4.0ga12/Common/sio_openssl.c:276:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(hostname) > strlen(cn + 1) && data/ibm-3270-4.0ga12/Common/sio_openssl.c:276:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(hostname) > strlen(cn + 1) && data/ibm-3270-4.0ga12/Common/sio_openssl.c:277:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strcasecmp(hostname + strlen(hostname) - strlen(cn + 1), data/ibm-3270-4.0ga12/Common/sio_openssl.c:277:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strcasecmp(hostname + strlen(hostname) - strlen(cn + 1), data/ibm-3270-4.0ga12/Common/sio_openssl.c:901:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s->session_info); data/ibm-3270-4.0ga12/Common/sio_openssl.c:910:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s->server_cert_info); data/ibm-3270-4.0ga12/Common/sio_secure_transport.c:509:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(t, substs[j].subst, strlen(substs[j].subst)); data/ibm-3270-4.0ga12/Common/sio_secure_transport.c:509:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(t, substs[j].subst, strlen(substs[j].subst)); data/ibm-3270-4.0ga12/Common/sio_secure_transport.c:955:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(accept_hostname)); data/ibm-3270-4.0ga12/Common/sio_secure_transport.c:989:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s->session_info); data/ibm-3270-4.0ga12/Common/sio_secure_transport.c:998:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s->server_cert_info); data/ibm-3270-4.0ga12/Common/sioc.c:128:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(spec, STRING_PASSWD, strlen(STRING_PASSWD))) { data/ibm-3270-4.0ga12/Common/sioc.c:130:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return NewString(spec + strlen(STRING_PASSWD)); data/ibm-3270-4.0ga12/Common/sioc.c:132:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(spec, FILE_PASSWD, strlen(FILE_PASSWD))) { data/ibm-3270-4.0ga12/Common/sioc.c:137:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). password = sioc_string_from_file(spec + strlen(FILE_PASSWD), &len); data/ibm-3270-4.0ga12/Common/source.c:87:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b, buf, len); data/ibm-3270-4.0ga12/Common/source.c:160:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(s->fd, &c, 1); data/ibm-3270-4.0ga12/Common/source.c:234:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = (source_t *)Malloc(sizeof(source_t) + strlen(argv[0]) + 1); data/ibm-3270-4.0ga12/Common/split_host.c:57:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(pfxstr); data/ibm-3270-4.0ga12/Common/split_host.c:88:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(raw); data/ibm-3270-4.0ga12/Common/stdinscript.c:103:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(fileno(stdin), &c, 1); data/ibm-3270-4.0ga12/Common/stdinscript.c:240:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stdin_nr = read(0, stdin_buf, sizeof(stdin_buf)); data/ibm-3270-4.0ga12/Common/stdinscript.c:283:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). push_cb(wait, strlen(wait), &stdin_cb, NULL); data/ibm-3270-4.0ga12/Common/stringscript.c:195:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(b, buf, len); data/ibm-3270-4.0ga12/Common/stringscript.c:267:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(s, hex_digits) != strlen(s)) { data/ibm-3270-4.0ga12/Common/stringscript.c:270:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_len = strlen(s); data/ibm-3270-4.0ga12/Common/stringscript.c:325:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = (string_t *)Calloc(sizeof(string_t) + strlen(st) + 1, 1); data/ibm-3270-4.0ga12/Common/stringscript.c:328:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->len = strlen(st); data/ibm-3270-4.0ga12/Common/task.c:1108:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(aname, e->t.name, strlen(aname))) { data/ibm-3270-4.0ga12/Common/task.c:1141:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, s_orig, alen); data/ibm-3270-4.0ga12/Common/task.c:1361:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). push_xmacro(ST_MACRO, s, strlen(s), false); data/ibm-3270-4.0ga12/Common/task.c:1406:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = (taskq_t *)Calloc(sizeof(taskq_t) + strlen(cb->shortname) + 1, 1); data/ibm-3270-4.0ga12/Common/task.c:1506:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(msg); data/ibm-3270-4.0ga12/Common/task.c:1576:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nc = strlen(msg); data/ibm-3270-4.0ga12/Common/task.c:2238:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(params[i], KwAscii, strlen(params[i]))) { data/ibm-3270-4.0ga12/Common/task.c:2240:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(params[i], KwEbcdic, strlen(params[i]))) { data/ibm-3270-4.0ga12/Common/task.c:2242:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(params[i], KwUnicode, strlen(params[i]))) { data/ibm-3270-4.0ga12/Common/task.c:2244:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(params[i], KwField, strlen(params[i]))) { data/ibm-3270-4.0ga12/Common/task.c:3068:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *t = Malloc(strlen(s) + 1); data/ibm-3270-4.0ga12/Common/task.c:3935:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(encoded), !no_echo); data/ibm-3270-4.0ga12/Common/telnet.c:561:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(resolver_pipe[0], &slot_byte, 1); data/ibm-3270-4.0ga12/Common/telnet.c:849:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (char **)Malloc((n_lus+1) * sizeof(char *) + strlen(luname) + 1)); data/ibm-3270-4.0ga12/Common/telnet.c:929:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send(sock, buf, (int)strlen(buf), 0); data/ibm-3270-4.0ga12/Common/telnet.c:1320:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(sock, (char *) netrbuf, BUFSZ); data/ibm-3270-4.0ga12/Common/telnet.c:1583:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nvt_data += (sl = strlen(see_chr)); data/ibm-3270-4.0ga12/Common/telnet.c:1611:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nvt_data += (sl = strlen(see_chr)); data/ibm-3270-4.0ga12/Common/telnet.c:1844:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt_len = strlen(termtype); data/ibm-3270-4.0ga12/Common/telnet.c:1846:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt_len += strlen(try_lu) + 1; data/ibm-3270-4.0ga12/Common/telnet.c:1944:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt_len = strlen(termtype); data/ibm-3270-4.0ga12/Common/telnet.c:1946:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt_len += strlen(try_lu) + 1; data/ibm-3270-4.0ga12/Common/telnet.c:2055:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(reported_type, (char *)&sbbuf[3], tnlen); data/ibm-3270-4.0ga12/Common/telnet.c:2064:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(reported_lu, (char *)&sbbuf[3+tnlen+1], snlen); data/ibm-3270-4.0ga12/Common/telnet.c:3206:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). net_cookout(s, strlen(s)); data/ibm-3270-4.0ga12/Common/telnet.c:3393:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((connected_type != NULL)? strlen(connected_type): 0) + data/ibm-3270-4.0ga12/Common/telnet.c:3394:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((connected_lu != NULL)? + strlen(connected_lu): 0) + data/ibm-3270-4.0ga12/Common/telnet.c:3402:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(obptr, connected_type, strlen(connected_type)); data/ibm-3270-4.0ga12/Common/telnet.c:3403:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). obptr += strlen(connected_type); data/ibm-3270-4.0ga12/Common/telnet.c:3407:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(obptr, connected_lu, strlen(connected_lu)); data/ibm-3270-4.0ga12/Common/telnet.c:3408:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). obptr += strlen(connected_lu); data/ibm-3270-4.0ga12/Common/telnet.c:3730:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *)Realloc(ret, sl + 1 + strlen(o) + 1); data/ibm-3270-4.0ga12/Common/telnet.c:3735:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl += strlen(o); data/ibm-3270-4.0ga12/Common/telnet_new_environ.c:174:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_environ(&vars, USER_VARNAME, strlen(USER_VARNAME), user, strlen(user)); data/ibm-3270-4.0ga12/Common/telnet_new_environ.c:174:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_environ(&vars, USER_VARNAME, strlen(USER_VARNAME), user, strlen(user)); data/ibm-3270-4.0ga12/Common/telnet_new_environ.c:176:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_environ(&uservars, DEVNAME_USERVARNAME, strlen(DEVNAME_USERVARNAME), data/ibm-3270-4.0ga12/Common/telnet_new_environ.c:177:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). appres.devname, strlen(appres.devname)); data/ibm-3270-4.0ga12/Common/toggles.c:736:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(name) + 1); data/ibm-3270-4.0ga12/Common/trace.c:150:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s); data/ibm-3270-4.0ga12/Common/trace.c:333:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n2w_left = strlen(buf); data/ibm-3270-4.0ga12/Common/trace.c:344:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(ts, strlen(ts), 1, tracef); data/ibm-3270-4.0ga12/Common/trace.c:525:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len + 1 + strlen(setting) >= 80) { data/ibm-3270-4.0ga12/Common/trace.c:530:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 1 + strlen(setting); data/ibm-3270-4.0ga12/Common/trace.c:632:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(appres.trace_file_size))) { data/ibm-3270-4.0ga12/Common/trace.c:770:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((int)strlen(stfn) > 0 && stfn[strlen(stfn)-1] == '\\')) { data/ibm-3270-4.0ga12/Common/trace.c:770:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((int)strlen(stfn) > 0 && stfn[strlen(stfn)-1] == '\\')) { data/ibm-3270-4.0ga12/Common/unicode.c:519:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strspn(s, "0123456789") == strlen(s); data/ibm-3270-4.0ga12/Common/util.c:313:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*rp, f_start, f_end - f_start); data/ibm-3270-4.0ga12/Common/util.c:459:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). o_len = strlen(t) + 1; data/ibm-3270-4.0ga12/Common/util.c:519:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(o, vn_start, vn_len); data/ibm-3270-4.0ga12/Common/util.c:525:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(vn, vn_start, vn_len); data/ibm-3270-4.0ga12/Common/util.c:534:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(vv); data/ibm-3270-4.0ga12/Common/util.c:538:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). o += strlen(vv); data/ibm-3270-4.0ga12/Common/util.c:620:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mname, s, len); data/ibm-3270-4.0ga12/Common/util.c:643:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = Malloc(strlen(p->pw_dir) + strlen(rest) + 1); data/ibm-3270-4.0ga12/Common/util.c:643:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = Malloc(strlen(p->pw_dir) + strlen(rest) + 1); data/ibm-3270-4.0ga12/Common/util.c:770:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(fallbacks[i], name, strlen(name)) && data/ibm-3270-4.0ga12/Common/util.c:771:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(fallbacks[i] + strlen(name)) == ':') { data/ibm-3270-4.0ga12/Common/util.c:772:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return fallbacks[i] + strlen(name) + 2; data/ibm-3270-4.0ga12/Common/util.c:845:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *u = t + strlen(t) - 1; data/ibm-3270-4.0ga12/Common/util.c:980:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/util.c:999:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pnl = strlen(programname); data/ibm-3270-4.0ga12/Common/varbuf.c:103:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vb_append(r, buf, strlen(buf)); data/ibm-3270-4.0ga12/Common/x3270if.c:488:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd_nl = Malloc(strlen(cmd) + 2); data/ibm-3270-4.0ga12/Common/x3270if.c:497:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nw = send(outsocket, wstr, (int)strlen(wstr), 0); data/ibm-3270-4.0ga12/Common/x3270if.c:499:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nw = write(outfd, wstr, (int)strlen(wstr)); data/ibm-3270-4.0ga12/Common/x3270if.c:527:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(infd, rbuf, IBS))) > 0) { data/ibm-3270-4.0ga12/Common/x3270if.c:586:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret_sl + strlen(buf + PREFIX_LEN) + 2); data/ibm-3270-4.0ga12/Common/x3270if.c:588:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(strcat(*data_ret, buf + PREFIX_LEN), "\n"); data/ibm-3270-4.0ga12/Common/x3270if.c:589:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret_sl += strlen(buf + PREFIX_LEN) + 1; data/ibm-3270-4.0ga12/Common/x3270if.c:811:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = read(io[i].rfd, io[i].buf, IBS); data/ibm-3270-4.0ga12/Common/x3270if.c:866:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stdin_nr = read(0, stdin_buf, sizeof(stdin_buf)); data/ibm-3270-4.0ga12/Common/x3270if.c:1098:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/Common/x3270if.c:1110:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ie->key, s, colon - s); data/ibm-3270-4.0ga12/Common/x3270if.c:1112:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ie->translation = ie->key + strlen(ie->key) + 1; data/ibm-3270-4.0ga12/Common/x3270if.c:1172:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x_ret = Malloc(strlen(a) + strlen(s) + 1); data/ibm-3270-4.0ga12/Common/x3270if.c:1172:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x_ret = Malloc(strlen(a) + strlen(s) + 1); data/ibm-3270-4.0ga12/Common/x3270if.c:1239:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = Malloc(strlen(op) + strlen(sgr0) + 1); data/ibm-3270-4.0ga12/Common/x3270if.c:1239:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = Malloc(strlen(op) + strlen(sgr0) + 1); data/ibm-3270-4.0ga12/Common/x3270if.c:1279:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prompt_setaf = Malloc(strlen(prompt_setaf) + 1); data/ibm-3270-4.0ga12/Common/x3270if.c:1281:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prompt_len = MLEN + strlen(prompt_setaf) + MLEN + strlen(emulator_name) data/ibm-3270-4.0ga12/Common/x3270if.c:1281:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prompt_len = MLEN + strlen(prompt_setaf) + MLEN + strlen(emulator_name) data/ibm-3270-4.0ga12/Common/x3270if.c:1282:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen("> ") + MLEN + strlen(op) + MLEN + 1; data/ibm-3270-4.0ga12/Common/x3270if.c:1282:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen("> ") + MLEN + strlen(op) + MLEN + 1; data/ibm-3270-4.0ga12/Common/x3270if.c:1287:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prompt_len = strlen(emulator_name) + strlen("> ") + 1; data/ibm-3270-4.0ga12/Common/x3270if.c:1287:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prompt_len = strlen(emulator_name) + strlen("> ") + 1; data/ibm-3270-4.0ga12/Common/x3270if.c:1492:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(command); data/ibm-3270-4.0ga12/Common/x3270if.c:1510:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *response = Malloc(strlen(command_base64) + 128); data/ibm-3270-4.0ga12/Common/x3270if.c:1537:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((sl = strlen(data_ret)) > 0 && data_ret[sl - 1] == '\n') { data/ibm-3270-4.0ga12/Playback/playback.c:245:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(buf); data/ibm-3270-4.0ga12/Playback/playback.c:287:6: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(1000000 / 4); data/ibm-3270-4.0ga12/Playback/playback.c:361:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(s, buf, BSIZE); data/ibm-3270-4.0ga12/Playback/playback.c:406:27: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (again || ((c = fgetc(f)) != EOF)) { data/ibm-3270-4.0ga12/c3270/screen.c:565:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(defscreen_spec.mode_switch)) < 0) { data/ibm-3270-4.0ga12/c3270/screen.c:887:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sl = strlen(s); data/ibm-3270-4.0ga12/c3270/screen.c:1288:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(altscreen_spec.mode_switch)) < 0) { data/ibm-3270-4.0ga12/c3270/screen.c:1297:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(defscreen_spec.mode_switch)) < 0) { data/ibm-3270-4.0ga12/c3270/screen.c:1971:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(defscreen_spec.mode_switch)) < 0) { data/ibm-3270-4.0ga12/c3270/screen.c:2019:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(altscreen_spec.mode_switch)) < 0) { data/ibm-3270-4.0ga12/c3270/screen.c:2127:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(info_msg) > 35) { data/ibm-3270-4.0ga12/c3270/screen.c:2185:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(info_msg) > 35) { data/ibm-3270-4.0ga12/c3270/screen.c:2279:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(oia_lu, lu, LUCNT); data/ibm-3270-4.0ga12/c3270/screen.c:2715:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(str, "%dx%d=%2s", &spec->rows, &spec->cols, msbuf) != 3) { data/ibm-3270-4.0ga12/c3270/screen.c:2721:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). spec->mode_switch = Malloc(strlen(s) + 1); data/ibm-3270-4.0ga12/c3270/screen.c:2766:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(altscreen_spec.mode_switch)) < 0) { data/ibm-3270-4.0ga12/c3270/screen.c:2782:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(defscreen_spec.mode_switch)) < 0) { data/ibm-3270-4.0ga12/include/wincmn.h:113:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define read _read data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:119:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buf_len = 5 + path_len + (path? strlen(path + 1): 0) + 1; data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:198:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[i]))); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:304:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd_nl = Malloc(strlen(cmd) + 2); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:307:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nw = write(s3270pipe[1], cmd_nl, strlen(cmd_nl)); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:316:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (!complete && (nr = read(s3270pipe[0], rbuf, IBS)) > 0) { data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:350:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncmp(buf, DATA_PREFIX, strlen(DATA_PREFIX))) { data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:351:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *ret = Realloc(*ret, ret_sl + strlen(buf + data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:352:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(DATA_PREFIX)) + 2); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:354:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(strcat(*ret, buf + strlen(DATA_PREFIX)), "\n"); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:354:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcat(strcat(*ret, buf + strlen(DATA_PREFIX)), "\n"); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:355:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret_sl += strlen(buf + strlen(DATA_PREFIX)) + 1; data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:355:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret_sl += strlen(buf + strlen(DATA_PREFIX)) + 1; data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:615:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = out = Malloc(1 + (strlen(arg) * 2) + 1 + 1 + 1); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:665:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 1 + 2 * strlen(Tcl_GetString(objv[i])); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:670:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(cmd, "("); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:675:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(cmd, ","); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:681:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(cmd, ")"); data/ibm-3270-4.0ga12/tcl3270/tcl3270.c:763:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ret, s, len); data/ibm-3270-4.0ga12/wc3270/catf.c:118:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(fd, rbuf, n2r); data/ibm-3270-4.0ga12/wc3270/keymap.c:212:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(s) == 1) { data/ibm-3270-4.0ga12/wc3270/keymap.c:481:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(fn); data/ibm-3270-4.0ga12/wc3270/keymap.c:1276:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(s); data/ibm-3270-4.0ga12/wc3270/relink.c:224:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *usp = malloc(strlen(buf) + 1); data/ibm-3270-4.0ga12/wc3270/relink.c:227:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *usp = realloc(*usp, strlen(*usp) + strlen(buf) + 1); data/ibm-3270-4.0ga12/wc3270/relink.c:227:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *usp = realloc(*usp, strlen(*usp) + strlen(buf) + 1); data/ibm-3270-4.0ga12/wc3270/screen.c:637:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(buf); data/ibm-3270-4.0ga12/wc3270/screen.c:664:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(buf); data/ibm-3270-4.0ga12/wc3270/screen.c:1391:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(s); data/ibm-3270-4.0ga12/wc3270/screen.c:2830:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(info_msg) > 35) { data/ibm-3270-4.0ga12/wc3270/screen.c:2887:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(info_msg) > 35) { data/ibm-3270-4.0ga12/wc3270/screen.c:2970:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(oia_lu, lu, LUCNT); data/ibm-3270-4.0ga12/wc3270/shortcut.c:133:5: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(p.FaceName, font, LF_FACESIZE - 1); data/ibm-3270-4.0ga12/wc3270/wizard.c:65:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define KS_LEN strlen(KEYMAP_SUFFIX) data/ibm-3270-4.0ga12/wc3270/wizard.c:68:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define LEN_3270 strlen(KM_3270) data/ibm-3270-4.0ga12/wc3270/wizard.c:71:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define LEN_NVT strlen(KM_NVT) data/ibm-3270-4.0ga12/wc3270/wizard.c:74:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define LEN_DESC strlen(KM_DESC) data/ibm-3270-4.0ga12/wc3270/wizard.c:77:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define SESS_LEN strlen(SESS_SUFFIX) data/ibm-3270-4.0ga12/wc3270/wizard.c:404:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:442:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(yn, "quit", strlen(yn))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:445:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(yn, "yes", strlen(yn))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:448:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(yn, "no", strlen(yn))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:578:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(km->name); data/ibm-3270-4.0ga12/wc3270/wizard.c:646:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:651:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(km->description, buf + LEN_DESC, data/ibm-3270-4.0ga12/wc3270/wizard.c:659:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *def = malloc(strlen(buf) + 2); data/ibm-3270-4.0ga12/wc3270/wizard.c:661:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *def = realloc(*def, strlen(*def) + 5 + strlen(buf) + 1); data/ibm-3270-4.0ga12/wc3270/wizard.c:661:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *def = realloc(*def, strlen(*def) + 5 + strlen(buf) + 1); data/ibm-3270-4.0ga12/wc3270/wizard.c:669:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcat(strcpy(*def, " "), buf); data/ibm-3270-4.0ga12/wc3270/wizard.c:775:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s->printer, buf, STR_SIZE); data/ibm-3270-4.0ga12/wc3270/wizard.c:878:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(79 - strlen(wizard) - strlen(wversion)), " ", data/ibm-3270-4.0ga12/wc3270/wizard.c:878:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(79 - strlen(wizard) - strlen(wversion)), " ", data/ibm-3270-4.0ga12/wc3270/wizard.c:984:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(enq); data/ibm-3270-4.0ga12/wc3270/wizard.c:996:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(token[0]); data/ibm-3270-4.0ga12/wc3270/wizard.c:1141:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(name, LEGAL_CNAME) != strlen(name)) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1195:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen(session_name); data/ibm-3270-4.0ga12/wc3270/wizard.c:1218:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s->session, session_name, slen); data/ibm-3270-4.0ga12/wc3270/wizard.c:1229:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, session_name, MAX_PATH); data/ibm-3270-4.0ga12/wc3270/wizard.c:1239:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(start) - SESS_LEN + 1 < slen) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1240:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(start) - SESS_LEN + 1; data/ibm-3270-4.0ga12/wc3270/wizard.c:1242:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s->session, start, slen); data/ibm-3270-4.0ga12/wc3270/wizard.c:1250:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(documents_wc3270))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1253:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(public_documents_wc3270))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1255:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncmp(path, desktop, strlen(desktop))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1258:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(public_desktop))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1267:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s->session, session_name, slen); data/ibm-3270-4.0ga12/wc3270/wizard.c:1435:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (n_good != strlen(buf)) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1526:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (n_good != strlen(buf)) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1670:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/ibm-3270-4.0ga12/wc3270/wizard.c:1774:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(buf, "cp", 2) && strlen(buf) > 2) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1872:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(inbuf, "quit", strlen(inbuf))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1875:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(inbuf, "underscore", strlen(inbuf))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:1879:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(inbuf, "block", strlen(inbuf))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:2306:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s->printerlu, "."); data/ibm-3270-4.0ga12/wc3270/wizard.c:2346:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(s->printerlu, "."); data/ibm-3270-4.0ga12/wc3270/wizard.c:2978:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(ac, "public", strlen(ac))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:2981:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(ac, "my", strlen(ac)) || data/ibm-3270-4.0ga12/wc3270/wizard.c:2985:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(ac, "quit", strlen(ac))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:3271:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(choicebuf, "quit", strlen(choicebuf))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:3551:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(documents_wc3270, path, strlen(documents_wc3270))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:3555:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(public_documents_wc3270))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:3558:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(desktop, path, strlen(desktop))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:3561:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncasecmp(public_desktop, path, strlen(public_desktop))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:3640:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(strlen(documents_wc3270) - 1), data/ibm-3270-4.0ga12/wc3270/wizard.c:3648:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(strlen(public_documents_wc3270) - 1), data/ibm-3270-4.0ga12/wc3270/wizard.c:3652:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(n); data/ibm-3270-4.0ga12/wc3270/wizard.c:3969:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(to_name, argv[1], sizeof(to_name)); data/ibm-3270-4.0ga12/wc3270/wizard.c:4049:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s.session, to_name, STR_SIZE); data/ibm-3270-4.0ga12/wc3270/wizard.c:4239:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(sname) - strlen(SESS_SUFFIX); data/ibm-3270-4.0ga12/wc3270/wizard.c:4239:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(sname) - strlen(SESS_SUFFIX); data/ibm-3270-4.0ga12/wc3270/wizard.c:4252:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(n) == nlen && !strncasecmp(n, sname, nlen)) { data/ibm-3270-4.0ga12/wc3270/wizard.c:4269:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(xs->name, sname, nlen); data/ibm-3270-4.0ga12/wc3270/wizard.c:4392:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strncasecmp(sess_path, desktop, strlen(desktop)) || data/ibm-3270-4.0ga12/wc3270/wizard.c:4393:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strncasecmp(sess_path, public_desktop, strlen(public_desktop))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:4550:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *cmd = malloc(strlen(program) + strlen(" -U") + 1); data/ibm-3270-4.0ga12/wc3270/wizard.c:4550:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *cmd = malloc(strlen(program) + strlen(" -U") + 1); data/ibm-3270-4.0ga12/wc3270/wizard.c:4603:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(session.printerlu, "."); data/ibm-3270-4.0ga12/wc3270/wizard.c:4669:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(result); data/ibm-3270-4.0ga12/wc3270/wizard.c:4777:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(path, documents_wc3270, strlen(documents_wc3270))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:4780:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(public_documents_wc3270))) { data/ibm-3270-4.0ga12/wc3270/wizard.c:5240:32: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(s, sizeof(wchar_t), wcslen(s), f); data/ibm-3270-4.0ga12/wc3270/wizard.c:5286:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mbstowcs(lwc3270_exe, wc3270_exe, strlen(wc3270_exe) + 1); data/ibm-3270-4.0ga12/wc3270/wizard.c:5339:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(answer); data/ibm-3270-4.0ga12/wc3270/wizard.c:5417:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(f)) != EOF) { data/ibm-3270-4.0ga12/wc3270/wizard.c:5531:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(f)) != EOF) { data/ibm-3270-4.0ga12/wc3270/wizard.c:5627:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(79 - strlen(wizard) - strlen(wversion)), " ", data/ibm-3270-4.0ga12/wc3270/wizard.c:5627:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)(79 - strlen(wizard) - strlen(wversion)), " ", data/ibm-3270-4.0ga12/x3270/CmeBSB.c:287:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(entry->cme_bsb.label); data/ibm-3270-4.0ga12/x3270/CmeBSB.c:573:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(entry->cme_bsb.label)); data/ibm-3270-4.0ga12/x3270/about.c:219:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s1 = Malloc(strlen(s1a) + strlen(s1b) + 1); data/ibm-3270-4.0ga12/x3270/about.c:219:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s1 = Malloc(strlen(s1a) + strlen(s1b) + 1); data/ibm-3270-4.0ga12/x3270/about.c:222:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s2 = Malloc(strlen(s2a) + strlen(s2b) + 1); data/ibm-3270-4.0ga12/x3270/about.c:222:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s2 = Malloc(strlen(s2a) + strlen(s2b) + 1); data/ibm-3270-4.0ga12/x3270/about.c:541:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (local_process && !strlen(current_host)) { data/ibm-3270-4.0ga12/x3270/about.c:599:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line_len = (int)strlen(cert); data/ibm-3270-4.0ga12/x3270/ft_gui.c:237:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(local_file, strlen(xftc.local_filename)); data/ibm-3270-4.0ga12/x3270/ft_gui.c:271:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(host_file, strlen(xftc.host_filename)); data/ibm-3270-4.0ga12/x3270/ft_gui.c:457:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(lrecl_widget, strlen(lr)); data/ibm-3270-4.0ga12/x3270/ft_gui.c:498:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(blksize_widget, strlen(bs)); data/ibm-3270-4.0ga12/x3270/ft_gui.c:697:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(primspace_widget, strlen(s)); data/ibm-3270-4.0ga12/x3270/ft_gui.c:739:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(secspace_widget, strlen(s)); data/ibm-3270-4.0ga12/x3270/ft_gui.c:781:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(avblock_size_widget, strlen(s)); data/ibm-3270-4.0ga12/x3270/ft_gui.c:829:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(buffersize_widget, strlen(s)); data/ibm-3270-4.0ga12/x3270/ft_gui.c:1065:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) > 0) { data/ibm-3270-4.0ga12/x3270/ft_gui.c:1424:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(msg) > MAX_MSGLEN && strchr(msg, '\n') == NULL) { data/ibm-3270-4.0ga12/x3270/idle_gui.c:449:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). its = Malloc(strlen(tmo) + 3); data/ibm-3270-4.0ga12/x3270/keymap.c:376:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_trans(buf_nvt + strlen(ResKeymap) + 1, translations_nvt, NULL, data/ibm-3270-4.0ga12/x3270/keymap.c:380:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_trans(buf_3270 + strlen(ResKeymap) + 1, translations_3270, data/ibm-3270-4.0ga12/x3270/keymap.c:399:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_trans(buf_nvt + strlen(ResKeymap) + 1, translations_nvt, NULL, data/ibm-3270-4.0ga12/x3270/keymap.c:403:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_trans(buf_3270 + strlen(ResKeymap) + 1, translations_3270, data/ibm-3270-4.0ga12/x3270/keymap.c:508:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = t0 = (char *)XtMalloc(2 + strlen(table) + data/ibm-3270-4.0ga12/x3270/keymap.c:509:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlines * (strlen(" " PA_KEYMAP_TRACE "(,nnnn) ") + strlen(name) + data/ibm-3270-4.0ga12/x3270/keymap.c:509:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlines * (strlen(" " PA_KEYMAP_TRACE "(,nnnn) ") + strlen(name) + data/ibm-3270-4.0ga12/x3270/keymap.c:510:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(PA_ENDL))); data/ibm-3270-4.0ga12/x3270/keymap.c:570:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(PA_ENDL); data/ibm-3270-4.0ga12/x3270/keymap.c:595:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Replace(keymap_trace, XtMalloc(strlen(params[0]) + 1 + data/ibm-3270-4.0ga12/x3270/keymap.c:596:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(params[1]) + 1)); data/ibm-3270-4.0ga12/x3270/keymap.c:994:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t_next += strlen(PA_ENDL); data/ibm-3270-4.0ga12/x3270/keymap.c:1009:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k += strlen(cmps); data/ibm-3270-4.0ga12/x3270/keymap.c:1023:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(a) >= strlen(PA_ENDL) && data/ibm-3270-4.0ga12/x3270/keymap.c:1023:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(a) >= strlen(PA_ENDL) && data/ibm-3270-4.0ga12/x3270/keymap.c:1024:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strcmp(a + strlen(a) - strlen(PA_ENDL), PA_ENDL)) { data/ibm-3270-4.0ga12/x3270/keymap.c:1024:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strcmp(a + strlen(a) - strlen(PA_ENDL), PA_ENDL)) { data/ibm-3270-4.0ga12/x3270/keymap.c:1025:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a[strlen(a) - strlen(PA_ENDL)] = '\0'; data/ibm-3270-4.0ga12/x3270/keymap.c:1025:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a[strlen(a) - strlen(PA_ENDL)] = '\0'; data/ibm-3270-4.0ga12/x3270/menubar.c:331:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, m = namebuf + strlen(namebuf); data/ibm-3270-4.0ga12/x3270/menubar.c:972:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strncasecmp(suppress, ResTrue, strlen(suppress)); data/ibm-3270-4.0ga12/x3270/save.c:522:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i += strlen(c); data/ibm-3270-4.0ga12/x3270/save.c:545:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(tmp_cmd[i]) + 1; data/ibm-3270-4.0ga12/x3270/save.c:554:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c2 += strlen(c2) + 1; data/ibm-3270-4.0ga12/x3270/save.c:655:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ct[strlen(ct)-1] == '\n') { data/ibm-3270-4.0ga12/x3270/save.c:656:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ct[strlen(ct)-1] = '\0'; data/ibm-3270-4.0ga12/x3270/save.c:738:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(argv[i]) + 1; data/ibm-3270-4.0ga12/x3270/save.c:746:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(argv[i]) + 1; data/ibm-3270-4.0ga12/x3270/save.c:796:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((nlen = strlen(tlname)) > NLEN) { data/ibm-3270-4.0ga12/x3270/save.c:797:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen((char *)fallbacks) + ((nlen - NLEN) * nname) + 1; data/ibm-3270-4.0ga12/x3270/save.c:799:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen((char *)fallbacks) - ((NLEN - nlen) * nname) + 1; data/ibm-3270-4.0ga12/x3270/screen.c:4619:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = Malloc(strlen(s) + (commas * 2) + 2 + 1); data/ibm-3270-4.0ga12/x3270/screen.c:4629:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(r, t, wl); data/ibm-3270-4.0ga12/x3270/screen.c:5340:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(aicon_text); data/ibm-3270-4.0ga12/x3270/screen.c:6269:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(res[ns], s, nc); data/ibm-3270-4.0ga12/x3270/screen.c:6275:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int nc = strlen(s); data/ibm-3270-4.0ga12/x3270/screen.c:6280:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(res[ns], s, nc); data/ibm-3270-4.0ga12/x3270/select.c:1103:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nw = utf8_to_unicode(buf, strlen(buf), &ucs); data/ibm-3270-4.0ga12/x3270/select.c:1184:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *length = strlen(own_sel[i].buffer); data/ibm-3270-4.0ga12/x3270/select.c:1218:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(long*)*value = strlen(own_sel[i].buffer); data/ibm-3270-4.0ga12/x3270/select.c:1220:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long temp = strlen(own_sel[i].buffer); data/ibm-3270-4.0ga12/x3270/select.c:1442:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Replace(own_sel[j].buffer, XtMalloc(strlen(select_buf) + 1)); data/ibm-3270-4.0ga12/x3270/select.c:1443:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(own_sel[j].buffer, select_buf, strlen(select_buf) + 1); data/ibm-3270-4.0ga12/x3270/status.c:910:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(oia_lu, lu, LUCNT); data/ibm-3270-4.0ga12/x3270/status.c:1250:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_not_connected, strlen((char *)a_not_connected)); data/ibm-3270-4.0ga12/x3270/status.c:1260:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_reconnecting, strlen((char *)a_reconnecting)); data/ibm-3270-4.0ga12/x3270/status.c:1270:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_resolving, strlen((char *)a_resolving)); data/ibm-3270-4.0ga12/x3270/status.c:1280:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_connecting, strlen((char *)a_connecting)); data/ibm-3270-4.0ga12/x3270/status.c:1290:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_tls, strlen((char *)a_tls)); data/ibm-3270-4.0ga12/x3270/status.c:1300:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_proxy, strlen((char *)a_proxy)); data/ibm-3270-4.0ga12/x3270/status.c:1310:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_telnet, strlen((char *)a_telnet)); data/ibm-3270-4.0ga12/x3270/status.c:1320:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_tn3270e, strlen((char *)a_tn3270e)); data/ibm-3270-4.0ga12/x3270/status.c:1330:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_awaiting_first, strlen((char *)a_awaiting_first)); data/ibm-3270-4.0ga12/x3270/status.c:1358:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_inhibit, strlen((char *)a_inhibit)); data/ibm-3270-4.0ga12/x3270/status.c:1372:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_twait, strlen((char *)a_twait)); data/ibm-3270-4.0ga12/x3270/status.c:1386:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_syswait, strlen((char *)a_syswait)); data/ibm-3270-4.0ga12/x3270/status.c:1400:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_protected, strlen((char *)a_protected)); data/ibm-3270-4.0ga12/x3270/status.c:1414:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_numeric, strlen((char *)a_numeric)); data/ibm-3270-4.0ga12/x3270/status.c:1428:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_overflow, strlen((char *)a_overflow)); data/ibm-3270-4.0ga12/x3270/status.c:1442:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_dbcs, strlen((char *)a_dbcs)); data/ibm-3270-4.0ga12/x3270/status.c:1462:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = XtMalloc(strlen((char *)a_scrolled) + 4); data/ibm-3270-4.0ga12/x3270/status.c:1464:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set((unsigned char *)t, strlen(t)); data/ibm-3270-4.0ga12/x3270/status.c:1487:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_minus, strlen((char *)a_minus)); data/ibm-3270-4.0ga12/x3270/status.c:1501:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status_msg_set(a_minus, strlen((char *)a_minus)); data/ibm-3270-4.0ga12/x3270/status.c:1640:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < (int) strlen(buf); i++) { data/ibm-3270-4.0ga12/x3270/status.c:1660:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < (int) strlen(buf); i++) { data/ibm-3270-4.0ga12/x3270/stmenu.c:196:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b.length = strlen(d); data/ibm-3270-4.0ga12/x3270/stmenu.c:199:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextReplace(filename, 0, strlen(name), &b); data/ibm-3270-4.0ga12/x3270/stmenu.c:200:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(filename, strlen(d)); data/ibm-3270-4.0ga12/x3270/stmenu.c:317:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b.length = strlen(d); data/ibm-3270-4.0ga12/x3270/stmenu.c:321:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(filename, strlen(d)); data/ibm-3270-4.0ga12/x3270/stmenu.c:407:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b.length = strlen(d); data/ibm-3270-4.0ga12/x3270/stmenu.c:411:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XawTextSetInsertionPoint(print_command, strlen(d)); data/ibm-3270-4.0ga12/x3270/x3270.c:607:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cl_hostname) > strlen(".x3270") && data/ibm-3270-4.0ga12/x3270/x3270.c:607:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cl_hostname) > strlen(".x3270") && data/ibm-3270-4.0ga12/x3270/x3270.c:608:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strcmp(cl_hostname + strlen(cl_hostname) - strlen(".x3270"), data/ibm-3270-4.0ga12/x3270/x3270.c:608:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strcmp(cl_hostname + strlen(cl_hostname) - strlen(".x3270"), data/ibm-3270-4.0ga12/x3270/x3270.c:900:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(m); data/ibm-3270-4.0ga12/x3270/x3270.c:970:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(reconnect_host): 0)); data/ibm-3270-4.0ga12/x3270/x3270.c:1067:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e_len = strlen(OptLocalProcess) + 1; data/ibm-3270-4.0ga12/x3270/x3270.c:1069:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e_len += 1 + strlen(argv[j]); data/ibm-3270-4.0ga12/x3270/x3270.c:1075:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(strcat(*cmds, " "), argv[j]); data/ibm-3270-4.0ga12/x3270/x3270.c:1115:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ret = Malloc((strlen(s) * 2) + 1); data/ibm-3270-4.0ga12/x3270/x3270.c:1170:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(argv[i]); data/ibm-3270-4.0ga12/x3270/xkybd.c:80:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ucs4 = multibyte_to_unicode(mb, strlen(mb), &consumed, &error); ANALYSIS SUMMARY: Hits = 1630 Lines analyzed = 163590 in approximately 6.82 seconds (24000 lines/second) Physical Source Lines of Code (SLOC) = 119820 Hits@level = [0] 886 [1] 651 [2] 689 [3] 53 [4] 237 [5] 0 Hits@level+ = [0+] 2516 [1+] 1630 [2+] 979 [3+] 290 [4+] 237 [5+] 0 Hits/KSLOC@level+ = [0+] 20.9982 [1+] 13.6037 [2+] 8.17059 [3+] 2.4203 [4+] 1.97797 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.