Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/inn2-2.6.3+20200601/nnrpd/post.h Examining data/inn2-2.6.3+20200601/nnrpd/nnrpd.c Examining data/inn2-2.6.3+20200601/nnrpd/newnews.c Examining data/inn2-2.6.3+20200601/nnrpd/perl.c Examining data/inn2-2.6.3+20200601/nnrpd/cache.h Examining data/inn2-2.6.3+20200601/nnrpd/tls.h Examining data/inn2-2.6.3+20200601/nnrpd/perm.c Examining data/inn2-2.6.3+20200601/nnrpd/zlib.c Examining data/inn2-2.6.3+20200601/nnrpd/tls.c Examining data/inn2-2.6.3+20200601/nnrpd/line.c Examining data/inn2-2.6.3+20200601/nnrpd/list.c Examining data/inn2-2.6.3+20200601/nnrpd/cache.c Examining data/inn2-2.6.3+20200601/nnrpd/article.c Examining data/inn2-2.6.3+20200601/nnrpd/nnrpd.h Examining data/inn2-2.6.3+20200601/nnrpd/auth-ext.c Examining data/inn2-2.6.3+20200601/nnrpd/commands.c Examining data/inn2-2.6.3+20200601/nnrpd/misc.c Examining data/inn2-2.6.3+20200601/nnrpd/post.c Examining data/inn2-2.6.3+20200601/nnrpd/group.c Examining data/inn2-2.6.3+20200601/nnrpd/sasl.c Examining data/inn2-2.6.3+20200601/nnrpd/track.c Examining data/inn2-2.6.3+20200601/nnrpd/python.c Examining data/inn2-2.6.3+20200601/authprogs/libauth.h Examining data/inn2-2.6.3+20200601/authprogs/ident.c Examining data/inn2-2.6.3+20200601/authprogs/auth_krb5.c Examining data/inn2-2.6.3+20200601/authprogs/domain.c Examining data/inn2-2.6.3+20200601/authprogs/libauth.c Examining data/inn2-2.6.3+20200601/authprogs/radius.c Examining data/inn2-2.6.3+20200601/authprogs/ckpasswd.c Examining data/inn2-2.6.3+20200601/contrib/respool.c Examining data/inn2-2.6.3+20200601/contrib/expirectl.c Examining data/inn2-2.6.3+20200601/contrib/mlockfile.c Examining data/inn2-2.6.3+20200601/contrib/pullart.c Examining data/inn2-2.6.3+20200601/contrib/reset-cnfs.c Examining data/inn2-2.6.3+20200601/contrib/auth_pass.c Examining data/inn2-2.6.3+20200601/contrib/newsresp.c Examining data/inn2-2.6.3+20200601/tests/nnrpd/auth-ext-t.c Examining data/inn2-2.6.3+20200601/tests/util/innbind-t.c Examining data/inn2-2.6.3+20200601/tests/authprogs/ident-t.c Examining data/inn2-2.6.3+20200601/tests/tap/string.h Examining data/inn2-2.6.3+20200601/tests/tap/string.c Examining data/inn2-2.6.3+20200601/tests/tap/basic.h Examining data/inn2-2.6.3+20200601/tests/tap/messages.c Examining data/inn2-2.6.3+20200601/tests/tap/float.c Examining data/inn2-2.6.3+20200601/tests/tap/macros.h Examining data/inn2-2.6.3+20200601/tests/tap/messages.h Examining data/inn2-2.6.3+20200601/tests/tap/basic.c Examining data/inn2-2.6.3+20200601/tests/tap/float.h Examining data/inn2-2.6.3+20200601/tests/tap/process.h Examining data/inn2-2.6.3+20200601/tests/tap/process.c Examining data/inn2-2.6.3+20200601/tests/innd/fakeinnd.c Examining data/inn2-2.6.3+20200601/tests/innd/chan-t.c Examining data/inn2-2.6.3+20200601/tests/innd/artparse-t.c Examining data/inn2-2.6.3+20200601/tests/overview/xref-t.c Examining data/inn2-2.6.3+20200601/tests/overview/api-t.c Examining data/inn2-2.6.3+20200601/tests/overview/overview-t.c Examining data/inn2-2.6.3+20200601/tests/runtests.c Examining data/inn2-2.6.3+20200601/tests/lib/strlcpy-t.c Examining data/inn2-2.6.3+20200601/tests/lib/concat-t.c Examining data/inn2-2.6.3+20200601/tests/lib/hashtab-t.c Examining data/inn2-2.6.3+20200601/tests/lib/wire-t.c Examining data/inn2-2.6.3+20200601/tests/lib/pwrite-t.c Examining data/inn2-2.6.3+20200601/tests/lib/pread-t.c Examining data/inn2-2.6.3+20200601/tests/lib/xmalloc.c Examining data/inn2-2.6.3+20200601/tests/lib/fakewrite.c Examining data/inn2-2.6.3+20200601/tests/lib/buffer-t.c Examining data/inn2-2.6.3+20200601/tests/lib/uwildmat-t.c Examining data/inn2-2.6.3+20200601/tests/lib/md5-t.c Examining data/inn2-2.6.3+20200601/tests/lib/mkstemp-t.c Examining data/inn2-2.6.3+20200601/tests/lib/messageid-t.c Examining data/inn2-2.6.3+20200601/tests/lib/getnameinfo-t.c Examining data/inn2-2.6.3+20200601/tests/lib/list-t.c Examining data/inn2-2.6.3+20200601/tests/lib/inet_ntop-t.c Examining data/inn2-2.6.3+20200601/tests/lib/getaddrinfo-t.c Examining data/inn2-2.6.3+20200601/tests/lib/inet_aton-t.c Examining data/inn2-2.6.3+20200601/tests/lib/confparse-t.c Examining data/inn2-2.6.3+20200601/tests/lib/setenv-t.c Examining data/inn2-2.6.3+20200601/tests/lib/dispatch-t.c Examining data/inn2-2.6.3+20200601/tests/lib/asprintf-t.c Examining data/inn2-2.6.3+20200601/tests/lib/date-t.c Examining data/inn2-2.6.3+20200601/tests/lib/innconf-t.c Examining data/inn2-2.6.3+20200601/tests/lib/fakewrite.h Examining data/inn2-2.6.3+20200601/tests/lib/xwrite-t.c Examining data/inn2-2.6.3+20200601/tests/lib/conffile-t.c Examining data/inn2-2.6.3+20200601/tests/lib/qio-t.c Examining data/inn2-2.6.3+20200601/tests/lib/strlcat-t.c Examining data/inn2-2.6.3+20200601/tests/lib/vector-t.c Examining data/inn2-2.6.3+20200601/tests/lib/reallocarray-t.c Examining data/inn2-2.6.3+20200601/tests/lib/snprintf-t.c Examining data/inn2-2.6.3+20200601/tests/lib/tst-t.c Examining data/inn2-2.6.3+20200601/tests/lib/hex-t.c Examining data/inn2-2.6.3+20200601/tests/lib/headers-t.c Examining data/inn2-2.6.3+20200601/tests/lib/network/addr-ipv4-t.c Examining data/inn2-2.6.3+20200601/tests/lib/network/client-t.c Examining data/inn2-2.6.3+20200601/tests/lib/network/addr-ipv6-t.c Examining data/inn2-2.6.3+20200601/tests/lib/network/server-t.c Examining data/inn2-2.6.3+20200601/tests/lib/fdflag-t.c Examining data/inn2-2.6.3+20200601/tests/lib/hash-t.c Examining data/inn2-2.6.3+20200601/tests/lib/inet_ntoa-t.c Examining data/inn2-2.6.3+20200601/tests/lib/messages-t.c Examining data/inn2-2.6.3+20200601/innd/art.c Examining data/inn2-2.6.3+20200601/innd/util.c Examining data/inn2-2.6.3+20200601/innd/proc.c Examining data/inn2-2.6.3+20200601/innd/perl.c Examining data/inn2-2.6.3+20200601/innd/wip.c Examining data/inn2-2.6.3+20200601/innd/keywords.c Examining data/inn2-2.6.3+20200601/innd/ng.c Examining data/inn2-2.6.3+20200601/innd/newsfeeds.c Examining data/inn2-2.6.3+20200601/innd/tinyleaf.c Examining data/inn2-2.6.3+20200601/innd/icd.c Examining data/inn2-2.6.3+20200601/innd/site.c Examining data/inn2-2.6.3+20200601/innd/status.c Examining data/inn2-2.6.3+20200601/innd/lc.c Examining data/inn2-2.6.3+20200601/innd/nc.c Examining data/inn2-2.6.3+20200601/innd/chan.c Examining data/inn2-2.6.3+20200601/innd/cc.c Examining data/inn2-2.6.3+20200601/innd/innd.c Examining data/inn2-2.6.3+20200601/innd/innd.h Examining data/inn2-2.6.3+20200601/innd/rc.c Examining data/inn2-2.6.3+20200601/innd/python.c Examining data/inn2-2.6.3+20200601/backends/overchan.c Examining data/inn2-2.6.3+20200601/backends/innxbatch.c Examining data/inn2-2.6.3+20200601/backends/shrinkfile.c Examining data/inn2-2.6.3+20200601/backends/cvtbatch.c Examining data/inn2-2.6.3+20200601/backends/archive.c Examining data/inn2-2.6.3+20200601/backends/buffchan.c Examining data/inn2-2.6.3+20200601/backends/inndf.c Examining data/inn2-2.6.3+20200601/backends/innxmit.c Examining data/inn2-2.6.3+20200601/backends/innbind.c Examining data/inn2-2.6.3+20200601/backends/ninpaths.c Examining data/inn2-2.6.3+20200601/backends/nntpget.c Examining data/inn2-2.6.3+20200601/backends/batcher.c Examining data/inn2-2.6.3+20200601/backends/actsync.c Examining data/inn2-2.6.3+20200601/backends/map.h Examining data/inn2-2.6.3+20200601/backends/map.c Examining data/inn2-2.6.3+20200601/backends/filechan.c Examining data/inn2-2.6.3+20200601/backends/shlock.c Examining data/inn2-2.6.3+20200601/innfeed/endpoint.h Examining data/inn2-2.6.3+20200601/innfeed/buffer.c Examining data/inn2-2.6.3+20200601/innfeed/main.c Examining data/inn2-2.6.3+20200601/innfeed/connection.h Examining data/inn2-2.6.3+20200601/innfeed/innfeed.h Examining data/inn2-2.6.3+20200601/innfeed/config_y.c Examining data/inn2-2.6.3+20200601/innfeed/host.h Examining data/inn2-2.6.3+20200601/innfeed/imap_connection.c Examining data/inn2-2.6.3+20200601/innfeed/config_y.h Examining data/inn2-2.6.3+20200601/innfeed/innlistener.c Examining data/inn2-2.6.3+20200601/innfeed/innlistener.h Examining data/inn2-2.6.3+20200601/innfeed/article.c Examining data/inn2-2.6.3+20200601/innfeed/connection.c Examining data/inn2-2.6.3+20200601/innfeed/tape.h Examining data/inn2-2.6.3+20200601/innfeed/buffer.h Examining data/inn2-2.6.3+20200601/innfeed/misc.c Examining data/inn2-2.6.3+20200601/innfeed/tape.c Examining data/inn2-2.6.3+20200601/innfeed/configfile.h Examining data/inn2-2.6.3+20200601/innfeed/config_l.c Examining data/inn2-2.6.3+20200601/innfeed/article.h Examining data/inn2-2.6.3+20200601/innfeed/endpoint.c Examining data/inn2-2.6.3+20200601/innfeed/misc.h Examining data/inn2-2.6.3+20200601/innfeed/host.c Examining data/inn2-2.6.3+20200601/storage/tradindexed/tdx-data.c Examining data/inn2-2.6.3+20200601/storage/tradindexed/tradindexed.h Examining data/inn2-2.6.3+20200601/storage/tradindexed/tdx-structure.h Examining data/inn2-2.6.3+20200601/storage/tradindexed/tdx-util.c Examining data/inn2-2.6.3+20200601/storage/tradindexed/tdx-group.c Examining data/inn2-2.6.3+20200601/storage/tradindexed/tradindexed.c Examining data/inn2-2.6.3+20200601/storage/tradindexed/tdx-private.h Examining data/inn2-2.6.3+20200601/storage/tradindexed/tdx-cache.c Examining data/inn2-2.6.3+20200601/storage/ovinterface.h Examining data/inn2-2.6.3+20200601/storage/methods.c Examining data/inn2-2.6.3+20200601/storage/interface.c Examining data/inn2-2.6.3+20200601/storage/ovmethods.h Examining data/inn2-2.6.3+20200601/storage/overview.c Examining data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h Examining data/inn2-2.6.3+20200601/storage/cnfs/cnfs.h Examining data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c Examining data/inn2-2.6.3+20200601/storage/buffindexed/shmem.c Examining data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c Examining data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.h Examining data/inn2-2.6.3+20200601/storage/buffindexed/shmem.h Examining data/inn2-2.6.3+20200601/storage/ovdb/ovdb.h Examining data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c Examining data/inn2-2.6.3+20200601/storage/ovdb/ovdb-private.h Examining data/inn2-2.6.3+20200601/storage/overdata.c Examining data/inn2-2.6.3+20200601/storage/tradspool/tradspool.h Examining data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c Examining data/inn2-2.6.3+20200601/storage/ov.c Examining data/inn2-2.6.3+20200601/storage/methods.h Examining data/inn2-2.6.3+20200601/storage/timehash/timehash.c Examining data/inn2-2.6.3+20200601/storage/timehash/timehash.h Examining data/inn2-2.6.3+20200601/storage/ovmethods.c Examining data/inn2-2.6.3+20200601/storage/timecaf/caf.h Examining data/inn2-2.6.3+20200601/storage/timecaf/timecaf.c Examining data/inn2-2.6.3+20200601/storage/timecaf/caf.c Examining data/inn2-2.6.3+20200601/storage/timecaf/timecaf.h Examining data/inn2-2.6.3+20200601/storage/expire.c Examining data/inn2-2.6.3+20200601/storage/interface.h Examining data/inn2-2.6.3+20200601/storage/trash/trash.c Examining data/inn2-2.6.3+20200601/storage/trash/trash.h Examining data/inn2-2.6.3+20200601/expire/fastrm.c Examining data/inn2-2.6.3+20200601/expire/expireover.c Examining data/inn2-2.6.3+20200601/expire/makehistory.c Examining data/inn2-2.6.3+20200601/expire/convdate.c Examining data/inn2-2.6.3+20200601/expire/makedbz.c Examining data/inn2-2.6.3+20200601/expire/expire.c Examining data/inn2-2.6.3+20200601/expire/grephistory.c Examining data/inn2-2.6.3+20200601/expire/prunehistory.c Examining data/inn2-2.6.3+20200601/frontends/rnews.c Examining data/inn2-2.6.3+20200601/frontends/innconfval.c Examining data/inn2-2.6.3+20200601/frontends/decode.c Examining data/inn2-2.6.3+20200601/frontends/encode.c Examining data/inn2-2.6.3+20200601/frontends/inews.c Examining data/inn2-2.6.3+20200601/frontends/ovdb_init.c Examining data/inn2-2.6.3+20200601/frontends/ctlinnd.c Examining data/inn2-2.6.3+20200601/frontends/getlist.c Examining data/inn2-2.6.3+20200601/frontends/sm.c Examining data/inn2-2.6.3+20200601/frontends/feedone.c Examining data/inn2-2.6.3+20200601/frontends/ovdb_server.c Examining data/inn2-2.6.3+20200601/frontends/ovdb_monitor.c Examining data/inn2-2.6.3+20200601/frontends/sys2nf.c Examining data/inn2-2.6.3+20200601/frontends/ovdb_stat.c Examining data/inn2-2.6.3+20200601/history/his.c Examining data/inn2-2.6.3+20200601/history/hisinterface.h Examining data/inn2-2.6.3+20200601/history/hismethods.h Examining data/inn2-2.6.3+20200601/history/hisv6/hisv6.c Examining data/inn2-2.6.3+20200601/history/hisv6/hisv6.h Examining data/inn2-2.6.3+20200601/history/hisv6/hisv6-private.h Examining data/inn2-2.6.3+20200601/history/hismethods.c Examining data/inn2-2.6.3+20200601/lib/conffile.c Examining data/inn2-2.6.3+20200601/lib/fdflag.c Examining data/inn2-2.6.3+20200601/lib/hashtab.c Examining data/inn2-2.6.3+20200601/lib/getmodaddr.c Examining data/inn2-2.6.3+20200601/lib/date.c Examining data/inn2-2.6.3+20200601/lib/localopen.c Examining data/inn2-2.6.3+20200601/lib/headers.c Examining data/inn2-2.6.3+20200601/lib/tst.c Examining data/inn2-2.6.3+20200601/lib/argparse.c Examining data/inn2-2.6.3+20200601/lib/fseeko.c Examining data/inn2-2.6.3+20200601/lib/strlcat.c Examining data/inn2-2.6.3+20200601/lib/radix32.c Examining data/inn2-2.6.3+20200601/lib/qio.c Examining data/inn2-2.6.3+20200601/lib/network-innbind.c Examining data/inn2-2.6.3+20200601/lib/reallocarray.c Examining data/inn2-2.6.3+20200601/lib/getnameinfo.c Examining data/inn2-2.6.3+20200601/lib/buffer.c Examining data/inn2-2.6.3+20200601/lib/seteuid.c Examining data/inn2-2.6.3+20200601/lib/confparse.c Examining data/inn2-2.6.3+20200601/lib/mkstemp.c Examining data/inn2-2.6.3+20200601/lib/sendarticle.c Examining data/inn2-2.6.3+20200601/lib/clientlib.c Examining data/inn2-2.6.3+20200601/lib/hash.c Examining data/inn2-2.6.3+20200601/lib/perl.c Examining data/inn2-2.6.3+20200601/lib/getaddrinfo.c Examining data/inn2-2.6.3+20200601/lib/xmalloc.c Examining data/inn2-2.6.3+20200601/lib/dbz.c Examining data/inn2-2.6.3+20200601/lib/makedir.c Examining data/inn2-2.6.3+20200601/lib/innconf.c Examining data/inn2-2.6.3+20200601/lib/xsignal.c Examining data/inn2-2.6.3+20200601/lib/messageid.c Examining data/inn2-2.6.3+20200601/lib/getfqdn.c Examining data/inn2-2.6.3+20200601/lib/cleanfrom.c Examining data/inn2-2.6.3+20200601/lib/messages.c Examining data/inn2-2.6.3+20200601/lib/strspn.c Examining data/inn2-2.6.3+20200601/lib/numbers.c Examining data/inn2-2.6.3+20200601/lib/inet_aton.c Examining data/inn2-2.6.3+20200601/lib/reservedfd.c Examining data/inn2-2.6.3+20200601/lib/strlcpy.c Examining data/inn2-2.6.3+20200601/lib/concat.c Examining data/inn2-2.6.3+20200601/lib/setenv.c Examining data/inn2-2.6.3+20200601/lib/sequence.c Examining data/inn2-2.6.3+20200601/lib/daemonize.c Examining data/inn2-2.6.3+20200601/lib/getpagesize.c Examining data/inn2-2.6.3+20200601/lib/list.c Examining data/inn2-2.6.3+20200601/lib/remopen.c Examining data/inn2-2.6.3+20200601/lib/setproctitle.c Examining data/inn2-2.6.3+20200601/lib/vector.c Examining data/inn2-2.6.3+20200601/lib/asprintf.c Examining data/inn2-2.6.3+20200601/lib/xfopena.c Examining data/inn2-2.6.3+20200601/lib/inet_ntoa.c Examining data/inn2-2.6.3+20200601/lib/timer.c Examining data/inn2-2.6.3+20200601/lib/inndcomm.c Examining data/inn2-2.6.3+20200601/lib/xwrite.c Examining data/inn2-2.6.3+20200601/lib/strcasecmp.c Examining data/inn2-2.6.3+20200601/lib/sendpass.c Examining data/inn2-2.6.3+20200601/lib/alloca.c Examining data/inn2-2.6.3+20200601/lib/inet_ntop.c Examining data/inn2-2.6.3+20200601/lib/hex.c Examining data/inn2-2.6.3+20200601/lib/fdlimit.c Examining data/inn2-2.6.3+20200601/lib/newsuser.c Examining data/inn2-2.6.3+20200601/lib/readin.c Examining data/inn2-2.6.3+20200601/lib/commands.c Examining data/inn2-2.6.3+20200601/lib/defdist.c Examining data/inn2-2.6.3+20200601/lib/md5.c Examining data/inn2-2.6.3+20200601/lib/ftello.c Examining data/inn2-2.6.3+20200601/lib/pread.c Examining data/inn2-2.6.3+20200601/lib/clientactive.c Examining data/inn2-2.6.3+20200601/lib/symlink.c Examining data/inn2-2.6.3+20200601/lib/uwildmat.c Examining data/inn2-2.6.3+20200601/lib/snprintf.c Examining data/inn2-2.6.3+20200601/lib/strtok.c Examining data/inn2-2.6.3+20200601/lib/nntp.c Examining data/inn2-2.6.3+20200601/lib/mmap.c Examining data/inn2-2.6.3+20200601/lib/pwrite.c Examining data/inn2-2.6.3+20200601/lib/wire.c Examining data/inn2-2.6.3+20200601/lib/network.c Examining data/inn2-2.6.3+20200601/lib/dispatch.c Examining data/inn2-2.6.3+20200601/lib/lockfile.c Examining data/inn2-2.6.3+20200601/lib/resource.c Examining data/inn2-2.6.3+20200601/include/portable/uio.h Examining data/inn2-2.6.3+20200601/include/portable/mmap.h Examining data/inn2-2.6.3+20200601/include/portable/macros.h Examining data/inn2-2.6.3+20200601/include/portable/alloca.h Examining data/inn2-2.6.3+20200601/include/portable/socket-unix.h Examining data/inn2-2.6.3+20200601/include/portable/stdbool.h Examining data/inn2-2.6.3+20200601/include/portable/socket.h Examining data/inn2-2.6.3+20200601/include/portable/getaddrinfo.h Examining data/inn2-2.6.3+20200601/include/portable/setproctitle.h Examining data/inn2-2.6.3+20200601/include/portable/getnameinfo.h Examining data/inn2-2.6.3+20200601/include/inn/storage.h Examining data/inn2-2.6.3+20200601/include/inn/wire.h Examining data/inn2-2.6.3+20200601/include/inn/inndcomm.h Examining data/inn2-2.6.3+20200601/include/inn/sequence.h Examining data/inn2-2.6.3+20200601/include/inn/overview.h Examining data/inn2-2.6.3+20200601/include/inn/qio.h Examining data/inn2-2.6.3+20200601/include/inn/mmap.h Examining data/inn2-2.6.3+20200601/include/inn/timer.h Examining data/inn2-2.6.3+20200601/include/inn/utility.h Examining data/inn2-2.6.3+20200601/include/inn/defines.h Examining data/inn2-2.6.3+20200601/include/inn/macros.h Examining data/inn2-2.6.3+20200601/include/inn/dbz.h Examining data/inn2-2.6.3+20200601/include/inn/history.h Examining data/inn2-2.6.3+20200601/include/inn/xmalloc.h Examining data/inn2-2.6.3+20200601/include/inn/options.h Examining data/inn2-2.6.3+20200601/include/inn/messages.h Examining data/inn2-2.6.3+20200601/include/inn/hashtab.h Examining data/inn2-2.6.3+20200601/include/inn/vector.h Examining data/inn2-2.6.3+20200601/include/inn/xwrite.h Examining data/inn2-2.6.3+20200601/include/inn/dispatch.h Examining data/inn2-2.6.3+20200601/include/inn/list.h Examining data/inn2-2.6.3+20200601/include/inn/network.h Examining data/inn2-2.6.3+20200601/include/inn/buffer.h Examining data/inn2-2.6.3+20200601/include/inn/newsuser.h Examining data/inn2-2.6.3+20200601/include/inn/innconf.h Examining data/inn2-2.6.3+20200601/include/inn/ov.h Examining data/inn2-2.6.3+20200601/include/inn/tst.h Examining data/inn2-2.6.3+20200601/include/inn/network-innbind.h Examining data/inn2-2.6.3+20200601/include/inn/fdflag.h Examining data/inn2-2.6.3+20200601/include/inn/concat.h Examining data/inn2-2.6.3+20200601/include/inn/libinn.h Examining data/inn2-2.6.3+20200601/include/inn/md5.h Examining data/inn2-2.6.3+20200601/include/inn/nntp.h Examining data/inn2-2.6.3+20200601/include/inn/confparse.h Examining data/inn2-2.6.3+20200601/include/ppport.h Examining data/inn2-2.6.3+20200601/include/innperl.h Examining data/inn2-2.6.3+20200601/include/clibrary.h Examining data/inn2-2.6.3+20200601/include/conffile.h FINAL RESULTS: data/inn2-2.6.3+20200601/backends/buffchan.c:126:29: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. && (errno != EACCES || chmod(sp->Filename, 0644) < 0 data/inn2-2.6.3+20200601/backends/filechan.c:116:7: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown(p, uid, gid); data/inn2-2.6.3+20200601/innd/innd.c:745:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(PID, 0664) < 0) { data/inn2-2.6.3+20200601/innfeed/main.c:672:11: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(pidFile, 0664) < 0) data/inn2-2.6.3+20200601/authprogs/auth_krb5.c:117:39: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void __attribute__((__format__(printf, 3, 4))) data/inn2-2.6.3+20200601/authprogs/ckpasswd.c:413:26: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. if (strcmp(password, crypt(authinfo->password, password)) != 0) data/inn2-2.6.3+20200601/backends/actsync.c:2615:6: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(p, data/inn2-2.6.3+20200601/backends/actsync.c:2618:6: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(p, data/inn2-2.6.3+20200601/backends/actsync.c:2621:6: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(p, data/inn2-2.6.3+20200601/backends/batcher.c:57:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buff, sizeof(buff), Processor, Host); data/inn2-2.6.3+20200601/backends/batcher.c:58:6: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. F = popen(buff, "w"); data/inn2-2.6.3+20200601/backends/batcher.c:373:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buff, sizeof(buff), Separator, BytesInArt); data/inn2-2.6.3+20200601/backends/buffchan.c:180:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buff, sizeof(buff), Format, Map ? MAPname(Name) : sp->Name); data/inn2-2.6.3+20200601/backends/inndf.c:165:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fancy ? "%10lu" : "%lu", amount); data/inn2-2.6.3+20200601/backends/inndf.c:167:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(inode ? " inodes available " : " Kbytes available "); data/inn2-2.6.3+20200601/backends/innxmit.c:323:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(STAT1, REMhost, STAToffered, STATaccepted, STATrefused, data/inn2-2.6.3+20200601/backends/innxmit.c:326:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(STAT2, REMhost, usertime, systime, STATend - STATbegin); data/inn2-2.6.3+20200601/backends/innxmit.c:330:5: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, STAT1, REMhost, STAToffered, STATaccepted, STATrefused, data/inn2-2.6.3+20200601/backends/innxmit.c:332:5: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, STAT2, REMhost, usertime, systime, STATend - STATbegin); data/inn2-2.6.3+20200601/backends/innxmit.c:657:9: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_FATAL, GOT_BADCOMMAND, REMhost, MessageID, REMclean(buff)); data/inn2-2.6.3+20200601/backends/innxmit.c:672:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, REJECTED, REMhost, data/inn2-2.6.3+20200601/backends/innxmit.c:843:7: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, CANT_FINDIT, REMhost, REMclean(buff)); data/inn2-2.6.3+20200601/backends/innxmit.c:847:3: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, CANT_PARSEIT, REMhost, REMclean(buff)); data/inn2-2.6.3+20200601/backends/innxmit.c:854:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, IHAVE_FAIL, REMhost, REMclean(buff)); data/inn2-2.6.3+20200601/backends/innxmit.c:858:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, UNEXPECTED, REMhost, REMclean(buff)); data/inn2-2.6.3+20200601/backends/innxmit.c:899:3: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, REJ_STREAM, REMhost, data/inn2-2.6.3+20200601/backends/innxmit.c:1154:3: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, CANT_CONNECT, REMhost, "timeout"); data/inn2-2.6.3+20200601/backends/innxmit.c:1156:3: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, CANT_CONNECT, REMhost, data/inn2-2.6.3+20200601/backends/innxmit.c:1166:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, CANT_AUTHENTICATE, data/inn2-2.6.3+20200601/backends/innxmit.c:1447:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_FATAL, GOT_BADCOMMAND, REMhost, MessageID, REMclean(buff)); data/inn2-2.6.3+20200601/backends/innxmit.c:1455:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, IHAVE_FAIL, REMhost, REMclean(buff)); data/inn2-2.6.3+20200601/backends/ninpaths.c:202:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), n, time(0)); data/inn2-2.6.3+20200601/backends/ninpaths.c:239:6: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (fscanf(f, HOSTF " %ld ", c, &l)!=2) { data/inn2-2.6.3+20200601/backends/ninpaths.c:248:10: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if ((fscanf(f, HOSTF "\n", c)!=1) || data/inn2-2.6.3+20200601/contrib/auth_pass.c:154:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd))!=0) { data/inn2-2.6.3+20200601/contrib/expirectl.c:269:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dptr, base); data/inn2-2.6.3+20200601/contrib/pullart.c:40:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (#VAR_TYPE, (VAR_NAME) ); \ data/inn2-2.6.3+20200601/expire/makehistory.c:222:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. i = system(temp) >> 8; data/inn2-2.6.3+20200601/expire/makehistory.c:982:19: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((Overchan = popen(buff, "w")) == NULL) data/inn2-2.6.3+20200601/frontends/feedone.c:172:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(ToServer, buff[0] == '.' ? ".%s\r\n" : "%s\r\n", data/inn2-2.6.3+20200601/frontends/inews.c:558:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%s@%s", pwp->pw_name, p); data/inn2-2.6.3+20200601/frontends/ovdb_init.c:420:6: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(concatpath(innconf->pathbin, "ovdb_monitor"), data/inn2-2.6.3+20200601/frontends/ovdb_init.c:433:13: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(concatpath(innconf->pathbin, "ovdb_server"), "ovdb_server", data/inn2-2.6.3+20200601/frontends/rnews.c:114:2: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(path, (char * const *)argv); data/inn2-2.6.3+20200601/frontends/rnews.c:186:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, reason, arg); data/inn2-2.6.3+20200601/frontends/sm.c:238:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage); data/inn2-2.6.3+20200601/include/clibrary.h:87:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/inn2-2.6.3+20200601/include/clibrary.h:87:19: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/inn2-2.6.3+20200601/include/clibrary.h:183:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/include/clibrary.h:185:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0))); data/inn2-2.6.3+20200601/include/clibrary.h:188:12: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern int snprintf(char *, size_t, const char *, ...) data/inn2-2.6.3+20200601/include/clibrary.h:189:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/include/clibrary.h:192:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. extern int vsnprintf(char *, size_t, const char *, va_list) data/inn2-2.6.3+20200601/include/clibrary.h:193:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 0))); data/inn2-2.6.3+20200601/include/inn/buffer.h:96:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/buffer.h:98:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/buffer.h:106:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/buffer.h:108:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/confparse.h:69:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/include/inn/confparse.h:72:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/include/inn/messages.h:50:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/include/inn/messages.h:52:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/include/inn/messages.h:54:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/include/inn/messages.h:56:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/include/inn/messages.h:58:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/include/inn/messages.h:60:58: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __noreturn__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/include/inn/messages.h:62:58: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __noreturn__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/include/inn/messages.h:87:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/messages.h:89:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/messages.h:91:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/messages.h:93:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/messages.h:95:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/messages.h:97:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/messages.h:99:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/messages.h:101:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0), __nonnull__)); data/inn2-2.6.3+20200601/include/inn/messages.h:105:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0))); data/inn2-2.6.3+20200601/include/inn/nntp.h:238:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/include/inn/nntp.h:240:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/include/inn/nntp.h:247:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/include/inn/nntp.h:249:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/include/inn/xmalloc.h:92:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 2, 0))); data/inn2-2.6.3+20200601/include/inn/xmalloc.h:97:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 4, 5))); data/inn2-2.6.3+20200601/include/inn/xmalloc.h:100:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 2, 3))); data/inn2-2.6.3+20200601/include/portable/setproctitle.h:18:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 1, 2))); data/inn2-2.6.3+20200601/innd/art.c:82:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/innd/art.c:764:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(cp->Error + 4, sizeof(cp->Error) - 4, format, args); data/inn2-2.6.3+20200601/innd/art.c:1000:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%d Duplicate \"%s\" header", data/inn2-2.6.3+20200601/innd/art.c:1004:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%d Missing \"%s\" header", data/inn2-2.6.3+20200601/innd/art.c:1027:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%d Linecount %s != %d +- %lu", data/inn2-2.6.3+20200601/innd/art.c:1043:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%d Bad \"Date\" header -- \"%s\"", data/inn2-2.6.3+20200601/innd/art.c:1055:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%d Bad \"Injection-Date\" header -- \"%s\"", data/inn2-2.6.3+20200601/innd/art.c:1067:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%d Too old -- \"%s\"", data/inn2-2.6.3+20200601/innd/art.c:1075:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%d Article injected or posted in the future -- \"%s\"", data/inn2-2.6.3+20200601/innd/art.c:1215:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "No matching newsgroups in cancel %s", data/inn2-2.6.3+20200601/innd/art.c:1466:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p, "\r\n %s:%lu", ngp->Name, ngp->Filenum); data/inn2-2.6.3+20200601/innd/art.c:1470:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p, " %s:%lu", ngp->Name, ngp->Filenum); data/inn2-2.6.3+20200601/innd/cc.c:1345:5: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(CCargv[0], CCargv); data/inn2-2.6.3+20200601/innd/cc.c:1449:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(Path.Data, "%s!", innconf->pathhost); data/inn2-2.6.3+20200601/innd/cc.c:1458:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(Pathalias.Data, "%s!", innconf->pathalias); data/inn2-2.6.3+20200601/innd/cc.c:1468:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(Pathcluster.Data, "%s!", innconf->pathcluster); data/inn2-2.6.3+20200601/innd/ng.c:372:2: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, RENUMBER, LogName, ngp->Name, "hi", l, himark); data/inn2-2.6.3+20200601/innd/ng.c:376:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, NORENUMBER, LogName, ngp->Name, "hi"); data/inn2-2.6.3+20200601/innd/ng.c:388:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, RENUMBER, LogName, ngp->Name, "lo", l, lomark); data/inn2-2.6.3+20200601/innd/ng.c:393:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, NORENUMBER, LogName, ngp->Name, "lo"); data/inn2-2.6.3+20200601/innd/ng.c:426:9: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, RENUMBER, LogName, ngp->Name, "hi", l, lomark-1); data/inn2-2.6.3+20200601/innd/ng.c:428:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, NORENUMBER, LogName, ngp->Name, "hi"); data/inn2-2.6.3+20200601/innd/ng.c:438:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_NOTICE, RENUMBER, LogName, ngp->Name, "lo", l, lomark); data/inn2-2.6.3+20200601/innd/ng.c:440:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, NORENUMBER, LogName, ngp->Name, "lo"); data/inn2-2.6.3+20200601/innd/python.c:746:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) < 0) { data/inn2-2.6.3+20200601/innd/rc.c:869:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, GROUP_NAME, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:915:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, LEFT_BRACE, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:921:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, LEFT_BRACE, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:935:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, PEER_IN_PEER, LogName, data/inn2-2.6.3+20200601/innd/rc.c:941:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, PEER_NAME, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:977:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, LEFT_BRACE, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:982:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, LEFT_BRACE, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1071:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, RIGHT_BRACE, LogName, linecount, filename); data/inn2-2.6.3+20200601/innd/rc.c:1081:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1093:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, MUST_BE_BOOL, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1113:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1125:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, MUST_BE_BOOL, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1145:15: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1157:19: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, MUST_BE_BOOL, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1177:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1189:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, MUST_BE_BOOL, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1209:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1221:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, MUST_BE_BOOL, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1242:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1254:6: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, MUST_BE_INT, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1275:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1284:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, MUST_BE_INT, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1303:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1320:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1343:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1365:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1389:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1412:4: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, DUPLICATE_KEY, LogName, filename, linecount); data/inn2-2.6.3+20200601/innd/rc.c:1445:2: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, INCOMPLETE_PEER, LogName, peer_params.Label, data/inn2-2.6.3+20200601/innd/rc.c:1448:2: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, INCOMPLETE_GROUP, LogName, group_params->Label, data/inn2-2.6.3+20200601/innd/site.c:531:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buff, sizeof(buff), temp, Data->TokenText); data/inn2-2.6.3+20200601/innd/site.c:534:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buff, sizeof(buff), sp->Param, Data->TokenText); data/inn2-2.6.3+20200601/innd/tinyleaf.c:245:27: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. state.processor = popen(argv[2], "w"); data/inn2-2.6.3+20200601/innd/util.c:223:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_FATAL, NODUP2, LogName, fd0, 0, av[0]); data/inn2-2.6.3+20200601/innd/util.c:227:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, NOCLOSE, LogName, fd0, av[0]); data/inn2-2.6.3+20200601/innd/util.c:231:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_FATAL, NODUP2, LogName, fd1, 1, av[0]); data/inn2-2.6.3+20200601/innd/util.c:235:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, NOCLOSE, LogName, fd1, av[0]); data/inn2-2.6.3+20200601/innd/util.c:239:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_FATAL, NODUP2, LogName, fd2, 2, av[0]); data/inn2-2.6.3+20200601/innd/util.c:243:13: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(L_ERROR, NOCLOSE, LogName, fd2, av[0]); data/inn2-2.6.3+20200601/innd/util.c:254:5: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(av[0], av); data/inn2-2.6.3+20200601/innfeed/config_y.c:632:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (rval,NON_ALPHA,lineCount, key) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:642:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (rval,BAD_KEY,lineCount,key) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:1274:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/inn2-2.6.3+20200601/innfeed/config_y.c:1935:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (errbuff,SYNTAX_ERROR,lineCount) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:1982:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (errbuff,UNKNOWN_SCOPE_TYPE,lineCount,(yyvsp[-2].name)) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:2315:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (errbuff,FMT,lineCount,s) ; data/inn2-2.6.3+20200601/innfeed/connection.c:1465:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (t, "AUTHINFO USER %s\r\n", hostUsername (cxn->myHost)) ; data/inn2-2.6.3+20200601/innfeed/connection.c:1508:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (t, "AUTHINFO PASS %s\r\n", hostPassword (cxn->myHost)) ; data/inn2-2.6.3+20200601/innfeed/connection.c:3985:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (p, "IHAVE %s\r\n", msgid) ; data/inn2-2.6.3+20200601/innfeed/connection.c:4203:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (t,"CHECK %s\r\n", msgid) ; data/inn2-2.6.3+20200601/innfeed/connection.c:4303:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (t, "TAKETHIS %s\r\n", msgid) ; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2829:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cxn->imap_respBuffer, p); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3239:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cxn->lmtp_respBuffer, p); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3659:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rc = snprintf((*out) + size, newsize - size, deliver_rcpt_to, newrcpt); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3749:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rc = snprintf((*out) + size, newsize - size, deliver_to_header,newrcpt); data/inn2-2.6.3+20200601/innfeed/main.c:401:11: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp ("sh", "sh", "-c", subProgram, (char *) 0) ; data/inn2-2.6.3+20200601/innfeed/misc.c:63:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, args); data/inn2-2.6.3+20200601/innfeed/misc.c:98:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(NULL, 0, format, args); data/inn2-2.6.3+20200601/innfeed/misc.c:133:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, fmt, ap) ; data/inn2-2.6.3+20200601/innfeed/misc.c:144:7: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (fp,fmt,ap) ; data/inn2-2.6.3+20200601/innfeed/misc.c:151:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (buffer,sizeof (buffer),fmt,ap) ; data/inn2-2.6.3+20200601/innfeed/misc.c:748:7: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog (LOG_ERR,NO_PATH_MAX,rval) ; data/inn2-2.6.3+20200601/innfeed/misc.h:54:32: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 2, 3))); data/inn2-2.6.3+20200601/innfeed/misc.h:73:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/innfeed/misc.h:77:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0))); data/inn2-2.6.3+20200601/innfeed/misc.h:85:41: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((noreturn, __format__(printf, 2, 3))); data/inn2-2.6.3+20200601/innfeed/tape.c:328:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (nt->handFilename,"%s/%s",tapeDirectory,peerName) ; data/inn2-2.6.3+20200601/innfeed/tape.c:331:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (nt->lockFilename,"%s/%s%s",tapeDirectory,peerName,LOCK_TAIL) ; data/inn2-2.6.3+20200601/innfeed/tape.c:334:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (nt->inputFilename,"%s/%s%s",tapeDirectory,peerName,INPUT_TAIL) ; data/inn2-2.6.3+20200601/innfeed/tape.c:337:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (nt->outputFilename,"%s/%s%s",tapeDirectory,peerName,OUTPUT_TAIL) ; data/inn2-2.6.3+20200601/innfeed/tape.c:1249:11: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog (LOG_ERR,FSTAT_FAILURE,tape->outputFilename) ; data/inn2-2.6.3+20200601/lib/asprintf.c:40:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/lib/asprintf.c:42:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0))); data/inn2-2.6.3+20200601/lib/asprintf.c:66:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. needed = vsnprintf(NULL, 0, fmt, args_copy); data/inn2-2.6.3+20200601/lib/asprintf.c:75:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. status = vsnprintf(*strp, needed + 1, fmt, args); data/inn2-2.6.3+20200601/lib/buffer.c:156:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. status = vsnprintf(buffer->data + total, avail, format, args_copy); data/inn2-2.6.3+20200601/lib/buffer.c:165:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. status = vsnprintf(buffer->data + total, avail, format, args); data/inn2-2.6.3+20200601/lib/clientlib.c:103:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(CANTUSE, host); data/inn2-2.6.3+20200601/lib/getmodaddr.c:204:21: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(address, sizeof(address), save, name); data/inn2-2.6.3+20200601/lib/getmodaddr.c:224:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(address, sizeof(address), save, name); data/inn2-2.6.3+20200601/lib/messages.c:197:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, args); data/inn2-2.6.3+20200601/lib/messages.c:215:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, args); data/inn2-2.6.3+20200601/lib/messages.c:230:39: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void __attribute__((__format__(printf, 3, 0))) data/inn2-2.6.3+20200601/lib/messages.c:242:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. status = vsnprintf(buffer, len + 1, fmt, args); data/inn2-2.6.3+20200601/lib/messages.c:302:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(NULL, 0, format, args); data/inn2-2.6.3+20200601/lib/messages.c:321:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(NULL, 0, format, args); data/inn2-2.6.3+20200601/lib/messages.c:341:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(NULL, 0, format, args); data/inn2-2.6.3+20200601/lib/messages.c:360:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(NULL, 0, format, args); data/inn2-2.6.3+20200601/lib/messages.c:380:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(NULL, 0, format, args); data/inn2-2.6.3+20200601/lib/messages.c:399:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(NULL, 0, format, args); data/inn2-2.6.3+20200601/lib/messages.c:419:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(NULL, 0, format, args); data/inn2-2.6.3+20200601/lib/network-innbind.c:112:13: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl(path, path, buff, (char *) 0) < 0) data/inn2-2.6.3+20200601/lib/setproctitle.c:42:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(title + delta, sizeof(title) - delta, format, args); data/inn2-2.6.3+20200601/lib/setproctitle.c:95:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. delta = vsnprintf(title, length, format, args); data/inn2-2.6.3+20200601/lib/snprintf.c:23:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # undef snprintf data/inn2-2.6.3+20200601/lib/snprintf.c:24:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # undef vsnprintf data/inn2-2.6.3+20200601/lib/snprintf.c:25:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf test_snprintf data/inn2-2.6.3+20200601/lib/snprintf.c:26:10: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf test_vsnprintf data/inn2-2.6.3+20200601/lib/snprintf.c:143:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf (char *str, size_t count, const char *fmt, ...); data/inn2-2.6.3+20200601/lib/snprintf.c:144:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); data/inn2-2.6.3+20200601/lib/snprintf.c:875:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int vsnprintf (char *str, size_t count, const char *fmt, va_list args) data/inn2-2.6.3+20200601/lib/snprintf.c:882:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int snprintf (char *str, size_t count, const char *fmt,...) data/inn2-2.6.3+20200601/lib/snprintf.c:888:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. total = vsnprintf(str, count, fmt, ap); data/inn2-2.6.3+20200601/lib/snprintf.c:941:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf (buf1, sizeof (buf1), fp_fmt[x], fp_nums[y]); data/inn2-2.6.3+20200601/lib/snprintf.c:942:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (buf2, fp_fmt[x], fp_nums[y]); data/inn2-2.6.3+20200601/lib/snprintf.c:955:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf (buf1, sizeof (buf1), int_fmt[x], int_nums[y]); data/inn2-2.6.3+20200601/lib/snprintf.c:956:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (buf2, int_fmt[x], int_nums[y]); data/inn2-2.6.3+20200601/lib/vector.c:553:12: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return execv(path, (char * const *) vector->strings); data/inn2-2.6.3+20200601/lib/vector.c:563:12: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return execv(path, (char * const *) vector->strings); data/inn2-2.6.3+20200601/lib/xmalloc.c:232:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. status = vsnprintf(NULL, 0, fmt, args_copy); data/inn2-2.6.3+20200601/lib/xmalloc.c:256:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. status = vsnprintf(NULL, 0, fmt, args_copy); data/inn2-2.6.3+20200601/lib/xmalloc.c:279:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. status = vsnprintf(NULL, 0, fmt, args_copy); data/inn2-2.6.3+20200601/nnrpd/commands.c:193:2: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(path, av); data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:786:39: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void __attribute__((__format__(printf, 1, 0))) data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:792:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(buff, sizeof(buff), fmt, args); data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1408:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(LocalLogFileName, "%s/tracklogs/log-%u", innconf->pathlog, vid); data/inn2-2.6.3+20200601/nnrpd/nnrpd.h:243:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 1, 2))); data/inn2-2.6.3+20200601/nnrpd/nnrpd.h:245:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 1, 2))); data/inn2-2.6.3+20200601/nnrpd/perm.c:65:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. ACCESSGROUP *access; data/inn2-2.6.3+20200601/nnrpd/perm.c:1196:53: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. newgroup->access = copy_accessgroup(curgroup->access); data/inn2-2.6.3+20200601/nnrpd/perm.c:1237:33: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (curgroup && curgroup->access) data/inn2-2.6.3+20200601/nnrpd/perm.c:1238:43: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. curaccess = copy_accessgroup(curgroup->access); data/inn2-2.6.3+20200601/nnrpd/perm.c:1262:17: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (newgroup->access) data/inn2-2.6.3+20200601/nnrpd/perm.c:1263:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. free_accessgroup(newgroup->access); data/inn2-2.6.3+20200601/nnrpd/perm.c:1332:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!curgroup->access) { data/inn2-2.6.3+20200601/nnrpd/perm.c:1335:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. SetDefaultAccess(curgroup->access); data/inn2-2.6.3+20200601/nnrpd/perm.c:1337:30: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. accessdecl_parse(curgroup->access, cf->f, tok); data/inn2-2.6.3+20200601/nnrpd/post.c:735:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buff, sizeof(buff), innconf->mta, address); data/inn2-2.6.3+20200601/nnrpd/post.c:736:14: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((F = popen(buff, "w")) == NULL) data/inn2-2.6.3+20200601/nnrpd/python.c:399:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!access(file, R_OK)) data/inn2-2.6.3+20200601/nnrpd/tls.c:410:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. || access(key_file, R_OK) < 0) { data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:480:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), (leadingzeros) ? "%016lx" : "%lx", data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:164:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), (leadingzeros) ? "%016lx" : "%lx", data/inn2-2.6.3+20200601/storage/timehash/timehash.c:227:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) < 0) { data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:773:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) < 0) { data/inn2-2.6.3+20200601/tests/authprogs/ident-t.c:95:13: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl(ident, ident, (char *) 0) < 0) data/inn2-2.6.3+20200601/tests/authprogs/ident-t.c:139:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("ident.t", F_OK) < 0) { data/inn2-2.6.3+20200601/tests/authprogs/ident-t.c:140:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("authprogs/ident.t", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/innd/artparse-t.c:90:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("../data/etc/storage.conf", F_OK) < 0) data/inn2-2.6.3+20200601/tests/innd/artparse-t.c:91:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("data/etc/storage.conf", F_OK) == 0) data/inn2-2.6.3+20200601/tests/innd/chan-t.c:29:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("../data/etc/inn.conf", F_OK) < 0) data/inn2-2.6.3+20200601/tests/innd/chan-t.c:30:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("data/etc/inn.conf", F_OK) == 0) data/inn2-2.6.3+20200601/tests/lib/asprintf-t.c:30:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/tests/lib/asprintf-t.c:32:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0))); data/inn2-2.6.3+20200601/tests/lib/asprintf-t.c:34:38: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static int __attribute__((__format__(printf, 2, 3))) data/inn2-2.6.3+20200601/tests/lib/buffer-t.c:40:39: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void __attribute__((__format__(printf, 2, 3))) data/inn2-2.6.3+20200601/tests/lib/buffer-t.c:54:39: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void __attribute__((__format__(printf, 2, 3))) data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:365:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("../data/config/valid", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:369:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("data/config/valid", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:373:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("tests/data/config/valid", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/lib/fdflag-t.c:119:9: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp("sh", "sh", "-c", data/inn2-2.6.3+20200601/tests/lib/innconf-t.c:29:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("../data/config/valid", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/lib/innconf-t.c:33:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("data/config/valid", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/lib/innconf-t.c:37:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("tests/data/config/valid", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/lib/innconf-t.c:45:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(cat) != 0) data/inn2-2.6.3+20200601/tests/lib/innconf-t.c:50:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(grep) != 0) data/inn2-2.6.3+20200601/tests/lib/innconf-t.c:63:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(grep) != 0) data/inn2-2.6.3+20200601/tests/lib/messages-t.c:142:39: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void __attribute__((__format__(printf, 2, 0))) data/inn2-2.6.3+20200601/tests/lib/messages-t.c:146:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, args); data/inn2-2.6.3+20200601/tests/lib/mkstemp-t.c:66:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. ok(access(template, F_OK) == 0, "...and the file exists"); data/inn2-2.6.3+20200601/tests/lib/snprintf-t.c:170:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. count = sprintf(lgbuf, fp_formats[i], fp_nums[j]); data/inn2-2.6.3+20200601/tests/lib/snprintf-t.c:175:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. count = sprintf(lgbuf, int_formats[i], int_nums[j]); data/inn2-2.6.3+20200601/tests/lib/snprintf-t.c:180:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. count = sprintf(lgbuf, uint_formats[i], uint_nums[j]); data/inn2-2.6.3+20200601/tests/lib/snprintf-t.c:185:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. count = sprintf(lgbuf, llong_formats[i], llong_nums[j]); data/inn2-2.6.3+20200601/tests/lib/snprintf-t.c:190:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. count = sprintf(lgbuf, ullong_formats[i], ullong_nums[j]); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:63:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("../data/articles/wire-strange", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/lib/wire-t.c:67:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("data/articles/wire-strange", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/lib/wire-t.c:71:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("tests/data/articles/wire-strange", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/lib/xmalloc.c:272:39: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void __attribute__((__format__(printf, 2, 3))) data/inn2-2.6.3+20200601/tests/nnrpd/auth-ext-t.c:111:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("auth-test", F_OK) < 0) { data/inn2-2.6.3+20200601/tests/nnrpd/auth-ext-t.c:112:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("nnrpd/auth-test", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/overview/api-t.c:112:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system("/bin/rm -rf ov-tmp") < 0) data/inn2-2.6.3+20200601/tests/overview/api-t.c:587:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system("/bin/rm -rf ov-tmp") < 0) data/inn2-2.6.3+20200601/tests/overview/api-t.c:684:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system("/bin/rm -rf ov-tmp") < 0) data/inn2-2.6.3+20200601/tests/overview/api-t.c:695:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("../data/overview/basic", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/overview/api-t.c:699:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("data/overview/basic", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/overview/api-t.c:703:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("tests/data/overview/basic", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/overview/overview-t.c:126:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system("/bin/rm -rf ov-tmp") < 0) data/inn2-2.6.3+20200601/tests/overview/overview-t.c:507:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("../data/overview/basic", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/overview/overview-t.c:511:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("data/overview/basic", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/overview/overview-t.c:515:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("tests/data/overview/basic", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/overview/overview-t.c:573:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system("/bin/rm -rf ov-tmp") <0) data/inn2-2.6.3+20200601/tests/overview/xref-t.c:52:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system("/bin/rm -rf ov-tmp spool") < 0) data/inn2-2.6.3+20200601/tests/overview/xref-t.c:192:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("../data/overview/xref", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/overview/xref-t.c:196:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("data/overview/xref", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/overview/xref-t.c:200:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } else if (access("tests/data/overview/xref", F_OK) == 0) { data/inn2-2.6.3+20200601/tests/overview/xref-t.c:255:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system("/bin/rm -rf ov-tmp spool") < 0) data/inn2-2.6.3+20200601/tests/runtests.c:295:58: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __noreturn__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/tests/runtests.c:297:58: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __noreturn__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/tests/runtests.c:321:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, args); data/inn2-2.6.3+20200601/tests/runtests.c:341:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, args); data/inn2-2.6.3+20200601/tests/runtests.c:619:13: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execv(command[0], command) == -1) data/inn2-2.6.3+20200601/tests/runtests.c:1228:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, X_OK) < 0) data/inn2-2.6.3+20200601/tests/runtests.c:1651:9: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl(path, path, (char *) 0) == -1) data/inn2-2.6.3+20200601/tests/runtests.c:1686:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(usage_message, program, program, program, usage_extra); data/inn2-2.6.3+20200601/tests/runtests.c:1707:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, usage_message, program, program, program, usage_extra); data/inn2-2.6.3+20200601/tests/runtests.c:1749:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(banner, shortlist); data/inn2-2.6.3+20200601/tests/tap/basic.c:197:13: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); \ data/inn2-2.6.3+20200601/tests/tap/basic.c:502:9: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/inn2-2.6.3+20200601/tests/tap/basic.c:721:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/inn2-2.6.3+20200601/tests/tap/basic.c:743:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/inn2-2.6.3+20200601/tests/tap/basic.c:764:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/inn2-2.6.3+20200601/tests/tap/basic.c:786:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, args); data/inn2-2.6.3+20200601/tests/tap/basic.c:977:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) == 0) data/inn2-2.6.3+20200601/tests/tap/basic.c:1018:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, X_OK) < 0) data/inn2-2.6.3+20200601/tests/tap/basic.h:69:45: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__noreturn__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/tests/tap/basic.h:81:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/tests/tap/basic.h:85:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0))); data/inn2-2.6.3+20200601/tests/tap/basic.h:88:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 1, 2))); data/inn2-2.6.3+20200601/tests/tap/basic.h:91:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/tests/tap/basic.h:94:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/tests/tap/basic.h:103:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/tests/tap/basic.h:105:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 0))); data/inn2-2.6.3+20200601/tests/tap/basic.h:107:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 1, 2))); data/inn2-2.6.3+20200601/tests/tap/basic.h:114:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/tests/tap/basic.h:116:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 2, 3))); data/inn2-2.6.3+20200601/tests/tap/basic.h:126:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/tests/tap/basic.h:128:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/tests/tap/basic.h:130:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/tests/tap/basic.h:132:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 3, 4))); data/inn2-2.6.3+20200601/tests/tap/basic.h:134:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 4, 5))); data/inn2-2.6.3+20200601/tests/tap/basic.h:138:58: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__noreturn__, __nonnull__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/tests/tap/basic.h:140:58: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__noreturn__, __nonnull__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/tests/tap/basic.h:144:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/tests/tap/basic.h:146:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 1, 2))); data/inn2-2.6.3+20200601/tests/tap/float.h:44:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 4, 5))); data/inn2-2.6.3+20200601/tests/tap/messages.c:54:39: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void __attribute__((__format__(printf, 2, 0))) data/inn2-2.6.3+20200601/tests/tap/process.c:202:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(argv[0], argv); data/inn2-2.6.3+20200601/tests/tap/process.c:461:13: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execv(argv[0], (char *const *) argv) < 0) data/inn2-2.6.3+20200601/tests/tap/process.c:471:42: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (i = 0; i < PROCESS_WAIT * 10 && access(pidfile, F_OK) != 0; i++) { data/inn2-2.6.3+20200601/tests/tap/process.c:481:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(pidfile, F_OK) != 0) { data/inn2-2.6.3+20200601/tests/tap/process.h:57:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__(printf, 5, 6), __nonnull__(1))); data/inn2-2.6.3+20200601/tests/tap/string.h:46:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 2, 3))); data/inn2-2.6.3+20200601/tests/tap/string.h:48:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__nonnull__, __format__(printf, 2, 0))); data/inn2-2.6.3+20200601/tests/util/innbind-t.c:149:13: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl(innbind, innbind, buffer, (char *) 0) < 0) data/inn2-2.6.3+20200601/tests/util/innbind-t.c:268:13: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl(innbind, innbind, "-p", buffer, (char *) 0) < 0) data/inn2-2.6.3+20200601/tests/util/innbind-t.c:318:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("innbind.t", F_OK) < 0) data/inn2-2.6.3+20200601/tests/util/innbind-t.c:319:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("util/innbind.t", F_OK) == 0) data/inn2-2.6.3+20200601/authprogs/ckpasswd.c:327:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "gf:u:p:" OPT_DBM OPT_SHADOW)) != -1) { data/inn2-2.6.3+20200601/authprogs/ident.c:57:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "p:t")) != -1) { data/inn2-2.6.3+20200601/authprogs/radius.c:312:7: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom((unsigned) seed.tv_sec+seed.tv_usec); data/inn2-2.6.3+20200601/authprogs/radius.c:315:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. req.vector[i] = random() % 256; data/inn2-2.6.3+20200601/authprogs/radius.c:518:19: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "f:h")) != -1) { data/inn2-2.6.3+20200601/backends/actsync.c:403:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc,argv,"Ab:d:g:i:I:kl:mn:o:p:q:s:t:Tv:w:z:")) != EOF) { data/inn2-2.6.3+20200601/backends/archive.c:371:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt(argc, argv, "a:cfi:p:r")) != EOF) data/inn2-2.6.3+20200601/backends/batcher.c:211:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "a:A:b:B:i:N:p:rs:v")) != EOF) data/inn2-2.6.3+20200601/backends/buffchan.c:362:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "bc:C:d:f:l:L:m:p:rs:u")) != EOF) data/inn2-2.6.3+20200601/backends/cvtbatch.c:39:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "w:")) != EOF) data/inn2-2.6.3+20200601/backends/filechan.c:50:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "d:f:m:p:")) != EOF) data/inn2-2.6.3+20200601/backends/inndf.c:226:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt(argc, argv, "hinof:F")) != EOF) { data/inn2-2.6.3+20200601/backends/innxbatch.c:358:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "Dit:T:v")) != EOF) data/inn2-2.6.3+20200601/backends/innxmit.c:1039:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "acdHlpP:rst:T:v")) != EOF) data/inn2-2.6.3+20200601/backends/ninpaths.c:493:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i=getopt(argc, argv, "pd:u:r:v:"))!=EOF) data/inn2-2.6.3+20200601/backends/nntpget.c:235:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "d:f:n:t:ovu:")) != EOF) data/inn2-2.6.3+20200601/backends/shlock.c:154:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "bcf:p:u")) != EOF) { data/inn2-2.6.3+20200601/backends/shrinkfile.c:331:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "m:s:vn")) != EOF) data/inn2-2.6.3+20200601/contrib/mlockfile.c:110:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc, argv, "fi:")) != EOF) { data/inn2-2.6.3+20200601/contrib/newsresp.c:102:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ( (c = getopt(argc,argv,"n:")) != -1 ) data/inn2-2.6.3+20200601/expire/convdate.c:130:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt(argc, argv, "cdhlns")) != EOF) { data/inn2-2.6.3+20200601/expire/expire.c:530:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "d:f:g:h:iNnpr:s:tv:w:xz:")) != EOF) data/inn2-2.6.3+20200601/expire/expireover.c:81:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt(argc, argv, "ef:kNpqsw:z:Z:")) != EOF) { data/inn2-2.6.3+20200601/expire/grephistory.c:97:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "vf:eilnqs")) != EOF) data/inn2-2.6.3+20200601/expire/makedbz.c:257:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc, argv, "s:iof:")) != EOF) { data/inn2-2.6.3+20200601/expire/makehistory.c:894:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc, argv, "abFf:Il:L:OSs:T:x")) != EOF) { data/inn2-2.6.3+20200601/expire/makehistory.c:961:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("INN_TESTSUITE") == NULL) data/inn2-2.6.3+20200601/expire/prunehistory.c:53:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "f:p")) != EOF) data/inn2-2.6.3+20200601/frontends/ctlinnd.c:211:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "hst:")) != EOF) data/inn2-2.6.3+20200601/frontends/feedone.c:91:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "m:prt")) != EOF) data/inn2-2.6.3+20200601/frontends/getlist.c:230:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt(argc, argv, "Ah:p:R")) != EOF) { data/inn2-2.6.3+20200601/frontends/inews.c:454:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((p = getenv("NAME")) != NULL) data/inn2-2.6.3+20200601/frontends/inews.c:911:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "DNAVWORShx:a:c:d:e:f:n:p:r:t:F:o:w:")) != EOF) data/inn2-2.6.3+20200601/frontends/innconfval.c:53:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt(argc, argv, "Ci:pstv")) != EOF) data/inn2-2.6.3+20200601/frontends/ovdb_init.c:338:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "ru")) != -1) { data/inn2-2.6.3+20200601/frontends/ovdb_stat.c:657:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, ":Hgcir:klmMtvd:")) != -1) { data/inn2-2.6.3+20200601/frontends/rnews.c:875:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. UUCPHost = getenv(INN_ENV_UUCPHOST); data/inn2-2.6.3+20200601/frontends/rnews.c:884:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "abdh:NP:r:S:Uv")) != EOF) data/inn2-2.6.3+20200601/frontends/sm.c:209:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt(argc, argv, "cdHiqrRSs")) != EOF) { data/inn2-2.6.3+20200601/frontends/sys2nf.c:266:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "a:s:d:")) != EOF) data/inn2-2.6.3+20200601/innd/innd.c:425:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(ac, av, "4:6:ac:CdfH:i:l:m:n:No:P:rsSt:T:uX:")) != EOF) data/inn2-2.6.3+20200601/innfeed/config_l.c:520:39: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define YY_USER_INIT yy_flex_debug = (getenv ("YYDEBUG") == NULL ? 0 : 1) data/inn2-2.6.3+20200601/innfeed/config_y.c:2418:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. yydebug = (getenv ("YYDEBUG") == NULL ? 0 : 1) ; data/inn2-2.6.3+20200601/innfeed/connection.c:4891:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (t) ; data/inn2-2.6.3+20200601/innfeed/endpoint.c:1498:7: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (t) ; data/inn2-2.6.3+20200601/innfeed/main.c:154:20: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((optVal = getopt (argc,argv,OPT_STRING)) != EOF) data/inn2-2.6.3+20200601/lib/innconf.c:302:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. value = getenv("FROMHOST"); data/inn2-2.6.3+20200601/lib/innconf.c:308:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. value = getenv("NNTPSERVER"); data/inn2-2.6.3+20200601/lib/innconf.c:314:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. value = getenv("ORGANIZATION"); data/inn2-2.6.3+20200601/lib/innconf.c:320:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. value = getenv("INND_BIND_ADDRESS"); data/inn2-2.6.3+20200601/lib/innconf.c:326:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. value = getenv("INND_BIND_ADDRESS6"); data/inn2-2.6.3+20200601/lib/innconf.c:555:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. path = getenv("INNCONF"); data/inn2-2.6.3+20200601/lib/innconf.c:568:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmpdir = getenv("TMPDIR"); data/inn2-2.6.3+20200601/lib/innconf.c:600:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. path = getenv("INNCONF"); data/inn2-2.6.3+20200601/lib/setenv.c:43:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!overwrite && getenv(name) != NULL) data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1026:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc, argv, "4:6:b:c:Dfi:I:nop:P:r:s:St")) != EOF) data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1028:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc, argv, "4:6:b:c:Dfi:I:nop:P:r:s:t")) != EOF) data/inn2-2.6.3+20200601/storage/tradindexed/tdx-util.c:449:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt(argc, argv, "a:f:n:p:AFR:cgiOo")) != EOF) { data/inn2-2.6.3+20200601/storage/tradindexed/tdx-util.c:521:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("INN_TESTSUITE") == NULL) data/inn2-2.6.3+20200601/storage/tradindexed/tdx-util.c:526:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("INN_TESTSUITE") == NULL) data/inn2-2.6.3+20200601/storage/tradindexed/tdx-util.c:531:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("INN_TESTSUITE") == NULL) data/inn2-2.6.3+20200601/tests/innd/artparse-t.c:124:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. offset = shift ? random() % 50 : 0; data/inn2-2.6.3+20200601/tests/lib/setenv-t.c:42:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv(test_var)) data/inn2-2.6.3+20200601/tests/lib/setenv-t.c:46:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. is_string(test_value1, getenv(test_var), "...and getenv correct"); data/inn2-2.6.3+20200601/tests/lib/setenv-t.c:48:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. is_string(test_value1, getenv(test_var), "...and getenv unchanged"); data/inn2-2.6.3+20200601/tests/lib/setenv-t.c:50:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. is_string(test_value2, getenv(test_var), "...and getenv changed"); data/inn2-2.6.3+20200601/tests/lib/setenv-t.c:52:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. is_string("", getenv(test_var), "...and getenv correct"); data/inn2-2.6.3+20200601/tests/runtests.c:1326:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. valgrind = getenv("C_TAP_VALGRIND"); data/inn2-2.6.3+20200601/tests/runtests.c:1352:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. libtool = getenv("C_TAP_LIBTOOL"); data/inn2-2.6.3+20200601/tests/runtests.c:1680:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt(argc, argv, "b:hl:os:v")) != EOF) { data/inn2-2.6.3+20200601/tests/runtests.c:1715:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("C_TAP_VERBOSE") != NULL) data/inn2-2.6.3+20200601/tests/tap/basic.c:973:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. base = getenv(envs[i]); data/inn2-2.6.3+20200601/tests/tap/basic.c:1014:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. build = getenv("C_TAP_BUILD"); data/inn2-2.6.3+20200601/authprogs/ident.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/inn2-2.6.3+20200601/authprogs/ident.c:70:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). identport = atoi(optarg); data/inn2-2.6.3+20200601/authprogs/libauth.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/authprogs/radius.c:42:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char vector[AUTH_VECTOR_LEN]; data/inn2-2.6.3+20200601/authprogs/radius.c:43:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[NNTP_MAXLEN_COMMAND*2]; data/inn2-2.6.3+20200601/authprogs/radius.c:157:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). radconfig->radport = atoi(iter); data/inn2-2.6.3+20200601/authprogs/radius.c:165:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). radconfig->locport = atoi(iter); data/inn2-2.6.3+20200601/authprogs/radius.c:230:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char secbuf[128]; data/inn2-2.6.3+20200601/authprogs/radius.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[SMBUF]; data/inn2-2.6.3+20200601/authprogs/radius.c:232:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[MD5_DIGESTSIZE]; data/inn2-2.6.3+20200601/authprogs/radius.c:292:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sinl.sin_addr.s_addr, hent->h_addr, data/inn2-2.6.3+20200601/authprogs/radius.c:301:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sreq->sinr.sin_addr.s_addr, hent->h_addr_list[0], data/inn2-2.6.3+20200601/authprogs/radius.c:317:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(secbuf+strlen(config->secret), req.vector, AUTH_VECTOR_LEN); data/inn2-2.6.3+20200601/authprogs/radius.c:359:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req.data + req.datalen, &nvalue, sizeof(nvalue)); data/inn2-2.6.3+20200601/authprogs/radius.c:363:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req.data + req.datalen, &sinl.sin_addr.s_addr, data/inn2-2.6.3+20200601/authprogs/radius.c:389:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(secbuf+strlen(config->secret), &req.data[passstart+2+i], data/inn2-2.6.3+20200601/authprogs/radius.c:438:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(secbuf+sizeof(req.vector), req.vector, sizeof(req.vector)); data/inn2-2.6.3+20200601/authprogs/radius.c:473:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char*)&req)+sreq->reqlen, config->secret, strlen(config->secret)); data/inn2-2.6.3+20200601/authprogs/radius.c:474:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(secbuf, req.vector, sizeof(req.vector)); data/inn2-2.6.3+20200601/backends/actsync.c:409:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(optarg)) { data/inn2-2.6.3+20200601/backends/actsync.c:431:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(optarg)) { data/inn2-2.6.3+20200601/backends/actsync.c:453:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_flag = atoi(optarg); data/inn2-2.6.3+20200601/backends/actsync.c:459:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(optarg)) { data/inn2-2.6.3+20200601/backends/actsync.c:486:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(optarg)) { data/inn2-2.6.3+20200601/backends/actsync.c:592:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(optarg)) { data/inn2-2.6.3+20200601/backends/actsync.c:614:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s_flag = atoi(optarg); data/inn2-2.6.3+20200601/backends/actsync.c:617:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(optarg)) { data/inn2-2.6.3+20200601/backends/actsync.c:644:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v_flag = atoi(optarg); data/inn2-2.6.3+20200601/backends/actsync.c:651:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). w_flag = atoi(optarg); data/inn2-2.6.3+20200601/backends/actsync.c:658:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). z_flag = atoi(optarg); data/inn2-2.6.3+20200601/backends/actsync.c:726:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[8192+1]; /* QIO buffer */ data/inn2-2.6.3+20200601/backends/actsync.c:781:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rport = atoi(p + 1); data/inn2-2.6.3+20200601/backends/actsync.c:979:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, cur->hi, ((i > ARTNUMPRINTSIZE) ? ARTNUMPRINTSIZE : i)+1); data/inn2-2.6.3+20200601/backends/actsync.c:1011:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, cur->low, ((i > ARTNUMPRINTSIZE) ? ARTNUMPRINTSIZE : i)+1); data/inn2-2.6.3+20200601/backends/actsync.c:1614:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. qsort((char *)grp, grplen, sizeof(grp[0]), merge_cmp); data/inn2-2.6.3+20200601/backends/actsync.c:1889:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. qsort((char *)grp, grplen, sizeof(grp[0]), active_cmp); data/inn2-2.6.3+20200601/backends/actsync.c:2380:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. qsort((char *)eqgrp, eq_cnt, sizeof(eqgrp[0]), eq_merge_cmp); data/inn2-2.6.3+20200601/backends/actsync.c:2476:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. qsort((char *)eqgrp, eq_cnt, sizeof(eqgrp[0]), eq_merge_cmp); data/inn2-2.6.3+20200601/backends/actsync.c:2524:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ+1]; /* interactive buffer */ data/inn2-2.6.3+20200601/backends/actsync.c:2572:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). io[READ_SIDE] = open(DEV_NULL, 0); data/inn2-2.6.3+20200601/backends/actsync.c:2575:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). io[WRITE_SIDE] = open(DEV_NULL, 1); data/inn2-2.6.3+20200601/backends/archive.c:102:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(file, concat ? "a" : "w"); data/inn2-2.6.3+20200601/backends/archive.c:108:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(file, concat ? "a" : "w"); data/inn2-2.6.3+20200601/backends/archive.c:359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/inn2-2.6.3+20200601/backends/archive.c:387:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). config.index = fopen(optarg, "a"); data/inn2-2.6.3+20200601/backends/archive.c:459:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). spool = fopen(file, "a"); data/inn2-2.6.3+20200601/backends/batcher.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/backends/batcher.c:90:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BIG_BUFFER]; data/inn2-2.6.3+20200601/backends/batcher.c:185:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BIG_BUFFER]; data/inn2-2.6.3+20200601/backends/batcher.c:186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BIG_BUFFER]; data/inn2-2.6.3+20200601/backends/batcher.c:217:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ArtsInBatch = atoi(optarg); data/inn2-2.6.3+20200601/backends/batcher.c:220:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MaxArts = atol(optarg); data/inn2-2.6.3+20200601/backends/batcher.c:223:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). BytesInBatch = atol(optarg); data/inn2-2.6.3+20200601/backends/batcher.c:226:17: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MaxBytes = atol(optarg); data/inn2-2.6.3+20200601/backends/batcher.c:232:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MaxBatches = atoi(optarg); data/inn2-2.6.3+20200601/backends/buffchan.c:129:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((sp->F = fopen("/dev/null", "w")) == NULL) data/inn2-2.6.3+20200601/backends/buffchan.c:160:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/backends/buffchan.c:372:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CloseEvery = atoi(optarg); data/inn2-2.6.3+20200601/backends/buffchan.c:375:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CloseSeconds = atoi(optarg); data/inn2-2.6.3+20200601/backends/buffchan.c:383:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Fields = atoi(optarg); data/inn2-2.6.3+20200601/backends/buffchan.c:386:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). FlushEvery = atoi(optarg); data/inn2-2.6.3+20200601/backends/buffchan.c:389:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). FlushSeconds = atoi(optarg); data/inn2-2.6.3+20200601/backends/buffchan.c:396:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(optarg, "w")) == NULL) data/inn2-2.6.3+20200601/backends/cvtbatch.c:96:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, text, r - text); data/inn2-2.6.3+20200601/backends/filechan.c:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[2048]; data/inn2-2.6.3+20200601/backends/filechan.c:59:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Fields = atoi(optarg); data/inn2-2.6.3+20200601/backends/filechan.c:66:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(optarg, "w")) == NULL) data/inn2-2.6.3+20200601/backends/filechan.c:111:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(p, O_CREAT | O_WRONLY | O_APPEND, BATCHFILE_MODE); data/inn2-2.6.3+20200601/backends/innxbatch.c:95:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/backends/innxbatch.c:255:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(buf)) { data/inn2-2.6.3+20200601/backends/innxbatch.c:332:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/backends/innxbatch.c:373:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ConnectTimeout = atoi(optarg); data/inn2-2.6.3+20200601/backends/innxbatch.c:376:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TotalTimeout = atoi(optarg); data/inn2-2.6.3+20200601/backends/innxbatch.c:468:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(XBATCHname, O_RDONLY, 0)) < 0) { data/inn2-2.6.3+20200601/backends/innxbatch.c:526:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(buff)) { data/inn2-2.6.3+20200601/backends/innxmit.c:293:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(REMbuffptr, p, i); data/inn2-2.6.3+20200601/backends/innxmit.c:383:14: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(BATCHtemp); data/inn2-2.6.3+20200601/backends/innxmit.c:492:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[BUFSIZ]; data/inn2-2.6.3+20200601/backends/innxmit.c:599:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/backends/innxmit.c:605:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/inn2-2.6.3+20200601/backends/innxmit.c:648:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(buff)) { data/inn2-2.6.3+20200601/backends/innxmit.c:709:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, p, q - p); data/inn2-2.6.3+20200601/backends/innxmit.c:743:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/backends/innxmit.c:770:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/backends/innxmit.c:808:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/backends/innxmit.c:822:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). resp = atoi(buff); data/inn2-2.6.3+20200601/backends/innxmit.c:954:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY); data/inn2-2.6.3+20200601/backends/innxmit.c:1016:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[8192+128]; data/inn2-2.6.3+20200601/backends/innxmit.c:1064:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/inn2-2.6.3+20200601/backends/innxmit.c:1073:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ConnectTimeout = atoi(optarg); data/inn2-2.6.3+20200601/backends/innxmit.c:1076:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TotalTimeout = atoi(optarg); data/inn2-2.6.3+20200601/backends/innxmit.c:1104:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((i = open(BATCHname, O_RDWR)) < 0) || ((BATCHqp = QIOfdopen(i)) == NULL)) { data/inn2-2.6.3+20200601/backends/innxmit.c:1196:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(buff)) { data/inn2-2.6.3+20200601/backends/innxmit.c:1232:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(buff)) { data/inn2-2.6.3+20200601/backends/innxmit.c:1438:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(buff)) { data/inn2-2.6.3+20200601/backends/map.c:52:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/backends/map.c:58:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(name, "r")) == NULL) { data/inn2-2.6.3+20200601/backends/ninpaths.c:195:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXFNAME]; data/inn2-2.6.3+20200601/backends/ninpaths.c:203:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). d=fopen(buf, "w"); data/inn2-2.6.3+20200601/backends/ninpaths.c:223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[MAXHOST]; data/inn2-2.6.3+20200601/backends/ninpaths.c:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[16]; data/inn2-2.6.3+20200601/backends/ninpaths.c:317:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). d=fopen(n, "r"); data/inn2-2.6.3+20200601/backends/ninpaths.c:368:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXLINE]; data/inn2-2.6.3+20200601/backends/ninpaths.c:411:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostString[MAXHOST]; data/inn2-2.6.3+20200601/backends/ninpaths.c:511:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vf=atoi(optarg); break; data/inn2-2.6.3+20200601/backends/nntpget.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[BUFSIZ]; data/inn2-2.6.3+20200601/backends/nntpget.c:172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/backends/nntpget.c:199:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/backends/nntpget.c:200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesgid[NNTP_MAXLEN_MSGID+10]; data/inn2-2.6.3+20200601/backends/nntpget.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[SMBUF]; data/inn2-2.6.3+20200601/backends/nntpget.c:318:19: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). msgidfd = mkstemp(msgidfile); data/inn2-2.6.3+20200601/backends/nntpget.c:321:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(msgidfile, "w+"); data/inn2-2.6.3+20200601/backends/nntpget.c:377:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(buff) != NNTP_CONT_IHAVE) data/inn2-2.6.3+20200601/backends/nntpget.c:389:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(buff) != NNTP_OK_ARTICLE) { data/inn2-2.6.3+20200601/backends/nntpget.c:435:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(buff); data/inn2-2.6.3+20200601/backends/nntpget.c:468:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(Update, "w")) == NULL) data/inn2-2.6.3+20200601/backends/overchan.c:50:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *fields[3]; data/inn2-2.6.3+20200601/backends/shlock.c:44:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(name, O_RDONLY)) < 0 && errno != ENOENT && !JustChecking) { data/inn2-2.6.3+20200601/backends/shlock.c:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/backends/shlock.c:76:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pid = (pid_t) atol(buff); data/inn2-2.6.3+20200601/backends/shlock.c:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[BUFSIZ]; data/inn2-2.6.3+20200601/backends/shlock.c:134:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp2[BUFSIZ+1]; data/inn2-2.6.3+20200601/backends/shlock.c:135:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/backends/shlock.c:170:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pid = (pid_t) atol(optarg); data/inn2-2.6.3+20200601/backends/shlock.c:201:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). while ((fd = open(tmp, O_RDWR | O_CREAT | O_EXCL, 0644)) < 0) { data/inn2-2.6.3+20200601/backends/shrinkfile.c:53:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(filename); data/inn2-2.6.3+20200601/backends/shrinkfile.c:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ + 1]; data/inn2-2.6.3+20200601/backends/shrinkfile.c:155:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(name, "w")) == NULL) { data/inn2-2.6.3+20200601/backends/shrinkfile.c:220:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(name, "w")) == NULL) { data/inn2-2.6.3+20200601/backends/shrinkfile.c:360:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(p, "r")) == NULL) { data/inn2-2.6.3+20200601/contrib/auth_pass.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[256]; data/inn2-2.6.3+20200601/contrib/auth_pass.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peername[1024]; data/inn2-2.6.3+20200601/contrib/auth_pass.c:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[32]; data/inn2-2.6.3+20200601/contrib/expirectl.c:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/inn2-2.6.3+20200601/contrib/expirectl.c:158:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fi = fopen(EXPIRE_DAYS, "r")) != NULL) { data/inn2-2.6.3+20200601/contrib/expirectl.c:237:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fi = fopen(EXPIRE_CTL_CTL, "r")) != NULL) { data/inn2-2.6.3+20200601/contrib/expirectl.c:238:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fo = fopen(EXPIRE_CTL ".tmp", "w")) != NULL) { data/inn2-2.6.3+20200601/contrib/expirectl.c:239:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbuf[2048]; data/inn2-2.6.3+20200601/contrib/expirectl.c:240:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[4096]; data/inn2-2.6.3+20200601/contrib/expirectl.c:251:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(base, dptr, sptr - base); data/inn2-2.6.3+20200601/contrib/expirectl.c:263:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(dptr, "%ld", v); data/inn2-2.6.3+20200601/contrib/expirectl.c:292:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fo = fopen(EXPIRE_DAYS, "w")) != NULL) { data/inn2-2.6.3+20200601/contrib/mlockfile.c:42:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(ml->path, O_RDONLY); data/inn2-2.6.3+20200601/contrib/mlockfile.c:113:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). interval = 1000 * atoi(optarg); data/inn2-2.6.3+20200601/contrib/newsresp.c:89:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/inn2-2.6.3+20200601/contrib/newsresp.c:128:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sock_in.sin_addr,host->h_addr,host->h_length); data/inn2-2.6.3+20200601/contrib/newsresp.c:202:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buffer+55," [...]\n"); data/inn2-2.6.3+20200601/contrib/newsresp.c:217:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ihave[32], data/inn2-2.6.3+20200601/contrib/pullart.c:57:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ArtHead[7] = {0, 0, 0, 'P', 'a', 't', 'h'}; data/inn2-2.6.3+20200601/contrib/pullart.c:58:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ArtTail[5] = {'\r', '\n', '.', '\r', '\n'}; data/inn2-2.6.3+20200601/contrib/pullart.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[32]; data/inn2-2.6.3+20200601/contrib/pullart.c:104:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Infile = fopen (argv[INFILE], "rb"); data/inn2-2.6.3+20200601/contrib/pullart.c:146:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (obuffer, "Path", 4); data/inn2-2.6.3+20200601/contrib/pullart.c:222:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[NBUFF]; data/inn2-2.6.3+20200601/contrib/pullart.c:223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[NBUFF]; data/inn2-2.6.3+20200601/contrib/pullart.c:288:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = fopen (filename, "wt"); data/inn2-2.6.3+20200601/contrib/reset-cnfs.c:16:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/inn2-2.6.3+20200601/contrib/reset-cnfs.c:28:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(argv[i], O_LARGEFILE | O_RDWR, 0664)) < 0) { data/inn2-2.6.3+20200601/contrib/reset-cnfs.c:30:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(argv[i], O_RDWR, 0664)) < 0) { data/inn2-2.6.3+20200601/contrib/respool.c:50:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arttmp, art->data, len); data/inn2-2.6.3+20200601/contrib/respool.c:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/expire/convdate.c:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_buffer[128]; data/inn2-2.6.3+20200601/expire/convdate.c:100:32: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seconds = (time_t) atol(date); data/inn2-2.6.3+20200601/expire/expire.c:78:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(Name, Mode)) == NULL) { data/inn2-2.6.3+20200601/expire/expire.c:174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/expire/expire.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fields[7]; data/inn2-2.6.3+20200601/expire/expire.c:236:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). j = atoi(fields[0]); data/inn2-2.6.3+20200601/expire/expire.c:494:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/expire/expire.c:563:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Size = atoi(optarg); data/inn2-2.6.3+20200601/expire/expire.c:569:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). EXPverbose = atoi(optarg); data/inn2-2.6.3+20200601/expire/expireover.c:133:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lowmark = fopen(lowmark_path, "a"); data/inn2-2.6.3+20200601/expire/fastrm.c:45:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char current_dir[MAX_DIR_LEN]; data/inn2-2.6.3+20200601/expire/fastrm.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prefix_dir[MAX_DIR_LEN * 2]; data/inn2-2.6.3+20200601/expire/fastrm.c:420:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAX_DIR_LEN]; data/inn2-2.6.3+20200601/expire/fastrm.c:670:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chdir_threshold = atoi(p + 1); data/inn2-2.6.3+20200601/expire/fastrm.c:682:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sort_threshold = atoi(p + 1); data/inn2-2.6.3+20200601/expire/fastrm.c:688:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). relative_threshold = atoi(p + 1); data/inn2-2.6.3+20200601/expire/grephistory.c:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/expire/makedbz.c:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/expire/makedbz.c:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[SMBUF]; data/inn2-2.6.3+20200601/expire/makedbz.c:265:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atol(optarg); data/inn2-2.6.3+20200601/expire/makehistory.c:153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[SMBUF]; data/inn2-2.6.3+20200601/expire/makehistory.c:212:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(SortedTmpPath); data/inn2-2.6.3+20200601/expire/makehistory.c:263:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). arrived = (time_t)atol(p); data/inn2-2.6.3+20200601/expire/makehistory.c:264:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expires = (time_t)atol(q); data/inn2-2.6.3+20200601/expire/makehistory.c:276:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). arrived = (time_t)atol(line); data/inn2-2.6.3+20200601/expire/makehistory.c:277:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expires = (time_t)atol(p); data/inn2-2.6.3+20200601/expire/makehistory.c:315:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[SMBUF]; data/inn2-2.6.3+20200601/expire/makehistory.c:355:14: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(OverTmpPath); data/inn2-2.6.3+20200601/expire/makehistory.c:393:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, q, r - q + 1); data/inn2-2.6.3+20200601/expire/makehistory.c:581:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char overdata[BIG_BUFFER]; data/inn2-2.6.3+20200601/expire/makehistory.c:582:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Bytes[BIG_BUFFER]; data/inn2-2.6.3+20200601/expire/makehistory.c:583:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Lines[BIG_BUFFER]; data/inn2-2.6.3+20200601/expire/makehistory.c:833:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hi = (ARTNUM)atol(p); data/inn2-2.6.3+20200601/expire/makehistory.c:839:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lo = (ARTNUM)atol(p); data/inn2-2.6.3+20200601/expire/makehistory.c:912:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). OverTmpSegSize = atoi(optarg); data/inn2-2.6.3+20200601/expire/makehistory.c:915:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). LoadAverage = atoi(optarg); data/inn2-2.6.3+20200601/expire/makehistory.c:925:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npairs = atoi(optarg); data/inn2-2.6.3+20200601/expire/makehistory.c:1050:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(RebuiltflagPath, "w")) == NULL) data/inn2-2.6.3+20200601/expire/prunehistory.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/frontends/ctlinnd.c:196:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *nv[4]; data/inn2-2.6.3+20200601/frontends/ctlinnd.c:198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/frontends/ctlinnd.c:223:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ICCsettimeout(atoi(optarg)); data/inn2-2.6.3+20200601/frontends/decode.c:31:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Buffer[4]; data/inn2-2.6.3+20200601/frontends/decode.c:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b3[3]; data/inn2-2.6.3+20200601/frontends/decode.c:64:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b13[13]; data/inn2-2.6.3+20200601/frontends/decode.c:65:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b3[3]; data/inn2-2.6.3+20200601/frontends/decode.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b12[12]; data/inn2-2.6.3+20200601/frontends/decode.c:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c12[12]; data/inn2-2.6.3+20200601/frontends/encode.c:32:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Buffer[13]; data/inn2-2.6.3+20200601/frontends/encode.c:79:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b4[4]; data/inn2-2.6.3+20200601/frontends/encode.c:103:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b3[3]; data/inn2-2.6.3+20200601/frontends/feedone.c:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/frontends/feedone.c:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/frontends/feedone.c:119:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(av[0], "r")) == NULL) data/inn2-2.6.3+20200601/frontends/feedone.c:158:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(buff) != i) { data/inn2-2.6.3+20200601/frontends/feedone.c:184:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(buff) != i) data/inn2-2.6.3+20200601/frontends/getlist.c:239:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/inn2-2.6.3+20200601/frontends/inews.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[MED_BUFFER]; data/inn2-2.6.3+20200601/frontends/inews.c:142:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(buff) != NNTP_OK_QUIT) data/inn2-2.6.3+20200601/frontends/inews.c:298:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localfrom[SMBUF]; data/inn2-2.6.3+20200601/frontends/inews.c:300:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/frontends/inews.c:301:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remotefrom[SMBUF]; data/inn2-2.6.3+20200601/frontends/inews.c:307:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). || atoi(buff) != NNTP_OK_HEAD) { data/inn2-2.6.3+20200601/frontends/inews.c:447:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outbuff[SMBUF]; data/inn2-2.6.3+20200601/frontends/inews.c:536:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/frontends/inews.c:537:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from[SMBUF]; data/inn2-2.6.3+20200601/frontends/inews.c:655:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%d", linecount); data/inn2-2.6.3+20200601/frontends/inews.c:681:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/frontends/inews.c:689:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(buff, "r")) == NULL) { data/inn2-2.6.3+20200601/frontends/inews.c:814:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(buff); data/inn2-2.6.3+20200601/frontends/inews.c:881:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[MED_BUFFER]; data/inn2-2.6.3+20200601/frontends/inews.c:882:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char SpoolMessage[MED_BUFFER]; data/inn2-2.6.3+20200601/frontends/inews.c:941:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/inn2-2.6.3+20200601/frontends/inews.c:995:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(buff); data/inn2-2.6.3+20200601/frontends/inews.c:1004:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((j = atoi(buff)) != NNTP_ERR_COMMAND) data/inn2-2.6.3+20200601/frontends/inews.c:1093:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(buff) != NNTP_OK_POST) data/inn2-2.6.3+20200601/frontends/ovdb_init.c:37:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = (*db)->open(*db, NULL, name, NULL, type, DB_CREATE, 0666); data/inn2-2.6.3+20200601/frontends/ovdb_init.c:94:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group[MED_BUFFER]; data/inn2-2.6.3+20200601/frontends/ovdb_init.c:121:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&higidbang, val.data, sizeof(group_id_t)); data/inn2-2.6.3+20200601/frontends/ovdb_init.c:126:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(group, key.data, key.size); data/inn2-2.6.3+20200601/frontends/ovdb_init.c:131:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gid, val.data, sizeof(group_id_t)); data/inn2-2.6.3+20200601/frontends/ovdb_init.c:142:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gs, ival.data, sizeof(struct groupstats)); data/inn2-2.6.3+20200601/frontends/ovdb_init.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[50]; data/inn2-2.6.3+20200601/frontends/ovdb_init.c:254:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dv, val.data, sizeof dv); data/inn2-2.6.3+20200601/frontends/ovdb_init.c:260:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ovdb_conf.numdbfiles), val.data, sizeof(ovdb_conf.numdbfiles)); data/inn2-2.6.3+20200601/frontends/ovdb_monitor.c:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/inn2-2.6.3+20200601/frontends/ovdb_monitor.c:48:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(path, O_WRONLY|O_TRUNC|O_CREAT, 0664); data/inn2-2.6.3+20200601/frontends/ovdb_monitor.c:105:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = db->open(db, NULL, "version", NULL, DB_BTREE, DB_CREATE, 0666); data/inn2-2.6.3+20200601/frontends/ovdb_server.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/inn2-2.6.3+20200601/frontends/ovdb_server.c:135:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(path, O_WRONLY|O_TRUNC|O_CREAT, 0664); data/inn2-2.6.3+20200601/frontends/ovdb_server.c:218:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)reply + sizeof(struct rs_srch), data, len); data/inn2-2.6.3+20200601/frontends/ovdb_server.c:607:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open("/dev/zero", O_RDWR, 0); data/inn2-2.6.3+20200601/frontends/ovdb_stat.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SMBUF]; data/inn2-2.6.3+20200601/frontends/ovdb_stat.c:180:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char val[SMBUF]; data/inn2-2.6.3+20200601/frontends/ovdb_stat.c:563:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(db->open(db, NULL, dbfile, NULL, DB_UNKNOWN, DB_RDONLY, 0)) data/inn2-2.6.3+20200601/frontends/ovdb_stat.c:589:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(str); data/inn2-2.6.3+20200601/frontends/ovdb_stat.c:598:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *stop = atoi(str+1); data/inn2-2.6.3+20200601/frontends/ovdb_stat.c:602:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *start = atoi(str); data/inn2-2.6.3+20200601/frontends/ovdb_stat.c:606:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *start = atoi(str); data/inn2-2.6.3+20200601/frontends/ovdb_stat.c:607:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *stop = atoi(c+1); data/inn2-2.6.3+20200601/frontends/rnews.c:195:14: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(filename); data/inn2-2.6.3+20200601/frontends/rnews.c:230:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/frontends/rnews.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[40]; data/inn2-2.6.3+20200601/frontends/rnews.c:290:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(buff)) { data/inn2-2.6.3+20200601/frontends/rnews.c:335:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch (atoi(buff)) { data/inn2-2.6.3+20200601/frontends/rnews.c:359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/inn2-2.6.3+20200601/frontends/rnews.c:489:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[(SMBUF * 2) + 1]; data/inn2-2.6.3+20200601/frontends/rnews.c:492:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/frontends/rnews.c:493:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *cargv[4]; data/inn2-2.6.3+20200601/frontends/rnews.c:548:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). artsize = atoi(&buff[9]); data/inn2-2.6.3+20200601/frontends/rnews.c:629:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[SMBUF]; data/inn2-2.6.3+20200601/frontends/rnews.c:656:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(InputFile, O_RDWR)) < 0) { data/inn2-2.6.3+20200601/frontends/rnews.c:714:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/frontends/rnews.c:722:12: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). spfd = mkstemp(tmpspool); data/inn2-2.6.3+20200601/frontends/rnews.c:754:12: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). spfd = mkstemp(spoolfile); data/inn2-2.6.3+20200601/frontends/rnews.c:822:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/frontends/rnews.c:849:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (open("/dev/null", O_RDONLY) < 0) data/inn2-2.6.3+20200601/frontends/rnews.c:851:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (open("/dev/null", O_RDONLY) < 0) data/inn2-2.6.3+20200601/frontends/rnews.c:853:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (open("/dev/null", O_RDONLY) < 0) data/inn2-2.6.3+20200601/frontends/rnews.c:906:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/inn2-2.6.3+20200601/frontends/sys2nf.c:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/frontends/sys2nf.c:38:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(act, "r")) == NULL) { data/inn2-2.6.3+20200601/frontends/sys2nf.c:254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[256]; data/inn2-2.6.3+20200601/frontends/sys2nf.c:286:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). for (F = fopen(TEMPFILE, "w"); p && *p == '#'; p = *sites++) data/inn2-2.6.3+20200601/frontends/sys2nf.c:334:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(TEMPFILE, "r")) == NULL) data/inn2-2.6.3+20200601/history/his.c:90:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)&h->cache[i].Hash, (char *)&MessageID, sizeof(HASH)); data/inn2-2.6.3+20200601/history/his.c:161:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). h->sub = (*h->methods->open)(path, flags, h); data/inn2-2.6.3+20200601/history/hisinterface.h:18:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void *(*open)(const char *path, int flags, struct history *); data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:322:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((h->readfd = open(h->histpath, O_RDONLY)) < 0) { data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:621:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[HISV6_MAX_LOCATION]; data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:635:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[HISV6_MAX_LOCATION]; data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:669:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[HISV6_MAXLINE + 1]; data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:683:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[HISV6_MAX_LOCATION]; data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:785:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[HISV6_MAX_LOCATION]; data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:830:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hisline[HISV6_MAXLINE + 1]; data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:831:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[HISV6_MAX_LOCATION]; data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:929:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old[HISV6_MAXLINE + 1]; data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:940:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new[HISV6_MAXLINE + 1]; data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:968:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[HISV6_MAX_LOCATION]; data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:1001:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[HISV6_MAX_LOCATION]; data/inn2-2.6.3+20200601/include/clibrary.h:129:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define va_copy(d, s) memcpy(&(d), &(s), sizeof(va_list)) data/inn2-2.6.3+20200601/include/clibrary.h:196:12: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). extern int mkstemp(char *); data/inn2-2.6.3+20200601/include/inn/dbz.h:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash[DBZ_INTERNAL_HASH_SIZE]; data/inn2-2.6.3+20200601/include/inn/libinn.h:157:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash[16]; data/inn2-2.6.3+20200601/include/inn/md5.h:65:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char byte[MD5_CHUNKSIZE]; /* Byte chunk buffer. */ data/inn2-2.6.3+20200601/include/inn/md5.h:69:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[MD5_DIGESTSIZE]; /* Final digest. */ data/inn2-2.6.3+20200601/include/inn/storage.h:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[STORAGE_TOKEN_LENGTH]; data/inn2-2.6.3+20200601/include/portable/socket.h:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __ss_pad1[SS_PAD1SIZE_]; data/inn2-2.6.3+20200601/include/portable/socket.h:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __ss_pad2[SS_PAD2SIZE_]; data/inn2-2.6.3+20200601/include/portable/socket.h:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __ss_pad1[SS_PAD1SIZE_]; data/inn2-2.6.3+20200601/include/portable/socket.h:109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __ss_pad2[SS_PAD2SIZE_]; data/inn2-2.6.3+20200601/innd/art.c:77:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hostcclass[256]; data/inn2-2.6.3+20200601/innd/art.c:584:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Article->data + data->Body - (char *) iov[i].iov_base; data/inn2-2.6.3+20200601/innd/art.c:609:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Article->data + data->Body - (char *) iov[i].iov_base); data/inn2-2.6.3+20200601/innd/art.c:1016:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%d Bad \"Message-ID\" header", data/inn2-2.6.3+20200601/innd/art.c:1025:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((delta = i - atoi(p)) != 0 data/inn2-2.6.3+20200601/innd/art.c:1094:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%d Unwanted character in \"Newsgroups\" header", data/inn2-2.6.3+20200601/innd/art.c:1165:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/art.c:1190:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, local, p - local); data/inn2-2.6.3+20200601/innd/art.c:1229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF+16]; data/inn2-2.6.3+20200601/innd/art.c:1540:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ngp->Filenum = atol(p + 1); data/inn2-2.6.3+20200601/innd/art.c:1587:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char LastMessageID[128]; data/inn2-2.6.3+20200601/innd/art.c:1606:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret, &context.digest[12 - offset], 4); data/inn2-2.6.3+20200601/innd/art.c:1939:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, **groups, ControlWord[SMBUF], **hops, *controlgroup; data/inn2-2.6.3+20200601/innd/art.c:1957:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *groupbuff[2]; data/inn2-2.6.3+20200601/innd/cc.c:159:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[32]; data/inn2-2.6.3+20200601/innd/cc.c:298:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Data.Arrived = atol(av[1]); data/inn2-2.6.3+20200601/innd/cc.c:301:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Data.Expires = atol(av[2]); data/inn2-2.6.3+20200601/innd/cc.c:304:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Data.Posted = atol(av[3]); data/inn2-2.6.3+20200601/innd/cc.c:841:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((lo = atol(cp)) == 0 && (cp[0] != '0' || cp[1] != '\0')) { data/inn2-2.6.3+20200601/innd/cc.c:974:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cp = CHANfromdescriptor(atoi(av[0])); data/inn2-2.6.3+20200601/innd/cc.c:1080:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(TIMES, O_WRONLY | O_APPEND | O_CREAT, 0664)) < 0) { data/inn2-2.6.3+20200601/innd/cc.c:1168:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MaxOutgoing = atoi(p); data/inn2-2.6.3+20200601/innd/cc.c:1172:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TimeOut.tv_sec = atol(p); data/inn2-2.6.3+20200601/innd/cc.c:1176:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). RemoteLimit = atoi(p); data/inn2-2.6.3+20200601/innd/cc.c:1180:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp = atoi(p); data/inn2-2.6.3+20200601/innd/cc.c:1191:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). RemoteTimer = (time_t) atoi(p); data/inn2-2.6.3+20200601/innd/cc.c:1206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * av[2]; data/inn2-2.6.3+20200601/innd/cc.c:1634:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if ((s = atoi(p)) <= 0) data/inn2-2.6.3+20200601/innd/cc.c:1779:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((cp = CHANfromdescriptor(atoi(p))) == NULL) data/inn2-2.6.3+20200601/innd/cc.c:1827:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BIG_BUFFER + 2]; data/inn2-2.6.3+20200601/innd/cc.c:1828:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[SC_MAXFIELDS + 2]; data/inn2-2.6.3+20200601/innd/cc.c:1923:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, buff, bufflen); data/inn2-2.6.3+20200601/innd/cc.c:1966:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tbuff,&protocol,sizeof (protocol)) ; data/inn2-2.6.3+20200601/innd/cc.c:1970:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tbuff,&bufflen,sizeof (bufflen)) ; data/inn2-2.6.3+20200601/innd/cc.c:1990:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open(argv[0], O_WRONLY | O_NDELAY)) < 0) data/inn2-2.6.3+20200601/innd/cc.c:2066:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open(CCpath, O_RDWR)) < 0) { data/inn2-2.6.3+20200601/innd/chan.c:247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[INET6_ADDRSTRLEN] = "?"; data/inn2-2.6.3+20200601/innd/icd.c:39:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iovp->iov_base, base, iovp->iov_len); data/inn2-2.6.3+20200601/innd/icd.c:182:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(BACKUP, O_WRONLY | O_TRUNC | O_CREAT, 0664)) < 0) { data/inn2-2.6.3+20200601/innd/icd.c:250:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(NEWACT, O_WRONLY | O_TRUNC | O_CREAT, ARTFILE_MODE); data/inn2-2.6.3+20200601/innd/icd.c:345:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/icd.c:453:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ICDactfd = open(ICDactpath, O_RDWR)) < 0) { data/inn2-2.6.3+20200601/innd/innd.c:361:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/innd.c:456:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). RemoteLimit = atoi(optarg); data/inn2-2.6.3+20200601/innd/innd.c:494:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MaxOutgoing = atoi(optarg); data/inn2-2.6.3+20200601/innd/innd.c:510:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TimeOut.tv_sec = atol(optarg); data/inn2-2.6.3+20200601/innd/innd.c:513:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). RemoteTotal = atoi(optarg); data/inn2-2.6.3+20200601/innd/innd.c:519:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). RemoteTimer = atoi(optarg); data/inn2-2.6.3+20200601/innd/innd.c:676:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(PID, "r")) != NULL) { data/inn2-2.6.3+20200601/innd/innd.c:678:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). && ((pid = (pid_t) atol(buff)) > 0) data/inn2-2.6.3+20200601/innd/innd.c:729:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(PID, "w")) == NULL) { data/inn2-2.6.3+20200601/innd/innd.h:243:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char LinesBuffer[SMBUF]; /* Generated Lines: header. */ data/inn2-2.6.3+20200601/innd/innd.h:246:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Bytes[SMBUF]; /* Generated Bytes: header. */ data/inn2-2.6.3+20200601/innd/innd.h:250:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TokenText[(sizeof(TOKEN) * 2) + 3]; data/inn2-2.6.3+20200601/innd/innd.h:418:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Error[SMBUF]; /* error buffer */ data/inn2-2.6.3+20200601/innd/innd.h:420:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Name[SMBUF]; /* storage for CHANname */ data/inn2-2.6.3+20200601/innd/innd.h:519:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char FileFlags[FEED_MAXFLAGS + 1]; data/inn2-2.6.3+20200601/innd/keywords.c:147:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(orig_text, body, bodylen); data/inn2-2.6.3+20200601/innd/nc.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/nc.c:222:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/nc.c:781:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cp->XBatchSize = atoi(cp->av[1]); data/inn2-2.6.3+20200601/innd/nc.c:965:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/nc.c:1029:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/nc.c:1048:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/nc.c:1069:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/nc.c:1090:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; /* For our (long) answers for CHECK/TAKETHIS, data/inn2-2.6.3+20200601/innd/nc.c:1544:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff2[SMBUF]; data/inn2-2.6.3+20200601/innd/nc.c:1553:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(buff, O_WRONLY|O_CREAT|O_EXCL, ARTFILE_MODE); data/inn2-2.6.3+20200601/innd/nc.c:1691:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/nc.c:2003:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[2] = { NULL, NULL }; data/inn2-2.6.3+20200601/innd/nc.c:2004:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/newsfeeds.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varname[64]; data/inn2-2.6.3+20200601/innd/newsfeeds.c:524:17: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->MaxSize = atol(p); data/inn2-2.6.3+20200601/innd/newsfeeds.c:528:17: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->MinSize = atol(p); data/inn2-2.6.3+20200601/innd/newsfeeds.c:552:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->StartWriting = atoi(p); data/inn2-2.6.3+20200601/innd/newsfeeds.c:556:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->StopWriting = atoi(p); data/inn2-2.6.3+20200601/innd/newsfeeds.c:561:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->Crosscount = atoi(p); data/inn2-2.6.3+20200601/innd/newsfeeds.c:573:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->Groupcount = atoi(p); data/inn2-2.6.3+20200601/innd/newsfeeds.c:579:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->Hops = atoi(p); data/inn2-2.6.3+20200601/innd/newsfeeds.c:603:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->Nice = atoi(p); data/inn2-2.6.3+20200601/innd/newsfeeds.c:640:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->StartSpooling = atol(p); data/inn2-2.6.3+20200601/innd/newsfeeds.c:656:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sp->Followcount = atoi(p); data/inn2-2.6.3+20200601/innd/ng.c:95:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lo = (ARTNUM)atol(q + 1); data/inn2-2.6.3+20200601/innd/ng.c:100:17: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ngp->Last = atol(ngp->LastString); data/inn2-2.6.3+20200601/innd/ng.c:370:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). l = atol(f2); data/inn2-2.6.3+20200601/innd/ng.c:385:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). l = atol(f3); data/inn2-2.6.3+20200601/innd/ng.c:424:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). l = atol(f2); data/inn2-2.6.3+20200601/innd/ng.c:435:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). l = atol(f3); data/inn2-2.6.3+20200601/innd/perl.c:74:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/inn2-2.6.3+20200601/innd/perl.c:159:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/inn2-2.6.3+20200601/innd/perl.c:329:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[32]; data/inn2-2.6.3+20200601/innd/perl.c:409:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *parambuf[2]; data/inn2-2.6.3+20200601/innd/python.c:130:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/inn2-2.6.3+20200601/innd/python.c:187:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/inn2-2.6.3+20200601/innd/python.c:215:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldmode[10], newmode[10]; data/inn2-2.6.3+20200601/innd/python.c:294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *parambuf[2]; data/inn2-2.6.3+20200601/innd/python.c:318:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuff[32]; data/inn2-2.6.3+20200601/innd/python.c:319:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *parambuf[6]; data/inn2-2.6.3+20200601/innd/python.c:529:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(workstring, wpos, worksize); data/inn2-2.6.3+20200601/innd/rc.c:73:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char RCbuff[BIG_BUFFER]; data/inn2-2.6.3+20200601/innd/rc.c:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char IDENTuser[80]; data/inn2-2.6.3+20200601/innd/rc.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80], *buf2; data/inn2-2.6.3+20200601/innd/rc.c:271:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/innd/rc.c:334:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/innd/rc.c:367:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/rc.c:440:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/rc.c:441:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/innd/rc.c:822:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rp->Address, ai->ai_addr, ai->ai_addrlen); data/inn2-2.6.3+20200601/innd/rc.c:1034:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(&rp->Address, res->ai_addr, res->ai_addrlen); data/inn2-2.6.3+20200601/innd/rc.c:1257:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max = atoi(word); data/inn2-2.6.3+20200601/innd/rc.c:1288:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). peer_params.HoldTime = atoi(word); data/inn2-2.6.3+20200601/innd/rc.c:1291:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). group_params->HoldTime = atoi(word); data/inn2-2.6.3+20200601/innd/rc.c:1293:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_params.HoldTime = atoi(word); data/inn2-2.6.3+20200601/innd/rc.c:1652:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/innd/site.c:51:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). i = open(name, O_APPEND | O_CREAT | O_WRONLY, BATCHFILE_MODE); data/inn2-2.6.3+20200601/innd/site.c:55:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). i = open(name, O_APPEND | O_CREAT | O_WRONLY, BATCHFILE_MODE); data/inn2-2.6.3+20200601/innd/site.c:189:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_APPEND | O_CREAT | O_WRONLY, BATCHFILE_MODE); data/inn2-2.6.3+20200601/innd/site.c:193:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(togo, O_APPEND | O_CREAT | O_WRONLY, BATCHFILE_MODE); data/inn2-2.6.3+20200601/innd/site.c:337:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuff[32]; data/inn2-2.6.3+20200601/innd/site.c:499:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/innd/site.c:500:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * argv[MAX_BUILTIN_ARGV]; data/inn2-2.6.3+20200601/innd/site.c:585:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[MAX_BUILTIN_ARGV]; data/inn2-2.6.3+20200601/innd/site.c:710:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(sp->Param, O_APPEND | O_CREAT | O_WRONLY, BATCHFILE_MODE); data/inn2-2.6.3+20200601/innd/site.c:1104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/status.c:18:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[SMBUF]; data/inn2-2.6.3+20200601/innd/status.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip_addr[SMBUF]; data/inn2-2.6.3+20200601/innd/status.c:56:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_time[50]; data/inn2-2.6.3+20200601/innd/status.c:88:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (str, "%.1fGb", (double) size / 1073741824.); data/inn2-2.6.3+20200601/innd/status.c:91:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (str, "%.1fMb", (double) size / 1048576.); data/inn2-2.6.3+20200601/innd/status.c:93:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (str, "%.1fkb", (double) size / 1024.); data/inn2-2.6.3+20200601/innd/status.c:115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TempString[SMBUF]; data/inn2-2.6.3+20200601/innd/status.c:117:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char other_ip_addr[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/innd/status.c:120:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[315]; /* Maximum buffer size for PrettySize() */ data/inn2-2.6.3+20200601/innd/tinyleaf.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[33], *article, *msgid; data/inn2-2.6.3+20200601/innd/tinyleaf.c:99:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[16]; data/inn2-2.6.3+20200601/innd/tinyleaf.c:130:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, 0666); data/inn2-2.6.3+20200601/innd/util.c:56:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[80]; data/inn2-2.6.3+20200601/innd/util.c:268:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innd/util.c:294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/innfeed/article.c:292:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/article.c:329:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/article.c:602:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). opened = ((fd = open (article->fname,O_RDONLY,0)) >= 0) ? true : false; data/inn2-2.6.3+20200601/innfeed/article.c:716:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, mMapping, articlesize); data/inn2-2.6.3+20200601/innfeed/buffer.c:180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/buffer.c:197:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/buffer.c:198:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufferStart [256] ; data/inn2-2.6.3+20200601/innfeed/buffer.c:214:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bufferStart,buffer->mem,i) ; data/inn2-2.6.3+20200601/innfeed/buffer.c:371:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (baseDest, baseSrc, amt) ; data/inn2-2.6.3+20200601/innfeed/buffer.c:408:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newMem, dest->mem, dest->dataSize) ; data/inn2-2.6.3+20200601/innfeed/buffer.c:417:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&dest->mem[dest->dataSize], src->mem, dest->dataSize) ; data/inn2-2.6.3+20200601/innfeed/config_l.c:888:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((yyin = fopen(yytext,"r")) == NULL) data/inn2-2.6.3+20200601/innfeed/config_l.c:1060:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). { yylval.integer = atoi (yytext) ; return (IVAL) ; } data/inn2-2.6.3+20200601/innfeed/config_y.c:619:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (rval,"line %d: NULL key", lineCount) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:625:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (rval,"line %d: EMPTY KEY", lineCount) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:1523:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/inn2-2.6.3+20200601/innfeed/config_y.c:1712:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/inn2-2.6.3+20200601/innfeed/config_y.c:2432:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (file,"r")) == NULL) data/inn2-2.6.3+20200601/innfeed/connection.c:1096:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/connection.c:1120:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/connection.c:4514:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dateString [30] ; data/inn2-2.6.3+20200601/innfeed/connection.c:4708:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rval [64] ; data/inn2-2.6.3+20200601/innfeed/endpoint.c:604:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&rSet,&rdSet,sizeof (rdSet)) ; data/inn2-2.6.3+20200601/innfeed/endpoint.c:605:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&wSet,&wrSet,sizeof (wrSet)) ; data/inn2-2.6.3+20200601/innfeed/endpoint.c:606:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&eSet,&exSet,sizeof (exSet)) ; data/inn2-2.6.3+20200601/innfeed/endpoint.c:1074:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. vp[0].iov_base = (char *) vp[0].iov_base + endp->outIndex ; data/inn2-2.6.3+20200601/innfeed/endpoint.c:1471:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dateString[30]; data/inn2-2.6.3+20200601/innfeed/endpoint.c:1493:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dateString[30]; data/inn2-2.6.3+20200601/innfeed/endpoint.c:1563:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned short port = atoi (argc > 1 ? argv[1] : "10000") ; data/inn2-2.6.3+20200601/innfeed/host.c:352:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char startTime [30] ; /* for timeToString */ data/inn2-2.6.3+20200601/innfeed/host.c:504:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) params, (char *) p, sizeof(struct host_param_s)); data/inn2-2.6.3+20200601/innfeed/host.c:1171:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[20]; data/inn2-2.6.3+20200601/innfeed/host.c:1207:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &newIpAddrs[i], p->ai_addr, p->ai_addrlen ); data/inn2-2.6.3+20200601/innfeed/host.c:1273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/host.c:1291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dateString [30] ; data/inn2-2.6.3+20200601/innfeed/host.c:1292:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/host.c:2078:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgstr[SMBUF] ; data/inn2-2.6.3+20200601/innfeed/host.c:2598:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (statusFile,"w")) == NULL) data/inn2-2.6.3+20200601/innfeed/host.c:2613:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgstr[SMBUF] ; data/inn2-2.6.3+20200601/innfeed/host.c:3264:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (statusFile,"w")) == NULL) data/inn2-2.6.3+20200601/innfeed/host.c:3272:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timeString [30] ; data/inn2-2.6.3+20200601/innfeed/host.c:3494:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip_addr[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:87:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[MAXHOSTNAMELEN]; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:346:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imap_currentTag[IMAP_TAGLENGTH+1]; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:856:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, str_base, str-str_base); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:859:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( str_base, str_base + (str-str_base)+1, size - (str-str_base)); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:997:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->folder, folder, folderlen); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1001:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->msgid, msgid, msgidlen); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1059:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[100]; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1068:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp,control_header, clen); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1105:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->folder, control_header, folderlen); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1341:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV]; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1361:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localip[NI_MAXHOST+NI_MAXSERV+1]; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1362:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remoteip[NI_MAXHOST+NI_MAXSERV+1]; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1496:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr.sin_addr, hp->h_addr, hp->h_length); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2405:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in[4096]; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2786:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strbuf[4096]; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2881:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cxn->current_control->data.control->uid = atoi(str); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3187:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4096]; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:4215:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dateString [30] ; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:4579:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:4596:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/innlistener.c:124:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/innlistener.c:142:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/innlistener.c:181:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/inn2-2.6.3+20200601/innfeed/innlistener.c:183:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(pidFile, "r")) == NULL) data/inn2-2.6.3+20200601/innfeed/innlistener.c:186:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (fgets(buf, 32, fp) != NULL && atoi(buf) == getpid()) data/inn2-2.6.3+20200601/innfeed/innlistener.c:230:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dateString [30] ; data/inn2-2.6.3+20200601/innfeed/innlistener.c:313:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [32], *p ; data/inn2-2.6.3+20200601/innfeed/innlistener.c:317:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(InputFile, O_RDWR) ; data/inn2-2.6.3+20200601/innfeed/innlistener.c:672:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offsetString[21]; /* size of long long may be 20 */ data/inn2-2.6.3+20200601/innfeed/innlistener.c:721:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((droppedFp = fopen (dropArtFile,"w")) == NULL) data/inn2-2.6.3+20200601/innfeed/innlistener.c:728:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((droppedFp = fopen ("/dev/null","w")) == NULL) data/inn2-2.6.3+20200601/innfeed/main.c:126:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dateString [30] ; data/inn2-2.6.3+20200601/innfeed/main.c:177:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). loggingLevel = atoi (optarg) ; data/inn2-2.6.3+20200601/innfeed/main.c:184:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). elimit = atoi (optarg) ; data/inn2-2.6.3+20200601/innfeed/main.c:209:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). artSetMaxBytesInUse (atoi (optarg)) ; data/inn2-2.6.3+20200601/innfeed/main.c:276:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/null", O_WRONLY); data/inn2-2.6.3+20200601/innfeed/main.c:658:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(pidFile, "w")) == NULL) data/inn2-2.6.3+20200601/innfeed/main.c:683:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nowString[30]; data/inn2-2.6.3+20200601/innfeed/main.c:687:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (snapshotFile,"a") ; data/inn2-2.6.3+20200601/innfeed/misc.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuff[30]; data/inn2-2.6.3+20200601/innfeed/misc.c:114:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timeString [30] ; data/inn2-2.6.3+20200601/innfeed/misc.c:149:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer [512] ; /* gag me */ data/inn2-2.6.3+20200601/innfeed/misc.c:383:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff [20] ; data/inn2-2.6.3+20200601/innfeed/misc.c:384:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpName [PATH_MAX+sizeof(long)+10], realName [PATH_MAX] ; data/inn2-2.6.3+20200601/innfeed/misc.c:401:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). while ((fd = open (tmpName, O_RDWR | O_CREAT | O_EXCL, 0644)) < 0) data/inn2-2.6.3+20200601/innfeed/misc.c:444:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open (realName,O_RDONLY)) < 0) data/inn2-2.6.3+20200601/innfeed/misc.c:460:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pid = (pid_t) atol (buff) ; data/inn2-2.6.3+20200601/innfeed/misc.c:519:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff [BUFSIZ] ; data/inn2-2.6.3+20200601/innfeed/misc.c:523:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((outTmp = fopen (dest, "a")) == NULL) data/inn2-2.6.3+20200601/innfeed/misc.c:525:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((inTmp = fopen (src, "r")) == NULL) data/inn2-2.6.3+20200601/innfeed/misc.c:629:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer [BUFSIZ] ; data/inn2-2.6.3+20200601/innfeed/misc.c:644:8: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp (tmpname) ; data/inn2-2.6.3+20200601/innfeed/tape.c:469:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/tape.c:523:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indent [INDENT_BUFFER_SIZE] ; data/inn2-2.6.3+20200601/innfeed/tape.c:683:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line [2048] ; /* ick. 1024 for filename + 1024 for msgid */ data/inn2-2.6.3+20200601/innfeed/tape.c:1095:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tape->inFp = fopen (tape->inputFilename,"r+")) == NULL) data/inn2-2.6.3+20200601/innfeed/tape.c:1099:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer [64] ; data/inn2-2.6.3+20200601/innfeed/tape.c:1178:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tape->outFp = fopen (tape->outputFilename,"a+")) == NULL) data/inn2-2.6.3+20200601/lib/alloca.c:103:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char align[ALIGN_SIZE]; /* To force sizeof(header). */ data/inn2-2.6.3+20200601/lib/buffer.c:137:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->data + total, data, length); data/inn2-2.6.3+20200601/lib/clientactive.c:31:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). CAfp = fopen(path, "r"); data/inn2-2.6.3+20200601/lib/clientactive.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/lib/clientactive.c:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expectedanswer[BUFSIZ]; data/inn2-2.6.3+20200601/lib/clientactive.c:56:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(pathname, "w"); data/inn2-2.6.3+20200601/lib/clientactive.c:90:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(pathname, "r"); data/inn2-2.6.3+20200601/lib/clientactive.c:120:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(CApathname); data/inn2-2.6.3+20200601/lib/clientlib.c:15:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ser_line[NNTP_MAXLEN_COMMAND + 2]; data/inn2-2.6.3+20200601/lib/clientlib.c:25:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[256]; data/inn2-2.6.3+20200601/lib/clientlib.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line2[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/lib/clientlib.c:54:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(ser_line); data/inn2-2.6.3+20200601/lib/clientlib.c:61:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(line2) != NNTP_ERR_COMMAND) data/inn2-2.6.3+20200601/lib/clientlib.c:65:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(ser_line); data/inn2-2.6.3+20200601/lib/clientlib.c:87:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(ser_line) == response) { data/inn2-2.6.3+20200601/lib/clientlib.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/lib/conffile.c:117:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/inn2-2.6.3+20200601/lib/confparse.c:739:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file->fd = open(filename, O_RDONLY); data/inn2-2.6.3+20200601/lib/daemonize.c:45:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/tty", O_RDWR); data/inn2-2.6.3+20200601/lib/daemonize.c:56:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/null", O_RDWR, 0); data/inn2-2.6.3+20200601/lib/date.c:25:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char WEEKDAY[7][4] = { data/inn2-2.6.3+20200601/lib/date.c:29:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char MONTH[12][4] = { data/inn2-2.6.3+20200601/lib/date.c:35:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char OBS_MONTH[12][10] = { data/inn2-2.6.3+20200601/lib/date.c:49:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char name[4]; data/inn2-2.6.3+20200601/lib/date.c:63:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char name[5]; data/inn2-2.6.3+20200601/lib/date.c:132:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char (*table)[4]; data/inn2-2.6.3+20200601/lib/dbz.c:664:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tab->fd = open(name, readonly ? O_RDONLY : O_RDWR)) < 0) { data/inn2-2.6.3+20200601/lib/dbz.c:927:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *bp, buffer[MAX_NB2RD]; data/inn2-2.6.3+20200601/lib/dbz.c:1017:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value, &((of_t *)idxtab.core)[srch.place], sizeof(of_t)); data/inn2-2.6.3+20200601/lib/dbz.c:1064:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&value, &data, SOF); data/inn2-2.6.3+20200601/lib/dbz.c:1384:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sp->shorthash, (const char *)&hash + (sizeof(hash) - tocopy), data/inn2-2.6.3+20200601/lib/dbz.c:1491:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&value, &((erec *)etab.core)[sp->place], sizeof(erec)); data/inn2-2.6.3+20200601/lib/dbz.c:1545:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(where, value, tab->reclen); data/inn2-2.6.3+20200601/lib/dbz.c:1688:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[2048], *p; data/inn2-2.6.3+20200601/lib/dbz.c:1714:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atoi(argv[++i]); data/inn2-2.6.3+20200601/lib/dbz.c:1722:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fpi = fopen(history, "r")) == NULL) { data/inn2-2.6.3+20200601/lib/defdist.c:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/lib/defdist.c:44:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(path, "r"); data/inn2-2.6.3+20200601/lib/defdist.c:53:14: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(name); data/inn2-2.6.3+20200601/lib/defdist.c:99:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ep->Weight = atoi(buff); data/inn2-2.6.3+20200601/lib/defdist.c:168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/lib/getfqdn.c:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[BUFSIZ]; data/inn2-2.6.3+20200601/lib/getmodaddr.c:42:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/lib/getmodaddr.c:43:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expectedanswer[BUFSIZ]; data/inn2-2.6.3+20200601/lib/getmodaddr.c:142:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char address[SMBUF]; data/inn2-2.6.3+20200601/lib/getmodaddr.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/lib/getmodaddr.c:147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[SMBUF]; data/inn2-2.6.3+20200601/lib/getmodaddr.c:160:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GMAfp = fopen(path, "r"); data/inn2-2.6.3+20200601/lib/getmodaddr.c:167:14: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(GMApathname); data/inn2-2.6.3+20200601/lib/getmodaddr.c:176:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GMAfp = fopen(path, "r"); data/inn2-2.6.3+20200601/lib/getnameinfo.c:77:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node, name, namelen + 1); data/inn2-2.6.3+20200601/lib/getnameinfo.c:126:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node, name, namelen + 1); data/inn2-2.6.3+20200601/lib/getnameinfo.c:152:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(service, srv->s_name, namelen + 1); data/inn2-2.6.3+20200601/lib/hash.c:116:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hashstr[(sizeof(HASH) * 2) + 1]; data/inn2-2.6.3+20200601/lib/inet_ntoa.c:43:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[16]; data/inn2-2.6.3+20200601/lib/inet_ntoa.c:47:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%u.%u.%u.%u", data/inn2-2.6.3+20200601/lib/inndcomm.c:80:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(ICCsockname); data/inn2-2.6.3+20200601/lib/inndcomm.c:135:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ICCfd = open(ICCsockname, O_RDWR)) < 0) { data/inn2-2.6.3+20200601/lib/inndcomm.c:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/lib/inndcomm.c:181:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(path, "r"); data/inn2-2.6.3+20200601/lib/inndcomm.c:185:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pid = atol(buff); data/inn2-2.6.3+20200601/lib/inndcomm.c:267:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, &protocol, sizeof(protocol)); data/inn2-2.6.3+20200601/lib/inndcomm.c:268:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff + sizeof(protocol), &rlen, sizeof(rlen)); data/inn2-2.6.3+20200601/lib/inndcomm.c:279:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_WRONLY); data/inn2-2.6.3+20200601/lib/inndcomm.c:409:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(buff); data/inn2-2.6.3+20200601/lib/inndcomm.c:428:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *args[2]; data/inn2-2.6.3+20200601/lib/inndcomm.c:442:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *args[2]; data/inn2-2.6.3+20200601/lib/inndcomm.c:456:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *args[2]; data/inn2-2.6.3+20200601/lib/inndcomm.c:470:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *args[2]; data/inn2-2.6.3+20200601/lib/localopen.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuff[NNTP_MAXLEN_COMMAND + 2]; data/inn2-2.6.3+20200601/lib/localopen.c:74:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). j = atoi(buff); data/inn2-2.6.3+20200601/lib/md5.c:79:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char padding[MD5_CHUNKSIZE] = { 0x80, 0 /* 0, ... */ }; data/inn2-2.6.3+20200601/lib/md5.c:99:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define encode(data, out) memcpy((out), (data), MD5_DIGESTSIZE) data/inn2-2.6.3+20200601/lib/md5.c:145:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, data, MD5_DIGESTSIZE); data/inn2-2.6.3+20200601/lib/md5.c:221:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->in.byte + datalen, data, count); data/inn2-2.6.3+20200601/lib/md5.c:225:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->in.byte + datalen, data, left); data/inn2-2.6.3+20200601/lib/md5.c:246:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->in.byte, data, count); data/inn2-2.6.3+20200601/lib/md5.c:279:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in, data, MD5_CHUNKSIZE); data/inn2-2.6.3+20200601/lib/md5.c:354:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context.digest, MD5_DIGESTSIZE); data/inn2-2.6.3+20200601/lib/messageid.c:21:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char midcclass[256]; data/inn2-2.6.3+20200601/lib/messageid.c:30:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[SMBUF]; data/inn2-2.6.3+20200601/lib/messageid.c:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sec32[10]; data/inn2-2.6.3+20200601/lib/messageid.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pid32[10]; data/inn2-2.6.3+20200601/lib/mkstemp.c:39:9: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). # undef mkstemp data/inn2-2.6.3+20200601/lib/mkstemp.c:40:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). # define mkstemp test_mkstemp data/inn2-2.6.3+20200601/lib/mkstemp.c:52:1: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). mkstemp(char *template) data/inn2-2.6.3+20200601/lib/mkstemp.c:90:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); data/inn2-2.6.3+20200601/lib/network-innbind.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[128]; data/inn2-2.6.3+20200601/lib/network-innbind.c:285:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service[16], name[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/lib/network.c:287:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service[16], name[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/lib/network.c:607:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portbuf[16]; data/inn2-2.6.3+20200601/lib/perl.c:364:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((newfd = open("/dev/null",O_WRONLY)) < 0) { data/inn2-2.6.3+20200601/lib/qio.c:89:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_RDONLY); data/inn2-2.6.3+20200601/lib/radix32.c:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/inn2-2.6.3+20200601/lib/readin.c:78:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(name, O_RDONLY)) < 0) data/inn2-2.6.3+20200601/lib/remopen.c:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mybuff[NNTP_MAXLEN_COMMAND + 2]; data/inn2-2.6.3+20200601/lib/remopen.c:49:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). code = atoi(buff); data/inn2-2.6.3+20200601/lib/reservedfd.c:47:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((Reserved_fd[i] = fopen("/dev/null", "r")) == NULL)){ data/inn2-2.6.3+20200601/lib/reservedfd.c:68:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(p, type); data/inn2-2.6.3+20200601/lib/sendpass.c:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/lib/sendpass.c:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input[SMBUF]; data/inn2-2.6.3+20200601/lib/sendpass.c:43:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(path, "r"); data/inn2-2.6.3+20200601/lib/sendpass.c:82:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(input) == NNTP_OK_AUTHINFO) data/inn2-2.6.3+20200601/lib/sendpass.c:84:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (atoi(input) != NNTP_CONT_AUTHINFO) data/inn2-2.6.3+20200601/lib/sendpass.c:94:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). || atoi(input) != NNTP_OK_AUTHINFO) data/inn2-2.6.3+20200601/lib/setproctitle.c:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[BUFSIZ]; data/inn2-2.6.3+20200601/lib/snprintf.c:535:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[24]; data/inn2-2.6.3+20200601/lib/snprintf.c:673:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconvert[24]; data/inn2-2.6.3+20200601/lib/snprintf.c:674:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fconvert[24]; data/inn2-2.6.3+20200601/lib/snprintf.c:899:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[LONG_STRING]; data/inn2-2.6.3+20200601/lib/snprintf.c:900:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[LONG_STRING]; data/inn2-2.6.3+20200601/lib/strlcat.c:50:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + used, src, copy); data/inn2-2.6.3+20200601/lib/strlcpy.c:48:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, copy); data/inn2-2.6.3+20200601/lib/timer.c:87:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const timer_name[TMR_APPLICATION] = { data/inn2-2.6.3+20200601/lib/vector.c:487:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string + offset, separator, seplen); data/inn2-2.6.3+20200601/lib/vector.c:491:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string + offset, vector->strings[i], length); data/inn2-2.6.3+20200601/lib/vector.c:527:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string + offset, separator, seplen); data/inn2-2.6.3+20200601/lib/vector.c:531:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string + offset, vector->strings[i], length); data/inn2-2.6.3+20200601/lib/xfopena.c:20:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(p, O_WRONLY | O_APPEND | O_CREAT, 0666); data/inn2-2.6.3+20200601/lib/xmalloc.c:188:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, s, len); data/inn2-2.6.3+20200601/lib/xmalloc.c:214:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, s, length); data/inn2-2.6.3+20200601/lib/xwrite.c:196:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpiov, iov + i, iovleft * sizeof(struct iovec)); data/inn2-2.6.3+20200601/lib/xwrite.c:214:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tmpiov[i].iov_base = (char *) tmpiov[i].iov_base + offset; data/inn2-2.6.3+20200601/nnrpd/article.c:152:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. iov[i].iov_base = (char *)iov[i].iov_base + chunkbittenoff; data/inn2-2.6.3+20200601/nnrpd/article.c:199:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. q = (char *)iov[queued_iov - 1].iov_base + iov[queued_iov - 1].iov_len; data/inn2-2.6.3+20200601/nnrpd/article.c:237:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&_IO_buffer_[highwater], p, tocopy); data/inn2-2.6.3+20200601/nnrpd/article.c:583:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(retval, s, q - s); data/inn2-2.6.3+20200601/nnrpd/article.c:586:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(retval, VirtualPath, VirtualPathlen); data/inn2-2.6.3+20200601/nnrpd/article.c:588:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(retval + VirtualPathlen + 1, p, q - p); data/inn2-2.6.3+20200601/nnrpd/article.c:598:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(retval, VirtualPath, VirtualPathlen - 1); data/inn2-2.6.3+20200601/nnrpd/article.c:599:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(retval + VirtualPathlen - 1, r - 1, q - r + 1); data/inn2-2.6.3+20200601/nnrpd/article.c:602:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(retval, p, q - p); data/inn2-2.6.3+20200601/nnrpd/article.c:632:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/article.c:723:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tart = (ARTNUM)atol(buff); data/inn2-2.6.3+20200601/nnrpd/article.c:860:30: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rp->Low = rp->High = atol(av[1]); data/inn2-2.6.3+20200601/nnrpd/article.c:868:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rp->Low = atol(av[1]); data/inn2-2.6.3+20200601/nnrpd/article.c:877:38: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((*p == '\0') || ((rp->High = atol(p)) > ARThigh)) data/inn2-2.6.3+20200601/nnrpd/article.c:1146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SPOOLNAMEBUFF]; data/inn2-2.6.3+20200601/nnrpd/commands.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *grplist[2]; data/inn2-2.6.3+20200601/nnrpd/commands.c:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[BIG_BUFFER], *fields[6], *p; data/inn2-2.6.3+20200601/nnrpd/commands.c:263:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char User[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/commands.c:264:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Password[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/commands.c:266:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char accesslist[BIG_BUFFER]; data/inn2-2.6.3+20200601/nnrpd/commands.c:267:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errorstr[BIG_BUFFER]; data/inn2-2.6.3+20200601/nnrpd/commands.c:489:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *grplist[2]; data/inn2-2.6.3+20200601/nnrpd/commands.c:532:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((time_t) atol(q) < date) data/inn2-2.6.3+20200601/nnrpd/commands.c:624:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idbuff[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/commands.c:791:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, line, len); data/inn2-2.6.3+20200601/nnrpd/group.c:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *grplist[2]; data/inn2-2.6.3+20200601/nnrpd/group.c:238:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SPOOLNAMEBUFF]; data/inn2-2.6.3+20200601/nnrpd/group.c:258:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *grplist[2]; data/inn2-2.6.3+20200601/nnrpd/line.c:173:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, out, outlen); data/inn2-2.6.3+20200601/nnrpd/line.c:220:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(zbuf_in + zbuf_in_allocated, p, n); data/inn2-2.6.3+20200601/nnrpd/list.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *grplist[2] = { NULL, NULL }; data/inn2-2.6.3+20200601/nnrpd/list.c:184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *grplist[2]; data/inn2-2.6.3+20200601/nnrpd/misc.c:171:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char postrec_dir[SMBUF]; /* Where is the post record directory? */ data/inn2-2.6.3+20200601/nnrpd/misc.c:219:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[SPOOLNAMEBUFF]; data/inn2-2.6.3+20200601/nnrpd/misc.c:220:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirbuff[SMBUF+2+3*3]; data/inn2-2.6.3+20200601/nnrpd/misc.c:223:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char quads[4]; data/inn2-2.6.3+20200601/nnrpd/misc.c:264:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lockname[SPOOLNAMEBUFF]; data/inn2-2.6.3+20200601/nnrpd/misc.c:265:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[SPOOLNAMEBUFF]; data/inn2-2.6.3+20200601/nnrpd/misc.c:275:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(lockname, O_WRONLY|O_EXCL|O_CREAT, 0600); data/inn2-2.6.3+20200601/nnrpd/misc.c:306:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lockname[SPOOLNAMEBUFF]; data/inn2-2.6.3+20200601/nnrpd/misc.c:321:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/misc.c:325:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(path,"r"); data/inn2-2.6.3+20200601/nnrpd/misc.c:341:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *lastpost = atol(buff); data/inn2-2.6.3+20200601/nnrpd/misc.c:349:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s++; *lastsleep = atol(s); data/inn2-2.6.3+20200601/nnrpd/misc.c:357:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s++; *lastn = atol(s); data/inn2-2.6.3+20200601/nnrpd/misc.c:371:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(path,"w"); data/inn2-2.6.3+20200601/nnrpd/newnews.c:115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *list[2]; data/inn2-2.6.3+20200601/nnrpd/newnews.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *grplist[2]; data/inn2-2.6.3+20200601/nnrpd/newnews.c:225:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BIG_BUFFER]; data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:789:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[2048], *p; data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:952:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1050:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). respawn = atoi(optarg); data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1068:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ListenPort = atoi(optarg); data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1171:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pidfile = fopen(path, "w"); data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1409:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((locallog = fopen(LocalLogFileName, "w")) == NULL) { data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1414:38: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (locallog == NULL && (locallog = fopen(LocalLogFileName, "w")) == NULL) { data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1488:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, p, len + 1); data/inn2-2.6.3+20200601/nnrpd/nnrpd.h:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/nnrpd.h:125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/nnrpd/nnrpd.h:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serverhost[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/nnrpd.h:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serverip[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/nnrpd/nnrpd.h:180:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EXTERN char Username[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/nnrpd.h:186:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EXTERN char PERMuser[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/perl.c:61:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/inn2-2.6.3+20200601/nnrpd/perl.c:80:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((flog = fopen("/var/news/log/nnrpdperlerrror", "a+")) == NULL) { data/inn2-2.6.3+20200601/nnrpd/perm.c:642:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF], *oldname, *p; data/inn2-2.6.3+20200601/nnrpd/perm.c:821:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF], *oldname; data/inn2-2.6.3+20200601/nnrpd/perm.c:974:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). curaccess->clienttimeout = atoi(tok->name); data/inn2-2.6.3+20200601/nnrpd/perm.c:1063:33: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). curaccess->maxbytespersecond = atol(tok->name); data/inn2-2.6.3+20200601/nnrpd/perm.c:1121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/perm.c:1603:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *userlist[2]; data/inn2-2.6.3+20200601/nnrpd/perm.c:1627:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *user[2]; data/inn2-2.6.3+20200601/nnrpd/perm.c:2062:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newUser[BIG_BUFFER]; data/inn2-2.6.3+20200601/nnrpd/perm.c:2099:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newUser[BIG_BUFFER]; data/inn2-2.6.3+20200601/nnrpd/post.c:17:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Error[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/post.c:114:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[80]; data/inn2-2.6.3+20200601/nnrpd/post.c:339:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char datebuff[40]; data/inn2-2.6.3+20200601/nnrpd/post.c:340:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char localdatebuff[40]; data/inn2-2.6.3+20200601/nnrpd/post.c:341:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char orgbuff[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/post.c:342:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pathidentitybuff[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/post.c:343:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char complaintsbuff[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/post.c:344:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char postingaccountbuff[SMBUF*2]; /* Allocate enough room. */ data/inn2-2.6.3+20200601/nnrpd/post.c:345:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char postinghostbuff[SMBUF*2]; data/inn2-2.6.3+20200601/nnrpd/post.c:346:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sendbuff[SMBUF*2]; data/inn2-2.6.3+20200601/nnrpd/post.c:347:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char injectioninfobuff[SMBUF*7]; data/inn2-2.6.3+20200601/nnrpd/post.c:720:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/post.c:788:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char distbuff[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/post.c:793:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *grplist[2]; data/inn2-2.6.3+20200601/nnrpd/post.c:907:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND]; data/inn2-2.6.3+20200601/nnrpd/post.c:931:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(buff); data/inn2-2.6.3+20200601/nnrpd/post.c:941:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char CANTSPOOL[NNTP_MAXLEN_COMMAND+2]; data/inn2-2.6.3+20200601/nnrpd/post.c:955:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(tmpspool); data/inn2-2.6.3+20200601/nnrpd/post.c:1004:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(spoolfile); data/inn2-2.6.3+20200601/nnrpd/post.c:1087:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NNTP_MAXLEN_COMMAND + 2], frombuf[SMBUF]; data/inn2-2.6.3+20200601/nnrpd/post.c:1195:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char SDir[255]; data/inn2-2.6.3+20200601/nnrpd/post.c:1376:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((i = atoi(buff)) != NNTP_OK_IHAVE) { data/inn2-2.6.3+20200601/nnrpd/post.c:1395:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ftd = fopen(TrackID,"w")) == NULL) { data/inn2-2.6.3+20200601/nnrpd/post.c:1400:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (ftd == NULL && (ftd = fopen(TrackID,"w")) == NULL) { data/inn2-2.6.3+20200601/nnrpd/sasl.c:92:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base64[BASE64_BUF_SIZE+1]; data/inn2-2.6.3+20200601/nnrpd/tls.c:247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/inn2-2.6.3+20200601/nnrpd/tls.c:313:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[160 + 1]; data/inn2-2.6.3+20200601/nnrpd/tls.c:916:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bp, vector[i].iov_base, copy); data/inn2-2.6.3+20200601/nnrpd/track.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAX_LEN],*p,*pp,*lp; data/inn2-2.6.3+20200601/nnrpd/track.c:42:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd=fopen(dbfile,"r"))!=NULL) { data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:89:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[OVBUFFMASIZ]; data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[OVBUFFPASIZ]; data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:91:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexa[OVBUFFLASIZ]; /* ASCII version of index */ data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:92:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lena[OVBUFFLASIZ]; /* ASCII version of len */ data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char totala[OVBUFFLASIZ]; /* ASCII version of total */ data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:94:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char useda[OVBUFFLASIZ]; /* ASCII version of used */ data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:95:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char freea[OVBUFFLASIZ]; /* ASCII version of free */ data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:96:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char updateda[OVBUFFLASIZ]; /* ASCII version of updated */ data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:108:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[OVBUFFPASIZ]; /* Path to file */ data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:318:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr+pagefudge, buf, nbyte); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:476:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[24]; data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:574:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ovbuff->bitfield, &rpx, sizeof(OVBUFFHEAD)); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:602:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:624:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(ovbuff->path, (ovbuffmode & OV_WRITE) ? O_RDWR : O_RDONLY)) < 0) { data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:1036:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GROUPfd = open(groupfn, (ovbuffmode & OV_WRITE) ? O_RDWR | O_CREAT : O_RDONLY, 0660); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:2299:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(path, "w")) == NULL) { data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:2318:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((F = fopen(path, "w")) == NULL) { data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:2387:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *group, flag[2], buff[OV_BLOCKSIZE]; data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:2412:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gloc.recno = atoi(group); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:2485:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, data, len); data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[CNFSNASIZ];/* Symbolic name */ data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[CNFSPASIZ];/* Path to file */ data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char metaname[CNFSNASIZ];/* Symbolic name of meta */ data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[CNFSMASIZ]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[CNFSNASIZ]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[CNFSPASIZ]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lena[CNFSLASIZ]; /* ASCII version of len */ data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char freea[CNFSLASIZ]; /* ASCII version of free */ data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char updateda[CNFSLASIZ]; /* ASCII version of updated */ data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cyclenuma[CNFSLASIZ]; /* ASCII version of cyclenum */ data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char metaname[CNFSNASIZ]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char orderinmeta[CNFSLASIZ]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char currentbuff[CNFSMASIZ]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blksza[CNFSLASIZ]; /* ASCII version of blksz */ data/inn2-2.6.3+20200601/storage/cnfs/cnfs-private.h:111:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_id[64]; /* We'll only store up to 63 bytes of the data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cycbuffname[CNFSMAXCYCBUFFNAME+1]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:116:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(token.token, cycbuffname, CNFSMAXCYCBUFFNAME); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:118:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&token.token[8], &uint32, sizeof(uint32)); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:120:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&token.token[12], &uint32, sizeof(uint32)); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:140:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cycbuffname, token.token, CNFSMAXCYCBUFFNAME); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:160:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[24]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:263:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cycbuff->bitfield, &rpx, sizeof(CYCBUFFEXTERN)); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:365:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:367:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rpx, cycbuff->bitfield, sizeof(CYCBUFFEXTERN)); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:587:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:612:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(cycbuff->path, SMopenmode ? O_RDWR : O_RDONLY)) < 0) { data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:882:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). update = atoi(ctab[ctab_i] + 14); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:901:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). refresh = atoi(ctab[ctab_i] + 16); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:999:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufoff[64], bufmin[64], bufmax[64]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:1153:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:1154:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char alignbuf[CNFS_MAX_BLOCKSIZE]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:1328:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cycbuffname[9]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:1444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[24]; data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:1562:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cycbuffname[9]; data/inn2-2.6.3+20200601/storage/expire.c:185:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fields[5]; data/inn2-2.6.3+20200601/storage/expire.c:219:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ngp->Last = atol(fields[1]); data/inn2-2.6.3+20200601/storage/expire.c:331:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/inn2-2.6.3+20200601/storage/expire.c:332:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fields[7]; data/inn2-2.6.3+20200601/storage/expire.c:647:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). F = fopen(path, "r"); data/inn2-2.6.3+20200601/storage/interface.c:76:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char result[(sizeof(TOKEN) * 2) + 3]; data/inn2-2.6.3+20200601/storage/interface.c:167:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, q, p - q); data/inn2-2.6.3+20200601/storage/interface.c:182:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return ((ARTNUM)atoi(p)); data/inn2-2.6.3+20200601/storage/interface.c:208:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp = atol(startnum); data/inn2-2.6.3+20200601/storage/interface.c:359:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). class = atoi(p); data/inn2-2.6.3+20200601/storage/ov.c:40:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (ov.open) data/inn2-2.6.3+20200601/storage/ov.c:65:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). val = (*ov.open)(mode); data/inn2-2.6.3+20200601/storage/ov.c:76:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:88:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:99:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:122:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:184:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(patcheck, next, xreflen); data/inn2-2.6.3+20200601/storage/ov.c:206:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xrefdata, next, xreflen); data/inn2-2.6.3+20200601/storage/ov.c:215:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). artnum = atoi(next); data/inn2-2.6.3+20200601/storage/ov.c:225:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(overdata, "%ld\t", artnum); data/inn2-2.6.3+20200601/storage/ov.c:227:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(overdata + i, data, len); data/inn2-2.6.3+20200601/storage/ov.c:229:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(overdata + i, "\r\n", 2); data/inn2-2.6.3+20200601/storage/ov.c:249:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:299:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:311:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:322:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:334:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:345:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:356:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) { data/inn2-2.6.3+20200601/storage/ov.c:373:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((EXPunlinkfile = fopen(((OVGE *)val)->filename, "w")) == NULL) { data/inn2-2.6.3+20200601/storage/ov.c:398:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ov.open) data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:266:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char banner[sizeof(OVDB_SERVER_BANNER)]; data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:600:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:618:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = (dbs[which])->open(dbs[which], tid, name, NULL, DB_BTREE, _db_flags, data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:737:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(freelist, val.data, val.size); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:787:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(freelist, val.data, val.size); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:912:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keystr[1 + sizeof gno]; data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:922:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keystr + 1, &gno, sizeof gno); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:953:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keystr[1 + sizeof gno]; data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:961:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keystr + 1, &gno, sizeof gno); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1050:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dellist[listcount], key.data, key.size); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1265:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lockfd = open(lockfn, data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1317:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SMBUF]; data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1320:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(pidfn, O_RDONLY); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1336:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pid = atoi(buf); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1379:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = vdb->open(vdb, NULL, "version", NULL, DB_BTREE, _db_flags, 0666); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1412:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dv, val.data, sizeof dv); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1475:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ovdb_conf.numdbfiles), val.data, sizeof(ovdb_conf.numdbfiles)); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1527:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = OVDBenv->open(OVDBenv, ovdb_conf.home, ai_flags, 0666); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1600:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = groupinfo->open(groupinfo, tid, "groupinfo", NULL, DB_BTREE, data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1615:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = groupaliases->open(groupaliases, tid, "groupaliases", NULL, DB_HASH, data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1731:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char g[MED_BUFFER]; data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1739:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(g+s, &c, sizeof(int)); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1963:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(databuf + sizeof(struct ovdata), data, len); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1967:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(databuf + sizeof(struct ovdata), &sz, sizeof(uint32_t)); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1978:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(databuf + sizeof(struct ovdata), data, len); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:2362:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ovd, val.data, sizeof(struct ovdata)); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:2372:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sz, dp, sizeof(uint32_t)); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:2546:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ovd, val.data, sizeof(struct ovdata)); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:2811:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ovd, val.data, sizeof ovd); data/inn2-2.6.3+20200601/storage/overdata.c:166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[32]; data/inn2-2.6.3+20200601/storage/overdata.c:341:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *number = atoi(line); data/inn2-2.6.3+20200601/storage/overview.c:79:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). status = ov_methods[i].open(mode); data/inn2-2.6.3+20200601/storage/ovinterface.h:19:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool (*open)(int mode); data/inn2-2.6.3+20200601/storage/timecaf/caf.c:556:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fd = open(path, O_RDONLY)) < 0) { data/inn2-2.6.3+20200601/storage/timecaf/caf.c:667:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[SPOOLNAMEBUFF]; data/inn2-2.6.3+20200601/storage/timecaf/caf.c:668:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char finalpath[SPOOLNAMEBUFF]; data/inn2-2.6.3+20200601/storage/timecaf/caf.c:670:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nulls[1]; data/inn2-2.6.3+20200601/storage/timecaf/caf.c:684:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_CREAT|O_EXCL|O_RDWR, 0666)) < 0) { data/inn2-2.6.3+20200601/storage/timecaf/caf.c:690:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(head.Magic, CAF_MAGIC, CAF_MAGIC_LEN); data/inn2-2.6.3+20200601/storage/timecaf/caf.c:779:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDWR)) < 0) { data/inn2-2.6.3+20200601/storage/timecaf/caf.c:1047:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errbuf[512]; data/inn2-2.6.3+20200601/storage/timecaf/caf.c:1113:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fd = open(path, O_RDONLY)) < 0) { data/inn2-2.6.3+20200601/storage/timecaf/caf.c:1175:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDWR)) < 0) { data/inn2-2.6.3+20200601/storage/timecaf/caf.c:1296:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fd = open(path, O_RDONLY)) < 0) { data/inn2-2.6.3+20200601/storage/timecaf/caf.c:1375:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/inn2-2.6.3+20200601/storage/timecaf/caf.c:1397:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fdin = open(path, O_RDWR)) < 0) { data/inn2-2.6.3+20200601/storage/timecaf/caf.h:14:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Magic[4]; /* Magic Number "CRMT" */ data/inn2-2.6.3+20200601/storage/timecaf/timecaf.c:147:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(token.token, &i, sizeof(i)); data/inn2-2.6.3+20200601/storage/timecaf/timecaf.c:149:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&token.token[sizeof(i)], &s, sizeof(s)); data/inn2-2.6.3+20200601/storage/timecaf/timecaf.c:151:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&token.token[sizeof(i)+sizeof(s)], &s, sizeof(s)); data/inn2-2.6.3+20200601/storage/timehash/timehash.c:84:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(token.token, &i, sizeof(i)); data/inn2-2.6.3+20200601/storage/timehash/timehash.c:86:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&token.token[sizeof(i)], &s, sizeof(s)); data/inn2-2.6.3+20200601/storage/timehash/timehash.c:171:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_CREAT|O_EXCL|O_WRONLY, ARTFILE_MODE)) < 0) { data/inn2-2.6.3+20200601/storage/timehash/timehash.c:184:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_CREAT|O_EXCL|O_WRONLY, ARTFILE_MODE)) < 0) { data/inn2-2.6.3+20200601/storage/timehash/timehash.c:239:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDONLY)) < 0) { data/inn2-2.6.3+20200601/storage/tradindexed/tdx-data.c:137:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, flags, ARTFILE_MODE); data/inn2-2.6.3+20200601/storage/tradindexed/tdx-data.c:148:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, flags, ARTFILE_MODE); data/inn2-2.6.3+20200601/storage/tradindexed/tdx-group.c:257:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). index->fd = open(index->path, open_mode, ARTFILE_MODE); data/inn2-2.6.3+20200601/storage/tradindexed/tdx-group.c:1094:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&group->hash, &grouphash, sizeof(HASH)); data/inn2-2.6.3+20200601/storage/tradindexed/tdx-util.c:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datestring[256]; data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash[HASHEDNGLEN]; data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:116:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(return_hash.hash, hash.hash, HASHEDNGLEN); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:295:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out = fopen(fnamenew, "w")) == NULL) { data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:354:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). number = atol(p); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:534:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(token.token, &num, sizeof(num)); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:536:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&token.token[sizeof(num)], &artnum, sizeof(artnum)); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:649:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). artnum = atol(p); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:658:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_CREAT|O_EXCL|O_WRONLY, ARTFILE_MODE)) < 0) { data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:671:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_CREAT|O_EXCL|O_WRONLY, ARTFILE_MODE)) < 0) { data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:697:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&onebuffer[used], article.iov[i].iov_base, article.iov[i].iov_len); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:726:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). artnum = atol(p); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:785:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDONLY)) < 0) { data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1017:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). artnum = atol(p); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1149:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). artnum = atol(&path[i+1]); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1189:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). artnum = atol(p); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1236:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x, expires, p - expires - 1); data/inn2-2.6.3+20200601/tests/authprogs/ident-t.c:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[32]; data/inn2-2.6.3+20200601/tests/authprogs/ident-t.c:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256], wanted[256]; data/inn2-2.6.3+20200601/tests/innd/artparse-t.c:95:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Log = fopen("/dev/null", "w"); data/inn2-2.6.3+20200601/tests/innd/chan-t.c:35:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Log = fopen("/dev/null", "w"); data/inn2-2.6.3+20200601/tests/innd/chan-t.c:61:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("output", O_WRONLY | O_CREAT | O_TRUNC, 0644); data/inn2-2.6.3+20200601/tests/innd/chan-t.c:87:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("output", O_RDONLY | O_EXCL); data/inn2-2.6.3+20200601/tests/innd/chan-t.c:107:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp->In.data + cp->In.used, "", 1); data/inn2-2.6.3+20200601/tests/lib/buffer-t.c:133:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("buffer-test", O_RDWR | O_CREAT | O_TRUNC, 0666); data/inn2-2.6.3+20200601/tests/lib/buffer-t.c:215:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("buffer-test", O_RDWR | O_CREAT | O_TRUNC, 0666); data/inn2-2.6.3+20200601/tests/lib/conffile-t.c:32:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). config = fopen(".testout", "w"); data/inn2-2.6.3+20200601/tests/lib/conffile-t.c:47:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). config = fopen(".testout", "w"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:59:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp = fopen("config/tmp", "w"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:109:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). errfile = fopen("config/errors", "r"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:137:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). warnfile = fopen("config/warnings", "r"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:165:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). warnfile = fopen("config/warn-bool", "r"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:198:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). warnfile = fopen("config/warn-int", "r"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:231:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). warnfile = fopen("config/warn-uint", "r"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:263:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). warnfile = fopen("config/warn-real", "r"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:295:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). warnfile = fopen("config/warn-string", "r"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:327:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). warnfile = fopen("config/warn-list", "r"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:446:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpconfig = fopen("config/tmp", "w"); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:475:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpconfig = fopen("config/tmp", "w"); data/inn2-2.6.3+20200601/tests/lib/date-t.c:103:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[9], hour[7]; data/inn2-2.6.3+20200601/tests/lib/date-t.c:155:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[64] = ""; data/inn2-2.6.3+20200601/tests/lib/fakewrite.c:47:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char write_buffer[256]; data/inn2-2.6.3+20200601/tests/lib/fakewrite.c:81:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(write_buffer + write_offset, data, total); data/inn2-2.6.3+20200601/tests/lib/fakewrite.c:110:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(write_buffer + offset, data, total); data/inn2-2.6.3+20200601/tests/lib/fakewrite.c:137:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(write_buffer + write_offset, iov[i].iov_base, n); data/inn2-2.6.3+20200601/tests/lib/fakewrite.h:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char write_buffer[256]; data/inn2-2.6.3+20200601/tests/lib/getnameinfo-t.c:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[256], service[256]; data/inn2-2.6.3+20200601/tests/lib/hashtab-t.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/inn2-2.6.3+20200601/tests/lib/hashtab-t.c:144:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). words = fopen("/usr/dict/words", "r"); data/inn2-2.6.3+20200601/tests/lib/hashtab-t.c:146:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). words = fopen("/usr/share/dict/words", "r"); data/inn2-2.6.3+20200601/tests/lib/hex-t.c:20:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dout[4]; data/inn2-2.6.3+20200601/tests/lib/hex-t.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tout[9]; data/inn2-2.6.3+20200601/tests/lib/inet_ntop-t.c:43:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[INET_ADDRSTRLEN]; data/inn2-2.6.3+20200601/tests/lib/innconf-t.c:69:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). config = fopen("config/tmp", "a"); data/inn2-2.6.3+20200601/tests/lib/md5-t.c:80:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[16]; data/inn2-2.6.3+20200601/tests/lib/md5-t.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexdigest[33]; data/inn2-2.6.3+20200601/tests/lib/md5-t.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexdigest[33]; data/inn2-2.6.3+20200601/tests/lib/messages-t.c:273:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[32]; data/inn2-2.6.3+20200601/tests/lib/messages-t.c:292:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "%d", EPERM); data/inn2-2.6.3+20200601/tests/lib/mkstemp-t.c:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/inn2-2.6.3+20200601/tests/lib/network/addr-ipv4-t.c:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/tests/lib/network/addr-ipv6-t.c:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[INET6_ADDRSTRLEN]; data/inn2-2.6.3+20200601/tests/lib/network/client-t.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/inn2-2.6.3+20200601/tests/lib/network/client-t.c:313:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4]; data/inn2-2.6.3+20200601/tests/lib/network/server-t.c:195:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/inn2-2.6.3+20200601/tests/lib/network/server-t.c:502:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/inn2-2.6.3+20200601/tests/lib/pread-t.c:19:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[256], result[256]; data/inn2-2.6.3+20200601/tests/lib/pread-t.c:27:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(".testout", O_RDWR | O_CREAT | O_TRUNC, 0644); data/inn2-2.6.3+20200601/tests/lib/pwrite-t.c:18:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[256], result[256]; data/inn2-2.6.3+20200601/tests/lib/pwrite-t.c:25:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(".testout", O_RDWR | O_CREAT | O_TRUNC, 0644); data/inn2-2.6.3+20200601/tests/lib/qio-t.c:25:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[256], line[256], out[256]; data/inn2-2.6.3+20200601/tests/lib/qio-t.c:41:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(line, data, 255); data/inn2-2.6.3+20200601/tests/lib/qio-t.c:43:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, data, 255); data/inn2-2.6.3+20200601/tests/lib/qio-t.c:45:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(".testout", O_RDWR | O_CREAT | O_TRUNC, 0644); data/inn2-2.6.3+20200601/tests/lib/reallocarray-t.c:47:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, "123456789", 10); data/inn2-2.6.3+20200601/tests/lib/reallocarray-t.c:51:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + 9, "0123456789", 11); data/inn2-2.6.3+20200601/tests/lib/snprintf-t.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/inn2-2.6.3+20200601/tests/lib/snprintf-t.c:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lgbuf[128]; data/inn2-2.6.3+20200601/tests/lib/strlcat-t.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10] = ""; data/inn2-2.6.3+20200601/tests/lib/strlcpy-t.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10]; data/inn2-2.6.3+20200601/tests/lib/tst-t.c:24:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1024]; data/inn2-2.6.3+20200601/tests/lib/tst-t.c:77:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). words = fopen("/usr/dict/words", "r"); data/inn2-2.6.3+20200601/tests/lib/tst-t.c:79:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). words = fopen("/usr/share/dict/words", "r"); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:26:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_RDONLY); data/inn2-2.6.3+20200601/tests/lib/xmalloc.c:190:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string, "test", 5); data/inn2-2.6.3+20200601/tests/lib/xmalloc.c:198:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string, "test", 4); data/inn2-2.6.3+20200601/tests/lib/xwrite-t.c:46:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char data[256]; data/inn2-2.6.3+20200601/tests/overview/api-t.c:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zero[1024]; data/inn2-2.6.3+20200601/tests/overview/api-t.c:98:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("ov-tmp/buffer", O_CREAT | O_TRUNC | O_WRONLY, 0666); data/inn2-2.6.3+20200601/tests/overview/api-t.c:160:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/inn2-2.6.3+20200601/tests/overview/api-t.c:172:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). overdata = fopen(data, "r"); data/inn2-2.6.3+20200601/tests/overview/api-t.c:324:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/inn2-2.6.3+20200601/tests/overview/api-t.c:332:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). overdata = fopen(data, "r"); data/inn2-2.6.3+20200601/tests/overview/api-t.c:388:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/inn2-2.6.3+20200601/tests/overview/api-t.c:393:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). overdata = fopen(data, "r"); data/inn2-2.6.3+20200601/tests/overview/api-t.c:457:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/inn2-2.6.3+20200601/tests/overview/api-t.c:462:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). overdata = fopen(data, "r"); data/inn2-2.6.3+20200601/tests/overview/overview-t.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zero[1024]; data/inn2-2.6.3+20200601/tests/overview/overview-t.c:112:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("ov-tmp/buffer", O_CREAT | O_TRUNC | O_WRONLY, 0666); data/inn2-2.6.3+20200601/tests/overview/overview-t.c:170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/inn2-2.6.3+20200601/tests/overview/overview-t.c:181:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). overview = fopen(data, "r"); data/inn2-2.6.3+20200601/tests/overview/overview-t.c:292:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/inn2-2.6.3+20200601/tests/overview/overview-t.c:302:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). overdata = fopen(data, "r"); data/inn2-2.6.3+20200601/tests/overview/overview-t.c:370:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/inn2-2.6.3+20200601/tests/overview/overview-t.c:377:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). overview = fopen(data, "r"); data/inn2-2.6.3+20200601/tests/overview/overview-t.c:446:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/inn2-2.6.3+20200601/tests/overview/overview-t.c:453:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). overview = fopen(data, "r"); data/inn2-2.6.3+20200601/tests/overview/xref-t.c:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/inn2-2.6.3+20200601/tests/overview/xref-t.c:109:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). overdata = fopen(data, "r"); data/inn2-2.6.3+20200601/tests/runtests.c:422:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, s, len); data/inn2-2.6.3+20200601/tests/runtests.c:450:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, s, len); data/inn2-2.6.3+20200601/tests/runtests.c:496:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + offset, string, strlen(string)); data/inn2-2.6.3+20200601/tests/runtests.c:598:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infd = open("/dev/null", O_RDONLY); data/inn2-2.6.3+20200601/tests/runtests.c:609:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). errfd = open("/dev/null", O_WRONLY); data/inn2-2.6.3+20200601/tests/runtests.c:1111:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/inn2-2.6.3+20200601/tests/runtests.c:1254:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *bases[3], *suffix, *base; data/inn2-2.6.3+20200601/tests/runtests.c:1256:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *suffixes[3] = { "-t", ".t", "" }; data/inn2-2.6.3+20200601/tests/runtests.c:1385:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/inn2-2.6.3+20200601/tests/runtests.c:1397:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename, "r"); data/inn2-2.6.3+20200601/tests/tap/basic.c:241:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + offset, string, strlen(string)); data/inn2-2.6.3+20200601/tests/tap/basic.c:803:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file->file = fopen(file->name, "r"); data/inn2-2.6.3+20200601/tests/tap/basic.c:928:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, s, len); data/inn2-2.6.3+20200601/tests/tap/basic.c:952:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, s, length); data/inn2-2.6.3+20200601/tests/tap/process.c:378:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/inn2-2.6.3+20200601/tests/tap/process.c:381:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(path, "r"); data/inn2-2.6.3+20200601/tests/tap/process.c:431:14: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). log_fd = mkstemp(process->logfile); data/inn2-2.6.3+20200601/tests/util/innbind-t.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/inn2-2.6.3+20200601/tests/util/innbind-t.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/inn2-2.6.3+20200601/tests/util/innbind-t.c:251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/inn2-2.6.3+20200601/authprogs/ckpasswd.c:177:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.dsize = strlen(name); data/inn2-2.6.3+20200601/authprogs/ident.c:95:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). opt = xwrite(sock, buf, strlen(buf)); data/inn2-2.6.3+20200601/authprogs/ident.c:103:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). opt = read(sock, buf+got, sizeof(buf)-got); data/inn2-2.6.3+20200601/authprogs/libauth.c:53:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buff); data/inn2-2.6.3+20200601/authprogs/libauth.c:63:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (auth != NULL && strncmp(buff, NAMESTR, strlen(NAMESTR)) == 0) data/inn2-2.6.3+20200601/authprogs/libauth.c:64:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auth->username = xstrdup(buff + strlen(NAMESTR)); data/inn2-2.6.3+20200601/authprogs/libauth.c:65:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (auth != NULL && strncmp(buff, PASSSTR, strlen(PASSSTR)) == 0) data/inn2-2.6.3+20200601/authprogs/libauth.c:66:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auth->password = xstrdup(buff + strlen(PASSSTR)); data/inn2-2.6.3+20200601/authprogs/libauth.c:67:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (res != NULL && strncmp(buff, CLIHOST, strlen(CLIHOST)) == 0) data/inn2-2.6.3+20200601/authprogs/libauth.c:68:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res->clienthostname = xstrdup(buff + strlen(CLIHOST)); data/inn2-2.6.3+20200601/authprogs/libauth.c:69:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (res != NULL && strncmp(buff, CLIIP, strlen(CLIIP)) == 0) data/inn2-2.6.3+20200601/authprogs/libauth.c:70:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res->clientip = xstrdup(buff + strlen(CLIIP)); data/inn2-2.6.3+20200601/authprogs/libauth.c:71:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (res != NULL && strncmp(buff, CLIPORT, strlen(CLIPORT)) == 0) data/inn2-2.6.3+20200601/authprogs/libauth.c:72:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res->clientport = xstrdup(buff + strlen(CLIPORT)); data/inn2-2.6.3+20200601/authprogs/libauth.c:73:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (res != NULL && strncmp(buff, LOCIP, strlen(LOCIP)) == 0) data/inn2-2.6.3+20200601/authprogs/libauth.c:74:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res->localip = xstrdup(buff + strlen(LOCIP)); data/inn2-2.6.3+20200601/authprogs/libauth.c:75:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (res != NULL && strncmp(buff, LOCPORT, strlen(LOCPORT)) == 0) data/inn2-2.6.3+20200601/authprogs/libauth.c:76:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res->localport = xstrdup(buff + strlen(LOCPORT)); data/inn2-2.6.3+20200601/authprogs/radius.c:317:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(secbuf+strlen(config->secret), req.vector, AUTH_VECTOR_LEN); data/inn2-2.6.3+20200601/authprogs/radius.c:318:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_hash(secbuf, strlen(config->secret)+AUTH_VECTOR_LEN, digest); data/inn2-2.6.3+20200601/authprogs/radius.c:328:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). req.data[1] += strlen(config->prefix); data/inn2-2.6.3+20200601/authprogs/radius.c:331:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). req.data[1] += strlen(uname); data/inn2-2.6.3+20200601/authprogs/radius.c:334:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). req.data[1] += strlen(config->suffix); data/inn2-2.6.3+20200601/authprogs/radius.c:343:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passlen = (strlen(pass) + 15) / 16; data/inn2-2.6.3+20200601/authprogs/radius.c:348:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passlen -= strlen(pass); data/inn2-2.6.3+20200601/authprogs/radius.c:350:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). req.data[req.datalen+passlen+2+strlen(pass)] = '\0'; data/inn2-2.6.3+20200601/authprogs/radius.c:389:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(secbuf+strlen(config->secret), &req.data[passstart+2+i], data/inn2-2.6.3+20200601/authprogs/radius.c:391:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_hash(secbuf, strlen(config->secret)+sizeof(HASH), digest); data/inn2-2.6.3+20200601/authprogs/radius.c:473:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(((char*)&req)+sreq->reqlen, config->secret, strlen(config->secret)); data/inn2-2.6.3+20200601/authprogs/radius.c:476:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_hash((unsigned char *)&req, strlen(config->secret)+sreq->reqlen, data/inn2-2.6.3+20200601/backends/actsync.c:897:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s_flag > 0 && strlen(cur->name) > (size_t)s_flag) { data/inn2-2.6.3+20200601/backends/actsync.c:1065:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(&(cur->type[1])) > (size_t)s_flag) { data/inn2-2.6.3+20200601/backends/actsync.c:1295:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = &line[strlen(line)-1]; data/inn2-2.6.3+20200601/backends/actsync.c:2649:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf[strlen(buf)-1] == '\n') data/inn2-2.6.3+20200601/backends/actsync.c:2650:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(buf)-1] = '\0'; data/inn2-2.6.3+20200601/backends/archive.c:234:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_set(path, config->root, strlen(config->root)); data/inn2-2.6.3+20200601/backends/archive.c:240:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(path, group, strlen(group)); data/inn2-2.6.3+20200601/backends/archive.c:260:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(path, number, strlen(number)); data/inn2-2.6.3+20200601/backends/archive.c:337:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path->data + strlen(config->root) + 1); data/inn2-2.6.3+20200601/backends/archive.c:368:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/backends/batcher.c:204:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/backends/batcher.c:285:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(line); data/inn2-2.6.3+20200601/backends/batcher.c:332:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). BytesInCB += strlen(InitialString) + 1; data/inn2-2.6.3+20200601/backends/batcher.c:333:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). BytesWritten += strlen(InitialString) + 1; data/inn2-2.6.3+20200601/backends/batcher.c:374:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). BytesInCB += strlen(buff) + 1; data/inn2-2.6.3+20200601/backends/batcher.c:375:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). BytesWritten += strlen(buff) + 1; data/inn2-2.6.3+20200601/backends/buffchan.c:352:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/backends/filechan.c:47:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/backends/innxbatch.c:193:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read(FromServer, p, size-1); data/inn2-2.6.3+20200601/backends/innxbatch.c:355:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/backends/innxbatch.c:493:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). err = read(fd, p, i); data/inn2-2.6.3+20200601/backends/innxmit.c:237:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(Article) >= SPOOLNAMEBUFF) { data/inn2-2.6.3+20200601/backends/innxmit.c:313:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). REMwrite(QUIT, strlen(QUIT), false); data/inn2-2.6.3+20200601/backends/innxmit.c:523:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = read(FromServer, buffer, sizeof buffer); data/inn2-2.6.3+20200601/backends/innxmit.c:615:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vec[1].iov_len = strlen(buf); data/inn2-2.6.3+20200601/backends/innxmit.c:747:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!REMwrite(buff, (int)strlen(buff), false)) { data/inn2-2.6.3+20200601/backends/innxmit.c:779:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!REMwrite(buff, (int)strlen(buff), false)) { data/inn2-2.6.3+20200601/backends/innxmit.c:1036:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/backends/innxmit.c:1183:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!REMwrite(modestream, (int)strlen(modestream), false)) { data/inn2-2.6.3+20200601/backends/innxmit.c:1221:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!REMwrite(modeheadfeed, strlen(modeheadfeed), false)) data/inn2-2.6.3+20200601/backends/innxmit.c:1294:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && Article[strlen(innconf->patharticles)] == '/' data/inn2-2.6.3+20200601/backends/innxmit.c:1295:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strncmp(Article, innconf->patharticles, strlen(innconf->patharticles)) == 0) data/inn2-2.6.3+20200601/backends/innxmit.c:1296:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Article += strlen(innconf->patharticles) + 1; data/inn2-2.6.3+20200601/backends/innxmit.c:1324:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (MessageID != NULL && strlen(MessageID) > NNTP_MAXLEN_MSGID) { data/inn2-2.6.3+20200601/backends/innxmit.c:1415:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!REMwrite(buff, (int)strlen(buff), false)) { data/inn2-2.6.3+20200601/backends/ninpaths.c:229:9: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (fscanf(f, "!!NINP %15s %lu %lu %ld %ld %lu\n", data/inn2-2.6.3+20200601/backends/ninpaths.c:445:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). columns = 3+strlen(list->id); data/inn2-2.6.3+20200601/backends/ninpaths.c:460:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). columns = 3+strlen(list->id); data/inn2-2.6.3+20200601/backends/ninpaths.c:463:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). columns += 9+strlen(relay->id); data/inn2-2.6.3+20200601/backends/nntpget.c:94:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). || (sp->Count = read(sp->Rfd, sp->Buffer, sizeof sp->Buffer)) < 0) data/inn2-2.6.3+20200601/backends/nntpget.c:232:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/backends/nntpget.c:285:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SITEvec[1].iov_len = strlen(SITEv1); data/inn2-2.6.3+20200601/backends/nntpget.c:290:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!SITEwrite(Remote, READER, (int)strlen(READER)) data/inn2-2.6.3+20200601/backends/nntpget.c:308:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!SITEwrite(Remote, buff, (int)strlen(buff)) data/inn2-2.6.3+20200601/backends/nntpget.c:372:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!SITEwrite(Local, buff, (int)strlen(buff)) data/inn2-2.6.3+20200601/backends/nntpget.c:383:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!SITEwrite(Remote, buff, (int)strlen(buff)) data/inn2-2.6.3+20200601/backends/nntpget.c:411:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!SITEwrite(Local, buff, (int)strlen(buff))) { data/inn2-2.6.3+20200601/backends/overchan.c:68:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->overlen = strlen(start); data/inn2-2.6.3+20200601/backends/overchan.c:188:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/backends/shlock.c:68:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, (char *)&pid, sizeof(pid)) != sizeof(pid)) { data/inn2-2.6.3+20200601/backends/shlock.c:72:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read(fd, buff, sizeof(buff) - 1)) <= 0) { data/inn2-2.6.3+20200601/backends/shlock.c:151:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/backends/shlock.c:221:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(buff); data/inn2-2.6.3+20200601/backends/shrinkfile.c:79:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(F)) == EOF) { data/inn2-2.6.3+20200601/backends/shrinkfile.c:196:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(F)) != '\n') data/inn2-2.6.3+20200601/backends/shrinkfile.c:263:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = &p[strlen(p) - 1]; data/inn2-2.6.3+20200601/backends/shrinkfile.c:325:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/contrib/auth_pass.c:98:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(username)-1; data/inn2-2.6.3+20200601/contrib/auth_pass.c:102:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(password)-1; data/inn2-2.6.3+20200601/contrib/expirectl.c:264:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dptr += strlen(dptr); data/inn2-2.6.3+20200601/contrib/newsresp.c:237:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( (bread=read(sock,buf,sizeof(buf))) < 0 ) { data/inn2-2.6.3+20200601/contrib/newsresp.c:253:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( write(sock,ihave,strlen(ihave)) != (int) strlen(ihave) ) { data/inn2-2.6.3+20200601/contrib/newsresp.c:253:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( write(sock,ihave,strlen(ihave)) != (int) strlen(ihave) ) { data/inn2-2.6.3+20200601/contrib/newsresp.c:258:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( (bread=read(sock,buf,sizeof(buf))) < 0 ) { data/inn2-2.6.3+20200601/contrib/newsresp.c:278:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( (bread=read(sock,buf,sizeof(buf))) < 0 ) { data/inn2-2.6.3+20200601/contrib/newsresp.c:299:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ( (bread=read(sock,buf,sizeof(buf))) < 0 ) { data/inn2-2.6.3+20200601/contrib/pullart.c:228:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fileprefix)>384) data/inn2-2.6.3+20200601/contrib/respool.c:36:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tokenptr); data/inn2-2.6.3+20200601/expire/expire.c:196:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buff + strlen(buff); data/inn2-2.6.3+20200601/expire/expire.c:520:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/expire/fastrm.c:217:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (QIOtoolong(qp) || (p != NULL && strlen(p) >= MAX_DIR_LEN)) { data/inn2-2.6.3+20200601/expire/fastrm.c:273:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen = strlen(line); data/inn2-2.6.3+20200601/expire/fastrm.c:391:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix_len = strlen(path); data/inn2-2.6.3+20200601/expire/fastrm.c:446:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) + strlen(dir) + 2 > MAX_DIR_LEN) data/inn2-2.6.3+20200601/expire/fastrm.c:446:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) + strlen(dir) + 2 > MAX_DIR_LEN) data/inn2-2.6.3+20200601/expire/fastrm.c:607:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) >= MAX_DIR_LEN) data/inn2-2.6.3+20200601/expire/fastrm.c:689:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (relative_threshold >= (int) strlen(dotdots) / 3) data/inn2-2.6.3+20200601/expire/fastrm.c:690:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). relative_threshold = strlen(dotdots) / 3 - 1; data/inn2-2.6.3+20200601/expire/makedbz.c:177:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) != ((sizeof(HASH) * 2) + 2)) { data/inn2-2.6.3+20200601/expire/makehistory.c:128:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p[0] != '<' || p[strlen(p) - 1] != '>') data/inn2-2.6.3+20200601/expire/makehistory.c:132:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_set(&buffer, p, strlen(p)+1); data/inn2-2.6.3+20200601/expire/makehistory.c:280:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (OVadd(token, r, strlen(r), arrived, expires) == OVADDFAILED) { data/inn2-2.6.3+20200601/expire/makehistory.c:435:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeadernameLength = strlen(standardoverview->strings[i]); data/inn2-2.6.3+20200601/expire/makehistory.c:444:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). BYTES, strlen(BYTES)) == 0) data/inn2-2.6.3+20200601/expire/makehistory.c:447:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DATE, strlen(DATE)) == 0) data/inn2-2.6.3+20200601/expire/makehistory.c:450:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LINES, strlen(LINES)) == 0) data/inn2-2.6.3+20200601/expire/makehistory.c:453:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MESSAGEID, strlen(MESSAGEID)) == 0) data/inn2-2.6.3+20200601/expire/makehistory.c:460:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeadernameLength = strlen(extraoverview->strings[i]); data/inn2-2.6.3+20200601/expire/makehistory.c:465:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XREF, strlen(XREF)) == 0) data/inn2-2.6.3+20200601/expire/makehistory.c:468:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). EXPIRES, strlen(EXPIRES)) == 0) data/inn2-2.6.3+20200601/expire/makehistory.c:471:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). INJECTIONDATE, strlen(INJECTIONDATE)) == 0) data/inn2-2.6.3+20200601/expire/makehistory.c:500:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeadernameLength = strlen(BYTES); data/inn2-2.6.3+20200601/expire/makehistory.c:509:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeadernameLength = strlen(DATE); data/inn2-2.6.3+20200601/expire/makehistory.c:518:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeadernameLength = strlen(EXPIRES); data/inn2-2.6.3+20200601/expire/makehistory.c:527:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeadernameLength = strlen(INJECTIONDATE); data/inn2-2.6.3+20200601/expire/makehistory.c:536:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeadernameLength = strlen(LINES); data/inn2-2.6.3+20200601/expire/makehistory.c:545:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeadernameLength = strlen(MESSAGEID); data/inn2-2.6.3+20200601/expire/makehistory.c:554:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeadernameLength = strlen(XREF); data/inn2-2.6.3+20200601/expire/makehistory.c:654:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeaderLength = strlen(Bytes); data/inn2-2.6.3+20200601/expire/makehistory.c:658:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->HeaderLength = strlen(Lines); data/inn2-2.6.3+20200601/expire/makehistory.c:699:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(innconf->pathhost) + 1 + strlen(ann.groupname) + 1 data/inn2-2.6.3+20200601/expire/makehistory.c:699:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(innconf->pathhost) + 1 + strlen(ann.groupname) + 1 data/inn2-2.6.3+20200601/expire/makehistory.c:708:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Xrefp->HeaderLength = strlen(overdata); data/inn2-2.6.3+20200601/expire/makehistory.c:776:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(&buffer, SEP, strlen(SEP)); data/inn2-2.6.3+20200601/expire/makehistory.c:781:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(&buffer, COLONSPACE, strlen(COLONSPACE)); data/inn2-2.6.3+20200601/frontends/ctlinnd.c:272:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += strlen(p) + 1; data/inn2-2.6.3+20200601/frontends/decode.c:123:43: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (i = 12, cnt = 0, first = 1; (c = getchar()) != EOF; ) { data/inn2-2.6.3+20200601/frontends/encode.c:105:23: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (p = b3; (c = getchar()) != EOF; ) { data/inn2-2.6.3+20200601/frontends/feedone.c:125:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(buff, MESGIDHDR, strlen(MESGIDHDR)) == 0) { data/inn2-2.6.3+20200601/frontends/feedone.c:166:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(buff, MESGIDHDR, strlen(MESGIDHDR)) == 0) { data/inn2-2.6.3+20200601/frontends/inews.c:187:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = start + strlen(start); p > start && isspace((unsigned char) p[-1]); ) data/inn2-2.6.3+20200601/frontends/inews.c:456:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(outbuff) == 0) { data/inn2-2.6.3+20200601/frontends/inews.c:472:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out, pwp->pw_name, left); data/inn2-2.6.3+20200601/frontends/inews.c:556:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pwp->pw_name) + strlen(p) + 2 > sizeof(buff)) data/inn2-2.6.3+20200601/frontends/inews.c:556:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pwp->pw_name) + strlen(p) + 2 > sizeof(buff)) data/inn2-2.6.3+20200601/frontends/inews.c:686:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(homedir) > sizeof(buff) - 14) data/inn2-2.6.3+20200601/frontends/inews.c:720:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(article); data/inn2-2.6.3+20200601/frontends/inews.c:786:28: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (p = article; (i = getchar()) != EOF; *p++ = (char)i) data/inn2-2.6.3+20200601/frontends/inews.c:908:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/frontends/inews.c:1018:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hp->Size = strlen(hp->Name); data/inn2-2.6.3+20200601/frontends/inews.c:1030:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Length = strlen(article); data/inn2-2.6.3+20200601/frontends/ovdb_init.c:79:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). grouphash = Hash(group, strlen(group)); data/inn2-2.6.3+20200601/frontends/ovdb_monitor.c:54:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(write(fd, buf, strlen(buf)) < 0) { data/inn2-2.6.3+20200601/frontends/ovdb_server.c:141:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(write(fd, buf, strlen(buf)) < 0) { data/inn2-2.6.3+20200601/frontends/ovdb_server.c:338:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(r->fd, (char *)(r->buf) + r->bufpos, r->buflen - r->bufpos); data/inn2-2.6.3+20200601/frontends/ovdb_stat.c:601:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) == (size_t)(c - str + 1)) { data/inn2-2.6.3+20200601/frontends/rnews.c:377:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((n = read(fd, buf, sizeof(buf))) > 0) { data/inn2-2.6.3+20200601/frontends/rnews.c:441:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read(fd, p, left); data/inn2-2.6.3+20200601/frontends/rnews.c:468:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, p, 1) != 1) { data/inn2-2.6.3+20200601/frontends/rnews.c:503:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read(*fdp, &buff[0], 1)) < 0) { data/inn2-2.6.3+20200601/frontends/rnews.c:518:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read(*fdp, &buff[1], 1)) < 0) { data/inn2-2.6.3+20200601/frontends/rnews.c:591:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(innconf->pathbin) + 1 data/inn2-2.6.3+20200601/frontends/rnews.c:671:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((i = strlen(InputFile)) > 6) { data/inn2-2.6.3+20200601/frontends/rnews.c:729:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (status = 0, count = 0; (i = read(fd, buff, sizeof buff)) != 0; ) { data/inn2-2.6.3+20200601/frontends/rnews.c:879:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/frontends/sys2nf.c:120:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(p) - 1, gp = Groups; (g = *gp++) != NULL; ) data/inn2-2.6.3+20200601/frontends/sys2nf.c:142:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(p), count = 0, gp = Groups; (g = *gp++) != NULL; ) data/inn2-2.6.3+20200601/frontends/sys2nf.c:201:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len + strlen(s) + 3 > 72) { data/inn2-2.6.3+20200601/frontends/sys2nf.c:216:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(s); data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:950:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oldlen = strlen(old); data/inn2-2.6.3+20200601/history/hisv6/hisv6.c:951:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newlen = strlen(new); data/inn2-2.6.3+20200601/include/inn/inndcomm.h:89:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define RECVorREAD(fd, p, s) read((fd), (p), (s)) data/inn2-2.6.3+20200601/include/portable/socket-unix.h:37:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (sizeof(*(sun)) - sizeof((sun)->sun_path) + strlen((sun)->sun_path)) data/inn2-2.6.3+20200601/include/portable/socket.h:256:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define socket_read(fd, b, s) read((fd), (b), (s)) data/inn2-2.6.3+20200601/innd/art.c:420:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->FeedsiteLength = strlen(data->Feedsite); data/inn2-2.6.3+20200601/innd/art.c:598:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->BytesLength = strlen(data->Bytes) - 9; data/inn2-2.6.3+20200601/innd/art.c:605:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_set(headers, data->Bytes, strlen(data->Bytes)); data/inn2-2.6.3+20200601/innd/art.c:744:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->FeedsiteLength = strlen(data->Feedsite); data/inn2-2.6.3+20200601/innd/art.c:1204:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (q1 = q; *q1; q1 += strlen(q1) + 1) { data/inn2-2.6.3+20200601/innd/art.c:1438:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(data->Xref, Path.data, Path.used - 1); data/inn2-2.6.3+20200601/innd/art.c:1467:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(p); data/inn2-2.6.3+20200601/innd/art.c:1471:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(p); data/inn2-2.6.3+20200601/innd/art.c:1599:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_update(&context, (unsigned char *)MessageID, strlen(MessageID)); data/inn2-2.6.3+20200601/innd/art.c:1602:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(LastMessageID, MessageID, sizeof(LastMessageID) - 1); data/inn2-2.6.3+20200601/innd/art.c:1814:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(&funnel->FNLnames, sp->Name, strlen(sp->Name)); data/inn2-2.6.3+20200601/innd/art.c:1849:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(overview, SEP, strlen(SEP)); data/inn2-2.6.3+20200601/innd/art.c:1890:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(data->LinesBuffer); data/inn2-2.6.3+20200601/innd/art.c:1901:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(overview, COLONSPACE, strlen(COLONSPACE)); data/inn2-2.6.3+20200601/innd/art.c:1984:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->FeedsiteLength = strlen(data->Feedsite); data/inn2-2.6.3+20200601/innd/art.c:2014:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->FeedsiteLength = strlen(data->Feedsite); data/inn2-2.6.3+20200601/innd/art.c:2037:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(hops[0]); data/inn2-2.6.3+20200601/innd/art.c:2243:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((j = strlen(p) - 4) > 0 && *(p += j) == '.' data/inn2-2.6.3+20200601/innd/art.c:2568:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->StoredGroupLength = strlen(data->Newsgroups.List[0]); data/inn2-2.6.3+20200601/innd/cc.c:240:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = 1 + strlen(p) + 1 + 1; data/inn2-2.6.3+20200601/innd/cc.c:296:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(av[1], DIGITS) != strlen(av[1])) data/inn2-2.6.3+20200601/innd/cc.c:299:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(av[2], DIGITS) != strlen(av[2])) data/inn2-2.6.3+20200601/innd/cc.c:302:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(av[3], DIGITS) != strlen(av[3])) data/inn2-2.6.3+20200601/innd/cc.c:366:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(av[0]); data/inn2-2.6.3+20200601/innd/cc.c:425:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(Rest); data/inn2-2.6.3+20200601/innd/cc.c:481:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Data.HdrContent[HDR__MESSAGE_ID].Length = strlen(msgid); data/inn2-2.6.3+20200601/innd/cc.c:837:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(cp, "0123456789") != strlen(cp)) { data/inn2-2.6.3+20200601/innd/cc.c:1046:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (Name[0] == '.' || strspn(Name, "0123456789") == strlen(Name)) data/inn2-2.6.3+20200601/innd/cc.c:1069:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Name) + strlen(Rest) > SMBUF - 24) data/inn2-2.6.3+20200601/innd/cc.c:1069:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Name) + strlen(Rest) > SMBUF - 24) data/inn2-2.6.3+20200601/innd/cc.c:1087:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (xwrite(fd, buff, strlen(buff)) < 0) { data/inn2-2.6.3+20200601/innd/cc.c:1211:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(reason) > MAX_REASON_LEN) /* MAX_REASON_LEN is as big as is safe. */ data/inn2-2.6.3+20200601/innd/cc.c:1299:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) > MAX_REASON_LEN) /* MAX_REASON_LEN is as big as is safe. */ data/inn2-2.6.3+20200601/innd/cc.c:1360:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(av[0]) > MAX_REASON_LEN) /* MAX_REASON_LEN is as big as is safe. */ data/inn2-2.6.3+20200601/innd/cc.c:1447:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Path.Used = strlen(innconf->pathhost) + 1; data/inn2-2.6.3+20200601/innd/cc.c:1456:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Pathalias.Used = strlen(innconf->pathalias) + 1; data/inn2-2.6.3+20200601/innd/cc.c:1466:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Pathcluster.Used = strlen(innconf->pathcluster) + 1; data/inn2-2.6.3+20200601/innd/cc.c:1538:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) > MAX_REASON_LEN) /* MAX_REASON_LEN is as big as is safe. */ data/inn2-2.6.3+20200601/innd/cc.c:1962:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p) + HEADER_SIZE ; data/inn2-2.6.3+20200601/innd/cc.c:1986:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendto(CCwriter, TOOLONG, strlen(TOOLONG), 0, data/inn2-2.6.3+20200601/innd/chan.c:826:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = read(cp->fd, &bp->data[bp->used], maxbyte); data/inn2-2.6.3+20200601/innd/icd.c:311:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ICDiovset(&iov[1], Rest, strlen(Rest)); data/inn2-2.6.3+20200601/innd/icd.c:321:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ICDiovset(&iov[2], NEWLINE, strlen(NEWLINE)); data/inn2-2.6.3+20200601/innd/icd.c:350:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Name) + strlen(Rest) > SMBUF - 24) { data/inn2-2.6.3+20200601/innd/icd.c:350:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Name) + strlen(Rest) > SMBUF - 24) { data/inn2-2.6.3+20200601/innd/icd.c:356:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ICDiovset(&iov[1], buff, strlen(buff)); data/inn2-2.6.3+20200601/innd/innd.c:331:12: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mask = umask(033); data/inn2-2.6.3+20200601/innd/innd.c:335:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(mask); data/inn2-2.6.3+20200601/innd/innd.c:561:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Path.used = strlen(innconf->pathhost) + 1; data/inn2-2.6.3+20200601/innd/innd.c:569:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Pathalias.used = strlen(innconf->pathalias) + 1; data/inn2-2.6.3+20200601/innd/innd.c:578:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Pathcluster.used = strlen(innconf->pathcluster) + 1; data/inn2-2.6.3+20200601/innd/innd.c:596:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(NEWSUMASK); data/inn2-2.6.3+20200601/innd/keywords.c:201:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). word_vec[0].length = strlen(word[0]); data/inn2-2.6.3+20200601/innd/keywords.c:212:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). word_vec[distinct_words].length = strlen(word[word_index]); data/inn2-2.6.3+20200601/innd/keywords.c:261:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hc->Length = strlen(hc->Value); data/inn2-2.6.3+20200601/innd/nc.c:165:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, text, strlen(text)); /* Text in buffer. */ data/inn2-2.6.3+20200601/innd/nc.c:166:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); /* Add CR LF to text. */ data/inn2-2.6.3+20200601/innd/nc.c:209:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, buff, strlen(buff)); data/inn2-2.6.3+20200601/innd/nc.c:399:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, buff, strlen(buff)); data/inn2-2.6.3+20200601/innd/nc.c:548:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, buff, strlen(buff)); data/inn2-2.6.3+20200601/innd/nc.c:555:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, dp->Name, strlen(dp->Name)); data/inn2-2.6.3+20200601/innd/nc.c:558:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, dp->Help, strlen(dp->Help)); data/inn2-2.6.3+20200601/innd/nc.c:560:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); data/inn2-2.6.3+20200601/innd/nc.c:563:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, LINE1, strlen(LINE1)); data/inn2-2.6.3+20200601/innd/nc.c:564:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NEWSMASTER, strlen(NEWSMASTER)); data/inn2-2.6.3+20200601/innd/nc.c:565:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, LINE2, strlen(LINE2)); data/inn2-2.6.3+20200601/innd/nc.c:566:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); data/inn2-2.6.3+20200601/innd/nc.c:593:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); data/inn2-2.6.3+20200601/innd/nc.c:603:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); data/inn2-2.6.3+20200601/innd/nc.c:608:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); data/inn2-2.6.3+20200601/innd/nc.c:613:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); data/inn2-2.6.3+20200601/innd/nc.c:619:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); data/inn2-2.6.3+20200601/innd/nc.c:624:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); data/inn2-2.6.3+20200601/innd/nc.c:629:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); data/inn2-2.6.3+20200601/innd/nc.c:687:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msglen = strlen(cp->av[1]) + 5; /* 3 digits + space + id + null. */ data/inn2-2.6.3+20200601/innd/nc.c:708:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msglen = strlen(cp->av[1]); data/inn2-2.6.3+20200601/innd/nc.c:948:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, p, strlen(p)); data/inn2-2.6.3+20200601/innd/nc.c:949:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(cp, NCterm, strlen(NCterm)); data/inn2-2.6.3+20200601/innd/nc.c:1317:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*v) > NNTP_MAXLEN_ARG) { data/inn2-2.6.3+20200601/innd/nc.c:1810:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). idlen = strlen(cp->av[1]); data/inn2-2.6.3+20200601/innd/nc.c:1933:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). idlen = strlen(mid); data/inn2-2.6.3+20200601/innd/newsfeeds.c:71:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = p + strlen(p) - 1; data/inn2-2.6.3+20200601/innd/newsfeeds.c:101:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (q = v->Value = xmalloc(strlen(p) + 1); *p != '\0'; p++) { data/inn2-2.6.3+20200601/innd/newsfeeds.c:151:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = site; p <= site + strlen(site); p++) { data/inn2-2.6.3+20200601/innd/newsfeeds.c:160:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c += strlen(varname); data/inn2-2.6.3+20200601/innd/newsfeeds.c:174:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c += strlen(v->Value); data/inn2-2.6.3+20200601/innd/newsfeeds.c:182:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c += strlen(varname); /* add ignored $ and characters */ data/inn2-2.6.3+20200601/innd/newsfeeds.c:212:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = site; p <= site + strlen(site); p++) { data/inn2-2.6.3+20200601/innd/newsfeeds.c:334:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(site," \t") == strlen (site)) data/inn2-2.6.3+20200601/innd/newsfeeds.c:485:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sp->NameLength = strlen(sp->Name); data/inn2-2.6.3+20200601/innd/newsfeeds.c:819:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += 1 + strlen(sp->Name); data/inn2-2.6.3+20200601/innd/ng.c:85:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ngp->Name, p, i); data/inn2-2.6.3+20200601/innd/perl.c:541:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(ngp->Rest); data/inn2-2.6.3+20200601/innd/python.c:360:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(ngp->Rest); data/inn2-2.6.3+20200601/innd/rc.c:191:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(ident_fd,buf, strlen(buf)); data/inn2-2.6.3+20200601/innd/rc.c:193:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). lu=read(ident_fd, buf, 79); /* pas encore parfait ("not yet perfect"?) */ data/inn2-2.6.3+20200601/innd/rc.c:544:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANset(new, reject_message, (int)strlen(reject_message)); data/inn2-2.6.3+20200601/innd/rc.c:545:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(new, RCterm, strlen(RCterm)); data/inn2-2.6.3+20200601/innd/rc.c:617:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANset(new, reject_message, (int)strlen(reject_message)); data/inn2-2.6.3+20200601/innd/rc.c:618:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANappend(new, RCterm, strlen(RCterm)); data/inn2-2.6.3+20200601/innd/rc.c:668:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (RCbuff) == sizeof RCbuff) { data/inn2-2.6.3+20200601/innd/rc.c:685:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (RCbuff) == sizeof RCbuff) { data/inn2-2.6.3+20200601/innd/rc.c:701:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fgets(t, sizeof RCbuff - strlen (RCbuff), F); data/inn2-2.6.3+20200601/innd/rc.c:703:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (RCbuff) == sizeof RCbuff) { data/inn2-2.6.3+20200601/innd/site.c:320:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, PREFIX, strlen(PREFIX)); data/inn2-2.6.3+20200601/innd/site.c:321:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, text, strlen(text)); data/inn2-2.6.3+20200601/innd/site.c:361:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:368:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:373:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:380:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:386:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:391:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, NL, strlen(NL)); data/inn2-2.6.3+20200601/innd/site.c:396:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:401:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:417:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:422:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:428:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:430:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, pbuff, strlen(pbuff)); data/inn2-2.6.3+20200601/innd/site.c:434:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:436:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, pbuff, strlen(pbuff)); data/inn2-2.6.3+20200601/innd/site.c:440:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:442:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, pbuff, strlen(pbuff)); data/inn2-2.6.3+20200601/innd/site.c:446:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:453:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:461:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:469:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:477:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, ITEMSEP, strlen(ITEMSEP)); data/inn2-2.6.3+20200601/innd/site.c:519:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(sp->Param) + sp->FNLnames.left; data/inn2-2.6.3+20200601/innd/site.c:1145:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(bp, FREESITE, strlen(FREESITE)); data/inn2-2.6.3+20200601/innd/status.c:194:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || ((p != NULL) && (p[strlen(other_ip_addr)] != ' ') data/inn2-2.6.3+20200601/innd/status.c:195:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (p[strlen(other_ip_addr)] != '\0'))) data/inn2-2.6.3+20200601/innd/status.c:196:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (strlen(status->ip_addr) + strlen(other_ip_addr) + 1 < data/inn2-2.6.3+20200601/innd/status.c:196:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (strlen(status->ip_addr) + strlen(other_ip_addr) + 1 < data/inn2-2.6.3+20200601/innd/tinyleaf.c:128:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_hash((unsigned char *) msgid, strlen(msgid), hash); data/inn2-2.6.3+20200601/innd/util.c:66:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(p); data/inn2-2.6.3+20200601/innd/wip.c:35:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash = Hash(messageid, strlen(messageid)); data/inn2-2.6.3+20200601/innd/wip.c:158:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash = Hash(messageid, strlen(messageid)); data/inn2-2.6.3+20200601/innfeed/article.c:722:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((amt = read (fd, buffer + idx,amtToRead)) <= 0) { data/inn2-2.6.3+20200601/innfeed/config_l.c:666:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/inn2-2.6.3+20200601/innfeed/config_l.c:1844:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/inn2-2.6.3+20200601/innfeed/config_y.c:321:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = name + strlen (name) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:325:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (s->values[i]->name) == (size_t) (p - name) && data/inn2-2.6.3+20200601/innfeed/config_y.c:404:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (v->name) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:409:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen (p->me->name) + 1 ; data/inn2-2.6.3+20200601/innfeed/config_y.c:618:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rval = xmalloc (strlen ("line : NULL key") + 15) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:624:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rval = xmalloc (strlen ("line : EMPTY KEY") + 15) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:631:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rval = xmalloc (strlen (NON_ALPHA) + strlen (key) + 15) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:631:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rval = xmalloc (strlen (NON_ALPHA) + strlen (key) + 15) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:641:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rval = xmalloc (strlen (BAD_KEY) + strlen (key) + 15) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:641:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rval = xmalloc (strlen (BAD_KEY) + strlen (key) + 15) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:1420:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/inn2-2.6.3+20200601/innfeed/config_y.c:1934:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errbuff = xmalloc (strlen(SYNTAX_ERROR) + 12) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:1980:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errbuff = xmalloc (strlen(UNKNOWN_SCOPE_TYPE) + 15 + data/inn2-2.6.3+20200601/innfeed/config_y.c:1981:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ((yyvsp[-2].name))) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:2314:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errbuff = xmalloc (strlen (s) + strlen (FMT) + 20) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:2314:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errbuff = xmalloc (strlen (s) + strlen (FMT) + 20) ; data/inn2-2.6.3+20200601/innfeed/config_y.c:2423:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (file == NULL || strlen (file) == 0 || !fileExistsP (file)) data/inn2-2.6.3+20200601/innfeed/connection.c:409:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ipname && strlen (ipname) == 0) data/inn2-2.6.3+20200601/innfeed/connection.c:1461:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenBuff = (17 + strlen (hostUsername (cxn->myHost))) ; data/inn2-2.6.3+20200601/innfeed/connection.c:1466:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferSetDataSize (authUserBuffer, strlen (t)) ; data/inn2-2.6.3+20200601/innfeed/connection.c:1504:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenBuff = (17 + strlen (hostPassword (cxn->myHost))) ; data/inn2-2.6.3+20200601/innfeed/connection.c:1509:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferSetDataSize (authPassBuffer, strlen (t)) ; data/inn2-2.6.3+20200601/innfeed/connection.c:1547:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). modeBuffer = newBuffer (strlen (MODE_CMD) + 1) ; data/inn2-2.6.3+20200601/innfeed/connection.c:1556:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferSetDataSize (modeBuffer, strlen (p)) ; data/inn2-2.6.3+20200601/innfeed/connection.c:2850:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (msgid == NULL || strlen (msgid) == 0 || data/inn2-2.6.3+20200601/innfeed/connection.c:2914:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (msgid == NULL || strlen (msgid) == 0 || data/inn2-2.6.3+20200601/innfeed/connection.c:2973:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (msgid == NULL || strlen (msgid) == 0 || data/inn2-2.6.3+20200601/innfeed/connection.c:3033:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (msgid == NULL || strlen (msgid) == 0 || data/inn2-2.6.3+20200601/innfeed/connection.c:3143:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (msgid == NULL || strlen (msgid) == 0 || data/inn2-2.6.3+20200601/innfeed/connection.c:3679:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (msgid == NULL || strlen (msgid) == 0) data/inn2-2.6.3+20200601/innfeed/connection.c:3977:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tmp = (strlen (msgid) + 10)) > bufLen) data/inn2-2.6.3+20200601/innfeed/connection.c:3986:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferSetDataSize (ihaveBuff, strlen (p)) ; data/inn2-2.6.3+20200601/innfeed/connection.c:4182:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenBuff += (8 + strlen (msgid)) ; /* 8 == strlen("CHECK \r\n") */ data/inn2-2.6.3+20200601/innfeed/connection.c:4206:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen += strlen (t) ; data/inn2-2.6.3+20200601/innfeed/connection.c:4299:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). takeBuffLen = 12 + strlen (msgid) ; data/inn2-2.6.3+20200601/innfeed/connection.c:4304:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferSetDataSize (takeBuffer, strlen (t)) ; data/inn2-2.6.3+20200601/innfeed/endpoint.c:1455:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferSetDataSize (newBuff1,strlen (p)) ; data/inn2-2.6.3+20200601/innfeed/endpoint.c:1459:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufferSetDataSize (newBuff2,strlen (p)) ; data/inn2-2.6.3+20200601/innfeed/host.c:1148:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (nh->params->ipName) > maxIpNameLen) data/inn2-2.6.3+20200601/innfeed/host.c:1149:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxIpNameLen = strlen (nh->params->ipName) ; data/inn2-2.6.3+20200601/innfeed/host.c:1150:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (nh->params->peerName) > maxPeerNameLen) data/inn2-2.6.3+20200601/innfeed/host.c:1151:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxPeerNameLen = strlen (nh->params->peerName) ; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:791:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int headerlen = strlen(header); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:841:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = strlen(buf); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:901:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (slen==-1) slen = strlen(str); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1236:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = deliver_realm ? strlen(deliver_realm) : 0; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1242:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = deliver_username ? strlen(deliver_username) : 0; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1248:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = authid ? strlen(authid) : 0; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1279:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passlen = strlen(deliver_password); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1349:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(outlen < strlen(hbuf) + strlen(pbuf) + 2) data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1349:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(outlen < strlen(hbuf) + strlen(pbuf) + 2) data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1704:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) < 3) data/inn2-2.6.3+20200601/innfeed/imap_connection.c:1735:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) < 4) data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2063:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = WriteToWire_lmtpstr(cxn, p, strlen(p)); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2078:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = WriteToWire_lmtpstr(cxn, p, strlen(p)); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2110:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = WriteToWire_lmtpstr(cxn, p, strlen(p)); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2176:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = WriteToWire_lmtpstr(cxn, p, strlen(p)); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2214:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *line = xmalloc(strlen(str)+30); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2220:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). saslresult = sasl_decode64(str, strlen(str), data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2221:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *line, strlen(str)+1, (unsigned *) linelen); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2414:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). saslresult = sasl_decode64(str, strlen(str), data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2415:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). in, strlen(str)+1, &inlen); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2524:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = WriteToWire_imapstr(cxn, p, strlen(p)); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2551:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = WriteToWire_imapstr(cxn, p, strlen(p)); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2758:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mechlen = strlen((*caps)->saslmechs) + 1; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:2759:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mechlen += strlen(start + 5) + 1; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3314:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp(str+4,"8BITMIME",strlen("8BITMIME"))==0) data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3318:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("ENHANCEDSTATUSCODES"))==0) { data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3322:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strncasecmp(str+4,"PIPELINING",strlen("PIPELINING"))==0) { data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3642:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = strlen(*out); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3644:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newsize = size + 9+strlen(deliver_rcpt_to)+newrcptlen+3; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3727:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = strlen(*out); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3728:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newsize = size + strlen(sep)+1+strlen(deliver_to_header)+newrcptlen+1; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:3728:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newsize = size + strlen(sep)+1+strlen(deliver_to_header)+newrcptlen+1; data/inn2-2.6.3+20200601/innfeed/imap_connection.c:4032:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = WriteToWire_lmtpstr(cxn, p, strlen(p)); data/inn2-2.6.3+20200601/innfeed/imap_connection.c:4065:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cxn->current_bufs[0] = newBufferByCharP(to_list, strlen(to_list+1), data/inn2-2.6.3+20200601/innfeed/imap_connection.c:4066:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(to_list)); data/inn2-2.6.3+20200601/innfeed/innlistener.c:329:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read(mainFd, buf, sizeof (buf)) ; data/inn2-2.6.3+20200601/innfeed/innlistener.c:421:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(bbase) < blen) data/inn2-2.6.3+20200601/innfeed/innlistener.c:502:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(msgid) > NNTP_MAXLEN_MSGID) { data/inn2-2.6.3+20200601/innfeed/innlistener.c:689:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writeBytes = strlen (offsetString) ; data/inn2-2.6.3+20200601/innfeed/misc.c:323:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (string) ; data/inn2-2.6.3+20200601/innfeed/misc.c:422:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (fd,buff,(size_t) strlen (buff)) != (int) strlen (buff)) data/inn2-2.6.3+20200601/innfeed/misc.c:422:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write (fd,buff,(size_t) strlen (buff)) != (int) strlen (buff)) data/inn2-2.6.3+20200601/innfeed/misc.c:451:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = read (fd,buff,sizeof (buff) - 1)) <= 0) data/inn2-2.6.3+20200601/innfeed/misc.c:502:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (tail) ; data/inn2-2.6.3+20200601/innfeed/misc.c:503:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t slen = strlen (string) ; data/inn2-2.6.3+20200601/innfeed/misc.c:669:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc (fp)) != '\n') data/inn2-2.6.3+20200601/innfeed/tape.c:305:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t pLen = strlen (peerName) ; data/inn2-2.6.3+20200601/innfeed/tape.c:306:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dLen = strlen (tapeDirectory) ; data/inn2-2.6.3+20200601/innfeed/tape.c:330:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nt->lockFilename = xmalloc (pLen + dLen + strlen(LOCK_TAIL) + 2) ; data/inn2-2.6.3+20200601/innfeed/tape.c:333:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nt->inputFilename = xmalloc (pLen + dLen + strlen(INPUT_TAIL) + 2) ; data/inn2-2.6.3+20200601/innfeed/tape.c:336:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nt->outputFilename = xmalloc (pLen + dLen + strlen(OUTPUT_TAIL) + 2) ; data/inn2-2.6.3+20200601/innfeed/tape.c:652:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tape->outputSize += strlen(fname) + strlen(msgid) + 2 ; /* " " + "\n" */ data/inn2-2.6.3+20200601/innfeed/tape.c:652:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tape->outputSize += strlen(fname) + strlen(msgid) + 2 ; /* " " + "\n" */ data/inn2-2.6.3+20200601/innfeed/tape.c:778:39: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (tape->inFp != NULL && ((c = fgetc (tape->inFp)) != EOF)) data/inn2-2.6.3+20200601/innfeed/tape.c:971:23: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc (tape->inFp)) != '\n' || currloc <= BITS64) data/inn2-2.6.3+20200601/innfeed/tape.c:1117:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int len = strlen (buffer) ; data/inn2-2.6.3+20200601/innfeed/tape.c:1143:29: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((c = fgetc (tape->inFp)) != '\n') data/inn2-2.6.3+20200601/innfeed/tape.c:1146:25: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc (tape->inFp) ; data/inn2-2.6.3+20200601/lib/argparse.c:50:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *argvp = xmalloc((strlen(p) + 2) * sizeof(char *)); data/inn2-2.6.3+20200601/lib/argparse.c:127:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i += strlen(*v) + 1; data/inn2-2.6.3+20200601/lib/buffer.c:248:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(string); data/inn2-2.6.3+20200601/lib/buffer.c:275:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = read(fd, buffer->data + used, buffer->size - used); data/inn2-2.6.3+20200601/lib/cleanfrom.c:26:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len = strlen(from)) == 0) data/inn2-2.6.3+20200601/lib/cleanfrom.c:72:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len = strlen(from)) == 0) data/inn2-2.6.3+20200601/lib/clientactive.c:71:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strncmp(buff, expectedanswer, strlen(expectedanswer)) != 0) { data/inn2-2.6.3+20200601/lib/clientlib.c:88:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t ser_line_len = strlen(ser_line); data/inn2-2.6.3+20200601/lib/clientlib.c:137:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = &buff[strlen(buff)]; data/inn2-2.6.3+20200601/lib/concat.c:63:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += strlen(string); data/inn2-2.6.3+20200601/lib/conffile.c:21:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (F->buf) >= F->sbuf - 1) { data/inn2-2.6.3+20200601/lib/conffile.c:76:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(F->buf) >= F->sbuf - 2) data/inn2-2.6.3+20200601/lib/conffile.c:80:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (getconfline(F, t, F->sbuf - strlen(F->buf))) data/inn2-2.6.3+20200601/lib/confparse.c:544:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(raw) - 2; data/inn2-2.6.3+20200601/lib/confparse.c:766:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = read(file->fd, file->buffer, file->bufsize - 1); data/inn2-2.6.3+20200601/lib/confparse.c:780:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(file->buffer) != (size_t) status) { data/inn2-2.6.3+20200601/lib/confparse.c:817:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = read(file->fd, start, amount); data/inn2-2.6.3+20200601/lib/confparse.c:825:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(start) != (size_t) status) { data/inn2-2.6.3+20200601/lib/date.c:260:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). date_length = strlen(buff); data/inn2-2.6.3+20200601/lib/date.c:276:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tz_name != NULL && date_length + 4 + strlen(tz_name) <= buflen) { data/inn2-2.6.3+20200601/lib/date.c:363:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). datelen = strlen(date); data/inn2-2.6.3+20200601/lib/date.c:364:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((datelen != 6 && datelen != 8) || strlen(hour) != 6) data/inn2-2.6.3+20200601/lib/date.c:497:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (size != strlen(OBS_MONTH[i])) data/inn2-2.6.3+20200601/lib/date.c:571:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(ZONE_OFFSET[i].name); data/inn2-2.6.3+20200601/lib/date.c:581:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(OBS_ZONE_OFFSET[i].name) > max) data/inn2-2.6.3+20200601/lib/date.c:584:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(OBS_ZONE_OFFSET[i].name); data/inn2-2.6.3+20200601/lib/dbz.c:1288:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(tab->fd, it, length); data/inn2-2.6.3+20200601/lib/fdlimit.c:115:12: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. return ulimit(UL_GDESLIM, 0); data/inn2-2.6.3+20200601/lib/fdlimit.c:117:12: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. return ulimit(4, 0); data/inn2-2.6.3+20200601/lib/getmodaddr.c:63:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strncmp(buff, expectedanswer, strlen(expectedanswer)) != 0) { data/inn2-2.6.3+20200601/lib/getnameinfo.c:73:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(name); data/inn2-2.6.3+20200601/lib/getnameinfo.c:123:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(name); data/inn2-2.6.3+20200601/lib/getnameinfo.c:149:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(srv->s_name); data/inn2-2.6.3+20200601/lib/hash.c:69:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(MessageID); data/inn2-2.6.3+20200601/lib/hashtab.c:39:21: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. hash_equal_func equal; /* Whether a key matches an element. */ data/inn2-2.6.3+20200601/lib/hashtab.c:210:28: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. } else if ((*hash->equal)(key, entry)) { data/inn2-2.6.3+20200601/lib/hashtab.c:469:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return hash_lookup2(key, strlen(key), 0); data/inn2-2.6.3+20200601/lib/inndcomm.c:106:12: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mask = umask(0); data/inn2-2.6.3+20200601/lib/inndcomm.c:109:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(mask); data/inn2-2.6.3+20200601/lib/inndcomm.c:114:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(mask); data/inn2-2.6.3+20200601/lib/inndcomm.c:126:12: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mask = umask(0); data/inn2-2.6.3+20200601/lib/inndcomm.c:129:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(mask); data/inn2-2.6.3+20200601/lib/inndcomm.c:134:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(mask); data/inn2-2.6.3+20200601/lib/inndcomm.c:251:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = buff + strlen(buff), i = 0; (q = argv[i]) != NULL; i++) { data/inn2-2.6.3+20200601/lib/inndcomm.c:255:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(q); data/inn2-2.6.3+20200601/lib/messageid.c:122:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (MessageID == NULL || strlen(MessageID) > NNTP_MAXLEN_MSGID) data/inn2-2.6.3+20200601/lib/mkstemp.c:66:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(template); data/inn2-2.6.3+20200601/lib/pread.c:39:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(fd, buf, nbyte); data/inn2-2.6.3+20200601/lib/qio.c:120:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(qp->_fd, qp->_buffer, qp->_size); data/inn2-2.6.3+20200601/lib/qio.c:188:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(qp->_fd, qp->_end, qp->_size - nleft); data/inn2-2.6.3+20200601/lib/readin.c:24:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = read(fd, p, i); data/inn2-2.6.3+20200601/lib/setproctitle.c:45:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstat(PSTAT_SETCMD, un, strlen(title), 0, 0); data/inn2-2.6.3+20200601/lib/setproctitle.c:57:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). title_end = argv[argc - 1] + strlen(argv[argc - 1]) - 1; data/inn2-2.6.3+20200601/lib/snprintf.c:499:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strln = (int) strlen (value); data/inn2-2.6.3+20200601/lib/strlcat.c:46:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). used = strlen(dst); data/inn2-2.6.3+20200601/lib/strlcat.c:47:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(src); data/inn2-2.6.3+20200601/lib/strlcpy.c:45:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(src); data/inn2-2.6.3+20200601/lib/timer.c:389:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 52 * timer_count + 27 + (prefix == NULL ? 0 : strlen(prefix)) + 1; data/inn2-2.6.3+20200601/lib/uwildmat.c:360:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = start + strlen((const char *) start) - 1; data/inn2-2.6.3+20200601/lib/uwildmat.c:449:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(pat); data/inn2-2.6.3+20200601/lib/vector.c:474:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). seplen = strlen(separator); data/inn2-2.6.3+20200601/lib/vector.c:476:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(SIZE_MAX - size >= strlen(vector->strings[i]) + seplen + 1); data/inn2-2.6.3+20200601/lib/vector.c:477:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen(vector->strings[i]); data/inn2-2.6.3+20200601/lib/vector.c:490:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(vector->strings[i]); data/inn2-2.6.3+20200601/lib/vector.c:514:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). seplen = strlen(separator); data/inn2-2.6.3+20200601/lib/vector.c:516:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(SIZE_MAX - size >= strlen(vector->strings[i])); data/inn2-2.6.3+20200601/lib/vector.c:517:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen(vector->strings[i]); data/inn2-2.6.3+20200601/lib/vector.c:530:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(vector->strings[i]); data/inn2-2.6.3+20200601/lib/wire.c:133:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). headerlen = strlen(header); data/inn2-2.6.3+20200601/lib/xmalloc.c:182:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s) + 1; data/inn2-2.6.3+20200601/nnrpd/article.c:510:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmplimit = ARThandle->data + ARThandle->len - strlen(header) - 1; data/inn2-2.6.3+20200601/nnrpd/article.c:518:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). headerlen = strlen(header); data/inn2-2.6.3+20200601/nnrpd/article.c:1283:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendIOb(buff, strlen(buff)); data/inn2-2.6.3+20200601/nnrpd/article.c:1284:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendIOb(p, strlen(p)); data/inn2-2.6.3+20200601/nnrpd/article.c:1289:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendIOb(buff, strlen(buff)); data/inn2-2.6.3+20200601/nnrpd/article.c:1354:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendIOb(buff, strlen(buff)); data/inn2-2.6.3+20200601/nnrpd/article.c:1361:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendIOb(buff, strlen(buff)); data/inn2-2.6.3+20200601/nnrpd/article.c:1362:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendIOb(p, strlen(p)); data/inn2-2.6.3+20200601/nnrpd/article.c:1370:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendIOb(buff, strlen(buff)); data/inn2-2.6.3+20200601/nnrpd/auth-ext.c:100:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp(line, "User:", strlen("User:")) == 0) { data/inn2-2.6.3+20200601/nnrpd/auth-ext.c:103:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *user = xstrdup(line + strlen("User:")); data/inn2-2.6.3+20200601/nnrpd/commands.c:203:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(pan[PIPE_READ], path, sizeof(path)); data/inn2-2.6.3+20200601/nnrpd/line.c:150:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(STDIN_FILENO, p, len); data/inn2-2.6.3+20200601/nnrpd/misc.c:279:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(fd, temp, strlen(temp)); data/inn2-2.6.3+20200601/nnrpd/newnews.c:293:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcspn(av[1], "\\!*[?]") == strlen(av[1])) { data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:421:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p, p+6, strlen(p)-5); data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:425:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p, p+6, strlen(p)-5); data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:429:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p, p+9, strlen(p)-8); data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:437:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mechlist != NULL && strlen(mechlist) > 2) { data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:482:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mechlist != NULL && strlen(mechlist) > 2) { data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:804:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buff + strlen(buff) - 1; data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:844:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fmt) == 3 && strcasecmp(fmt, ".\r\n") == 0) { data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1406:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("innconf->pathlog") + strlen("/tracklogs/log-") + BUFSIZ; data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1406:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen("innconf->pathlog") + strlen("/tracklogs/log-") + BUFSIZ; data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1555:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(buff) > 40) data/inn2-2.6.3+20200601/nnrpd/nnrpd.c:1578:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*v) > NNTP_MAXLEN_ARG) { data/inn2-2.6.3+20200601/nnrpd/nnrpd.h:52:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). char *read; data/inn2-2.6.3+20200601/nnrpd/perl.c:101:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) hv_store(hdr, (char *) hp->Name, strlen(hp->Name), data/inn2-2.6.3+20200601/nnrpd/perm.c:425:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (orig->read) data/inn2-2.6.3+20200601/nnrpd/perm.c:426:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret->read = xstrdup(orig->read); data/inn2-2.6.3+20200601/nnrpd/perm.c:559:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (del->read) data/inn2-2.6.3+20200601/nnrpd/perm.c:560:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). free(del->read); data/inn2-2.6.3+20200601/nnrpd/perm.c:877:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CompressList(curaccess->read); data/inn2-2.6.3+20200601/nnrpd/perm.c:886:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). CompressList(curaccess->read); data/inn2-2.6.3+20200601/nnrpd/perm.c:897:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). free(curaccess->read); data/inn2-2.6.3+20200601/nnrpd/perm.c:1537:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). PERMcanread = (access_realms[i]->read != NULL); data/inn2-2.6.3+20200601/nnrpd/perm.c:1657:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((script_path != NULL) && (strlen(script_path) > 0)) { data/inn2-2.6.3+20200601/nnrpd/perm.c:1696:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((script_path != NULL) && (strlen(script_path) > 0)) { data/inn2-2.6.3+20200601/nnrpd/perm.c:1759:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (access_realms[i]->read) { data/inn2-2.6.3+20200601/nnrpd/perm.c:1760:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cp = xstrdup(access_realms[i]->read); data/inn2-2.6.3+20200601/nnrpd/perm.c:1802:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). VirtualPathlen = strlen(VirtualPath); data/inn2-2.6.3+20200601/nnrpd/perm.c:2068:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((script_path != NULL) && (strlen(script_path) > 0)) { data/inn2-2.6.3+20200601/nnrpd/perm.c:2105:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((script_path != NULL) && (strlen(script_path) > 0)) { data/inn2-2.6.3+20200601/nnrpd/post.c:125:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(p); data/inn2-2.6.3+20200601/nnrpd/post.c:163:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = start + strlen(start); p > start && isspace((unsigned char) p[-1]); p--) data/inn2-2.6.3+20200601/nnrpd/post.c:585:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(Client.host) > 0) || (strlen(Client.ip) > 0)) { data/inn2-2.6.3+20200601/nnrpd/post.c:585:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(Client.host) > 0) || (strlen(Client.ip) > 0)) { data/inn2-2.6.3+20200601/nnrpd/post.c:587:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (strlen(Client.host) == 0)) { data/inn2-2.6.3+20200601/nnrpd/post.c:590:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(Client.ip) == 0) { data/inn2-2.6.3+20200601/nnrpd/post.c:764:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(article); data/inn2-2.6.3+20200601/nnrpd/post.c:992:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(article); data/inn2-2.6.3+20200601/nnrpd/post.c:1106:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hp->Size = strlen(hp->Name); data/inn2-2.6.3+20200601/nnrpd/post.c:1180:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(article) > PERMaccessconf->localmaxartsize)) { data/inn2-2.6.3+20200601/nnrpd/post.h:30:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Table[(_x)].Len = strlen(_y); \ data/inn2-2.6.3+20200601/nnrpd/python.c:154:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] = PYBUFF_FROMMEMORY(Client.host, strlen(Client.host)); data/inn2-2.6.3+20200601/nnrpd/python.c:158:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] =PYBUFF_FROMMEMORY(Client.ip, strlen(Client.ip)); data/inn2-2.6.3+20200601/nnrpd/python.c:167:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Client.serverhost)); data/inn2-2.6.3+20200601/nnrpd/python.c:172:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Client.serverip)); data/inn2-2.6.3+20200601/nnrpd/python.c:183:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] = PYBUFF_FROMMEMORY(User, strlen(User)); data/inn2-2.6.3+20200601/nnrpd/python.c:191:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] = PYBUFF_FROMMEMORY(Password, strlen(Password)); data/inn2-2.6.3+20200601/nnrpd/python.c:300:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] = PYBUFF_FROMMEMORY(Client.host, strlen(Client.host)); data/inn2-2.6.3+20200601/nnrpd/python.c:304:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] = PYBUFF_FROMMEMORY(Client.ip, strlen(Client.ip)); data/inn2-2.6.3+20200601/nnrpd/python.c:313:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Client.serverhost)); data/inn2-2.6.3+20200601/nnrpd/python.c:318:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Client.serverip)); data/inn2-2.6.3+20200601/nnrpd/python.c:326:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] = PYBUFF_FROMMEMORY(User, strlen(User)); data/inn2-2.6.3+20200601/nnrpd/python.c:434:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] = PYBUFF_FROMMEMORY(Client.host, strlen(Client.host)); data/inn2-2.6.3+20200601/nnrpd/python.c:438:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] = PYBUFF_FROMMEMORY(Client.ip, strlen(Client.ip)); data/inn2-2.6.3+20200601/nnrpd/python.c:447:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Client.serverhost)); data/inn2-2.6.3+20200601/nnrpd/python.c:452:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Client.serverip)); data/inn2-2.6.3+20200601/nnrpd/python.c:460:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] = PYBUFF_FROMMEMORY(User, strlen(User)); data/inn2-2.6.3+20200601/nnrpd/python.c:473:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PYauthitem[authnum] = PYBUFF_FROMMEMORY(NewsGroup, strlen(NewsGroup)); data/inn2-2.6.3+20200601/nnrpd/sasl.c:148:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r1 = sasl_decode64(clientin, strlen(clientin), data/inn2-2.6.3+20200601/nnrpd/tls.c:338:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ss += strlen(ss); data/inn2-2.6.3+20200601/nnrpd/tls.c:350:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ss += strlen(ss); data/inn2-2.6.3+20200601/nnrpd/tls.c:365:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret += strlen(buf); data/inn2-2.6.3+20200601/nnrpd/tls.c:372:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret += strlen(buf); data/inn2-2.6.3+20200601/nnrpd/tls.c:535:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tls_CAfile) == 0) data/inn2-2.6.3+20200601/nnrpd/tls.c:539:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tls_CApath) == 0) data/inn2-2.6.3+20200601/nnrpd/tls.c:551:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tls_cert_file) == 0) data/inn2-2.6.3+20200601/nnrpd/tls.c:555:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tls_key_file) == 0) data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:560:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.magic, OVBUFF_MAGIC, strlen(OVBUFF_MAGIC)); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:560:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(rpx.magic, OVBUFF_MAGIC, strlen(OVBUFF_MAGIC)); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:561:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.path, ovbuff->path, OVBUFFPASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:562:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.indexa, offt2hex(ovbuff->index, true), OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:563:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.lena, offt2hex(ovbuff->len, true), OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:564:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.totala, offt2hex(ovbuff->totalblk, true), OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:565:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.useda, offt2hex(ovbuff->usedblk, true), OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:566:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.freea, offt2hex(ovbuff->freeblk, true), OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:567:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.updateda, offt2hex(ovbuff->updated, true), OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:661:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(dpx.magic, OVBUFF_MAGIC, strlen(OVBUFF_MAGIC)) == 0 && data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:663:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, dpx.indexa, OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:672:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, dpx.lena, OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:685:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(dpx.magic, rpx->magic, strlen(OVBUFF_MAGIC)) != 0 || data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:698:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, dpx.totala, OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:704:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx->useda, OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:707:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx->freea, OVBUFFLASIZ); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:1092:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). grouphash = Hash(group, strlen(group)); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:1159:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). grouphash = Hash(group, strlen(group)); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:1166:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). grouphash = Hash(group, strlen(group)); data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:2295:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->pathtmp) + 11; data/inn2-2.6.3+20200601/storage/buffindexed/buffindexed.c:2314:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->pathtmp) + 11; data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:243:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.magic, CNFS_MAGICV3, strlen(CNFS_MAGICV3)); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:243:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(rpx.magic, CNFS_MAGICV3, strlen(CNFS_MAGICV3)); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:245:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.magic, CNFS_MAGICV4, strlen(CNFS_MAGICV4)); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:245:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(rpx.magic, CNFS_MAGICV4, strlen(CNFS_MAGICV4)); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:246:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.name, cycbuff->name, CNFSNASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:247:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.path, cycbuff->path, CNFSPASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:248:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.lena, CNFSofft2hex(cycbuff->len, true), CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:249:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.freea, CNFSofft2hex(cycbuff->free, true), CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:250:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.cyclenuma, CNFSofft2hex(cycbuff->cyclenum, true), CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:251:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.updateda, CNFSofft2hex(cycbuff->updated, true), CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:252:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.metaname, cycbuff->metaname, CNFSNASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:253:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.orderinmeta, CNFSofft2hex(cycbuff->order, true), CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:255:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(rpx.currentbuff, "TRUE", CNFSMASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:257:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(rpx.currentbuff, "FALSE", CNFSMASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:259:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rpx.blksza, CNFSofft2hex(cycbuff->blksz, true), CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:369:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx.freea, CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:372:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx.updateda, CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:375:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx.cyclenuma, CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:637:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(rpx->magic, CNFS_MAGICV3, strlen(CNFS_MAGICV3)) == 0) { data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:641:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(rpx->magic, CNFS_MAGICV4, strlen(CNFS_MAGICV4)) == 0) data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:653:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx->lena, CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:661:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx->freea, CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:664:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx->updateda, CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:667:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx->cyclenuma, CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:670:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cycbuff->metaname, rpx->metaname, CNFSNASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:671:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx->orderinmeta, CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:678:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, rpx->blksza, CNFSLASIZ); data/inn2-2.6.3+20200601/storage/cnfs/cnfs.c:749:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cycbuff->metaname, metacycbuff->name, CNFSNASIZ); data/inn2-2.6.3+20200601/storage/expire.c:350:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buff + strlen(buff); data/inn2-2.6.3+20200601/storage/expire.c:554:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->Length = strlen(standardoverview->strings[i]); data/inn2-2.6.3+20200601/storage/expire.c:561:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp->Length = strlen(extraoverview->strings[i]); data/inn2-2.6.3+20200601/storage/expire.c:607:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(p); data/inn2-2.6.3+20200601/storage/expire.c:618:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buff, p, i); data/inn2-2.6.3+20200601/storage/expire.c:769:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arts[i][strlen(arts[i])] = ':'; data/inn2-2.6.3+20200601/storage/expire.c:781:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arts[i][strlen(arts[i])] = ':'; data/inn2-2.6.3+20200601/storage/interface.c:47:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(text) != (sizeof(TOKEN) * 2) + 2) data/inn2-2.6.3+20200601/storage/ov.c:226:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(overdata); data/inn2-2.6.3+20200601/storage/ov.c:369:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((((OVGE *)val)->filename == NULL) || (strlen(((OVGE *)val)->filename) == 0)) { data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:240:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(clientfd, (char *)data + p, n - p); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:325:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(clientfd, banner + p, sizeof(OVDB_SERVER_BANNER) - p); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:644:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). grouphash = Hash(group, strlen(group)); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:682:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.size = strlen(group); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1328:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read(f, buf, SMBUF-1) < 0) { data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1641:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rs.grouplen = strlen(group)+1; data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1734:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = strlen(g) + 1; data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1760:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.size = strlen(group); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1803:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.size = strlen(group); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1821:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.size = strlen(group); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:1881:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.size = strlen(group); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:2023:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.size = strlen(group); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:2165:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rs.grouplen = strlen(group)+1; data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:2454:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rs.grouplen = strlen(group)+1; data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:2681:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key.size = strlen(group); data/inn2-2.6.3+20200601/storage/ovdb/ovdb.c:2723:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gkey.size = strlen(group); data/inn2-2.6.3+20200601/storage/overdata.c:171:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_set(overview, buffer, strlen(buffer)); data/inn2-2.6.3+20200601/storage/overdata.c:176:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(overview, buffer, strlen(buffer)); data/inn2-2.6.3+20200601/storage/overdata.c:184:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(extra->strings[field])); data/inn2-2.6.3+20200601/storage/overdata.c:404:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t headerlen = strlen(header); data/inn2-2.6.3+20200601/storage/timecaf/caf.c:94:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rval = read(fd, buf, n); data/inn2-2.6.3+20200601/storage/timecaf/caf.c:1393:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathlen = strlen(path) + 10; data/inn2-2.6.3+20200601/storage/timecaf/timecaf.c:176:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + 32; data/inn2-2.6.3+20200601/storage/timecaf/timecaf.c:523:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, private->artdata, private->artlen) < 0) { data/inn2-2.6.3+20200601/storage/timecaf/timecaf.c:715:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(de->d_name) == 10) && data/inn2-2.6.3+20200601/storage/timecaf/timecaf.c:722:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(de->d_name) == 2) data/inn2-2.6.3+20200601/storage/timecaf/timecaf.c:728:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(de->d_name) == 7) && data/inn2-2.6.3+20200601/storage/timecaf/timecaf.c:774:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + 32; data/inn2-2.6.3+20200601/storage/timehash/timehash.c:104:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + 32; data/inn2-2.6.3+20200601/storage/timehash/timehash.c:271:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, private->base, private->len) < 0) { data/inn2-2.6.3+20200601/storage/timehash/timehash.c:400:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(de->d_name) == 7) && data/inn2-2.6.3+20200601/storage/timehash/timehash.c:407:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(de->d_name) == 2) data/inn2-2.6.3+20200601/storage/timehash/timehash.c:413:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(de->d_name) == 9) && data/inn2-2.6.3+20200601/storage/timehash/timehash.c:441:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + 32; data/inn2-2.6.3+20200601/storage/tradindexed/tdx-data.c:81:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->pathoverview); data/inn2-2.6.3+20200601/storage/tradindexed/tdx-data.c:88:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += 1 + 2 + strlen(group) + 1; data/inn2-2.6.3+20200601/storage/tradindexed/tdx-data.c:91:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = path + strlen(innconf->pathoverview); data/inn2-2.6.3+20200601/storage/tradindexed/tdx-data.c:277:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = read(fd, data, length); data/inn2-2.6.3+20200601/storage/tradindexed/tdx-group.c:212:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(index->fd, index->header, header_size) != header_size) { data/inn2-2.6.3+20200601/storage/tradindexed/tdx-group.c:216:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(index->fd, index->entries, entry_size) != entry_size) { data/inn2-2.6.3+20200601/storage/tradindexed/tdx-group.c:502:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash = Hash(group, strlen(group)); data/inn2-2.6.3+20200601/storage/tradindexed/tdx-group.c:602:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash = Hash(group, strlen(group)); data/inn2-2.6.3+20200601/storage/tradindexed/tdx-group.c:670:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash = Hash(group, strlen(group)); data/inn2-2.6.3+20200601/storage/tradindexed/tdx-group.c:1093:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). grouphash = Hash(group->name, strlen(group->name)); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:113:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash = Hash(p, strlen(p)); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:565:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(ng) + 20 + strlen(innconf->patharticles); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:565:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(ng) + 20 + strlen(innconf->patharticles); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:653:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + strlen(ng) + 32; data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:653:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + strlen(ng) + 32; data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:728:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + strlen(ng) + 32; data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:728:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + strlen(ng) + 32; data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:844:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, private->artbase, private->artlen) < 0) { data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1019:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + strlen(ng) + 32; data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1019:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + strlen(ng) + 32; data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1057:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(de->d_name); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1066:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(dirname) + namelen + 2; data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1147:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(priv.curdirname); data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1191:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + strlen(ng) + 32; data/inn2-2.6.3+20200601/storage/tradspool/tradspool.c:1191:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(innconf->patharticles) + strlen(ng) + 32; data/inn2-2.6.3+20200601/tests/authprogs/ident-t.c:29:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, buffer, sizeof(buffer)) < 0) data/inn2-2.6.3+20200601/tests/authprogs/ident-t.c:112:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = read(output[0], buffer, sizeof(buffer) - 1); data/inn2-2.6.3+20200601/tests/innd/artparse-t.c:100:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_set(&Path, "example.com!others", strlen("example.com!others") + 1); data/inn2-2.6.3+20200601/tests/innd/artparse-t.c:101:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Path.used += strlen("example.com!"); data/inn2-2.6.3+20200601/tests/innd/chan-t.c:69:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WCHANset(cp, "some output", strlen("some output")); data/inn2-2.6.3+20200601/tests/innd/chan-t.c:102:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok_int(10, strlen("some output"), CHANreadtext(cp)); data/inn2-2.6.3+20200601/tests/innd/chan-t.c:103:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok_int(11, strlen("some output"), cp->In.used); data/inn2-2.6.3+20200601/tests/lib/confparse-t.c:478:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 16 * 1024 - strlen(": baz\nfoo:"); data/inn2-2.6.3+20200601/tests/lib/fdflag-t.c:103:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = read(data, buffer, sizeof(buffer)); data/inn2-2.6.3+20200601/tests/lib/fdflag-t.c:116:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(data, buffer, sizeof(buffer)) < (ssize_t) sizeof(buffer)) data/inn2-2.6.3+20200601/tests/lib/hashtab-t.c:159:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer[strlen(buffer) - 1] = '\0'; data/inn2-2.6.3+20200601/tests/lib/hashtab-t.c:177:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer[strlen(buffer) - 1] = '\0'; data/inn2-2.6.3+20200601/tests/lib/md5-t.c:15:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define ustrlen(s) strlen((const char *) s) data/inn2-2.6.3+20200601/tests/lib/mkstemp-t.c:75:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(template); data/inn2-2.6.3+20200601/tests/lib/mkstemp-t.c:78:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). is_int(length, read(fd, buffer, length), "...and the data is there"); data/inn2-2.6.3+20200601/tests/lib/pread-t.c:42:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = read(fd, result, 64); data/inn2-2.6.3+20200601/tests/lib/pwrite-t.c:37:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = read(fd, result, 64); data/inn2-2.6.3+20200601/tests/lib/pwrite-t.c:42:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = read(fd, result, 256); data/inn2-2.6.3+20200601/tests/lib/qio-t.c:103:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(result) < size - 1) { data/inn2-2.6.3+20200601/tests/lib/qio-t.c:117:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(result) < size - 1) { data/inn2-2.6.3+20200601/tests/lib/qio-t.c:129:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(15, strlen(result) == 127); data/inn2-2.6.3+20200601/tests/lib/qio-t.c:145:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(24, strlen(result) == 255); data/inn2-2.6.3+20200601/tests/lib/qio-t.c:155:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(32, strlen(result) == 255); data/inn2-2.6.3+20200601/tests/lib/tst-t.c:17:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define ustrlen(s) strlen((const char *) s) data/inn2-2.6.3+20200601/tests/lib/wire-t.c:29:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = read(fd, article, st->st_size); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:79:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(11, strncmp(p, "Path: This is", strlen("Path: This is")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:81:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(12, strncmp(p, "Second: Not", strlen("Second: Not")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:87:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(15, strncmp(p, "This is the real", strlen("This is the real")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:89:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(16, strncmp(p, "First text", strlen("First text")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:91:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(17, strncmp(p, "This one is real", strlen("This one is real")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:93:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(18, strncmp(p, "<foo@example.com>", strlen("<foo@example.com>")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:97:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(20, strncmp(p, "This is\rnot", strlen("This is\rnot")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:99:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(21, strncmp(end, "\nFrom: This is", strlen("\nFrom: This is")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:101:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(22, strncmp(p, "this is --", strlen("this is --")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:103:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(23, strncmp(end, "\nSummary: ", strlen("\nSummary: ")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:105:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(24, strncmp(p, "This is\n\nnot", strlen("This is\n\nnot")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:107:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(25, strncmp(end, "\nMessage-ID: ", strlen("\nMessage-ID: ")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:117:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("<bad-body@example.com>\r\n")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:127:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(32, strncmp(p, "Mon, 23 Dec", strlen("Mon, 23 Dec")) == 0); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:136:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(36, wire_findbody(article, strlen(article)) == article + 2); data/inn2-2.6.3+20200601/tests/lib/wire-t.c:160:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wire_size = strlen(wire); data/inn2-2.6.3+20200601/tests/overview/api-t.c:133:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(data); data/inn2-2.6.3+20200601/tests/overview/api-t.c:212:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). article.overlen = strlen(start); data/inn2-2.6.3+20200601/tests/overview/api-t.c:277:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(expected) != data->overlen - 2) { data/inn2-2.6.3+20200601/tests/overview/api-t.c:279:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long) data->overlen, (unsigned long) strlen(expected)); data/inn2-2.6.3+20200601/tests/overview/overview-t.c:146:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (data[strlen(data) - 1] != '\n') data/inn2-2.6.3+20200601/tests/overview/overview-t.c:211:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(start), artnum * 10, data/inn2-2.6.3+20200601/tests/overview/overview-t.c:266:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(expected) != (size_t) length) { data/inn2-2.6.3+20200601/tests/overview/overview-t.c:268:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long) strlen(expected)); data/inn2-2.6.3+20200601/tests/overview/xref-t.c:73:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(data); data/inn2-2.6.3+20200601/tests/overview/xref-t.c:121:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). article.overlen = strlen(start); data/inn2-2.6.3+20200601/tests/overview/xref-t.c:147:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok(n++, memcmp(start, result, strlen(start)) == 0); data/inn2-2.6.3+20200601/tests/overview/xref-t.c:152:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok_int(n++, strlen(start) + (result - article.overview) + 2, data/inn2-2.6.3+20200601/tests/overview/xref-t.c:234:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wire = wire_from_native(article, strlen(article), &size); data/inn2-2.6.3+20200601/tests/overview/xref-t.c:244:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). handle.groupslen = strlen("example.test:1"); data/inn2-2.6.3+20200601/tests/runtests.c:417:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s) + 1; data/inn2-2.6.3+20200601/tests/runtests.c:482:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (length >= UINT_MAX - strlen(string)) { data/inn2-2.6.3+20200601/tests/runtests.c:486:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += strlen(string); data/inn2-2.6.3+20200601/tests/runtests.c:496:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(result + offset, string, strlen(string)); data/inn2-2.6.3+20200601/tests/runtests.c:497:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset += strlen(string); data/inn2-2.6.3+20200601/tests/runtests.c:741:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ts->reason[strlen(ts->reason) - 1] = '\0'; data/inn2-2.6.3+20200601/tests/runtests.c:804:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bail = skip_whitespace(bail + strlen("Bail out!")); data/inn2-2.6.3+20200601/tests/runtests.c:808:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(bail); data/inn2-2.6.3+20200601/tests/runtests.c:824:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (line[strlen(line) - 1] != '\n') data/inn2-2.6.3+20200601/tests/runtests.c:1403:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(buffer) - 1; data/inn2-2.6.3+20200601/tests/runtests.c:1412:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(start) == 0) data/inn2-2.6.3+20200601/tests/runtests.c:1530:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(current->ts->file); data/inn2-2.6.3+20200601/tests/runtests.c:1555:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(ts->file); i < longest; i++) data/inn2-2.6.3+20200601/tests/tap/basic.c:229:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (length >= UINT_MAX - strlen(string)) data/inn2-2.6.3+20200601/tests/tap/basic.c:231:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += strlen(string); data/inn2-2.6.3+20200601/tests/tap/basic.c:241:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(result + offset, string, strlen(string)); data/inn2-2.6.3+20200601/tests/tap/basic.c:242:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset += strlen(string); data/inn2-2.6.3+20200601/tests/tap/basic.c:297:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(file->buffer); data/inn2-2.6.3+20200601/tests/tap/basic.c:924:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s) + 1; data/inn2-2.6.3+20200601/tests/tap/process.c:141:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(fds[0], buf + count, buflen - count - 1); data/inn2-2.6.3+20200601/tests/util/innbind-t.c:153:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = read(pipefds[0], buffer, 3); data/inn2-2.6.3+20200601/tests/util/innbind-t.c:272:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). status = read(pipefds[0], buffer, 3); ANALYSIS SUMMARY: Hits = 2231 Lines analyzed = 141916 in approximately 8.31 seconds (17072 lines/second) Physical Source Lines of Code (SLOC) = 99772 Hits@level = [0] 2066 [1] 759 [2] 1052 [3] 73 [4] 343 [5] 4 Hits@level+ = [0+] 4297 [1+] 2231 [2+] 1472 [3+] 420 [4+] 347 [5+] 4 Hits/KSLOC@level+ = [0+] 43.0682 [1+] 22.361 [2+] 14.7536 [3+] 4.2096 [4+] 3.47793 [5+] 0.0400914 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.