Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_conf.c Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_externs.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_struct_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_lhex.c Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_log_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_lhex_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_log.c Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_conf_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_rfc931.c Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_conf_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_defines.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_rfc931_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/iauth.c Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_pipe_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_pipe.c Examining data/ircd-irc2-2.11.2p3~dfsg/iauth/a_log_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/nameser_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/fileio.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/hash_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/res_mkquery.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_err.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/channel_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_numeric_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/version_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/channel_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/res_mkquery_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/res_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_zip_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/res_comp_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/list_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_defines.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/hash_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/res_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/class_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/class.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/res_comp.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_externs.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/fileio.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_err_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/service_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/resolv_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/hash.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_zip.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/sys_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/s_numeric.c Examining data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c Examining data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c Examining data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/proto.h Examining data/ircd-irc2-2.11.2p3~dfsg/contrib/ircdwatch/ircdwatch.c Examining data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c Examining data/ircd-irc2-2.11.2p3~dfsg/contrib/mod_passwd/mod_passwd.c Examining data/ircd-irc2-2.11.2p3~dfsg/common/common_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/parse_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/bsd.c Examining data/ircd-irc2-2.11.2p3~dfsg/common/irc_sprintf_body.c Examining data/ircd-irc2-2.11.2p3~dfsg/common/parse.c Examining data/ircd-irc2-2.11.2p3~dfsg/common/os.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/packet_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/dbuf.c Examining data/ircd-irc2-2.11.2p3~dfsg/common/support.c Examining data/ircd-irc2-2.11.2p3~dfsg/common/match_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/patchlevel.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/irc_sprintf.c Examining data/ircd-irc2-2.11.2p3~dfsg/common/match.c Examining data/ircd-irc2-2.11.2p3~dfsg/common/class_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/support_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/send_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/numeric_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/bsd_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/send.c Examining data/ircd-irc2-2.11.2p3~dfsg/common/packet.c Examining data/ircd-irc2-2.11.2p3~dfsg/common/irc_sprintf_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/dbuf_ext.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/dbuf_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/common/support_def.h Examining data/ircd-irc2-2.11.2p3~dfsg/debian/maint/config.h FINAL RESULTS: data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:190:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(TKSERV_ACCESSFILE, S_IRUSR | S_IWRITE); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:191:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(TKSERV_LOGFILE, S_IRUSR | S_IWRITE); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:609:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(TKSERV_IRCD_CONFIG_TMP, S_IRUSR | S_IWRITE); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:419:8: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. (void)chmod(path, 0755); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:420:8: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. (void)chmod(unixpath, 0777); data/ircd-irc2-2.11.2p3~dfsg/common/common_def.h:21:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy((char *)x, (char *)y);\ data/ircd-irc2-2.11.2p3~dfsg/common/parse.c:369:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (servermask, name); data/ircd-irc2-2.11.2p3~dfsg/common/parse.c:777:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rbuf, "%s: Not enough parameters", mptr->cmd); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:54:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(notice, pattern, va); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:367:8: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. len = vsprintf(sendbuf, pattern, va); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:397:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. len = sprintf(psendbuf, ":%s!%s@%s", from->name, data/ircd-irc2-2.11.2p3~dfsg/common/send.c:402:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. len = sprintf(psendbuf, ":%s", par); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:405:10: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. len += vsprintf(psendbuf+len, pattern+3, va); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:408:9: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. len = vsprintf(psendbuf, pattern, va); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:985:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf, pattern, va); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1122:10: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. (void)vsprintf(nbuf, pattern, va); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1161:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. len = sprintf(lbuf, "%u %s\n", (u_int)timeofday, nbuf); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1186:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s.%s", FNAME_SCH_PREFIX, shptr->svc_chname+1); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1331:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(buf, "%s", anyptr); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1333:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. linebuflen = sprintf(linebuf, data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1344:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. linebuflen = sprintf(linebuf, data/ircd-irc2-2.11.2p3~dfsg/common/support.c:46:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return ((char *)strcpy(t, s)); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:177:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(buf, ctime(&value)); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:231:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out, p + 6); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:502:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(s, msg, va); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:823:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tis[1], networkname); data/ircd-irc2-2.11.2p3~dfsg/contrib/ircdwatch/ircdwatch.c:208:5: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl("/bin/sh", "sh", "-c", cmd, (char *) NULL); data/ircd-irc2-2.11.2p3~dfsg/contrib/ircdwatch/ircdwatch.c:256:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return(access(s, R_OK) == 0); data/ircd-irc2-2.11.2p3~dfsg/contrib/ircdwatch/ircdwatch.c:261:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return(access(s, W_OK) == 0); data/ircd-irc2-2.11.2p3~dfsg/contrib/ircdwatch/ircdwatch.c:268:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. rc = (access(IRCD_PATH, X_OK) == 0); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:30:14: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. extern char *getpass(const char * prompt); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:31:14: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. extern char *crypt(const char *key, const char *salt); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:179:17: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. plaintext = getpass("plaintext: "); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:182:18: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. printf("%s\n", crypt(plaintext, salt)); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:215:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(salt, "_%s", int_to_base64(rounds)); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:225:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(salt, "_%s%s", int_to_base64(rounds), saltpara); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:237:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(salt, "$1$%s$", saltpara); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:274:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(salt, "$2a$%s$%s$", tbuf, saltpara); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:294:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(salt, "$2a$%s$", tbuf); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:89:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(txt, text, va); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:114:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(command, cmd, va); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:115:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:126:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, buf, va); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:147:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(txt, text, va); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:234:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s", tmp, buffer); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:245:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, buffer); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:470:26: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. pwdtmp = crypt(pwd, salt); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:634:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, buffer); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:665:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, buffer); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:1107:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name.sun_path, host); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:1195:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(last_buf, buffer); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_conf.c:191:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(lfname, "_%s_load", buffer+7); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_conf.c:193:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(lfname, "%s_load", buffer+7); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:51:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(ibuf, pattern, va); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:396:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cldata[cl].host, chp+2); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:423:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cldata[cl].user, chp+2); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:438:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cldata[cl].passwd, chp+2); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:469:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. strConnLen = sprintf(strConn, ":%s 020 * :", chp+2); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:788:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errbuf, "socket() failed: %s", strerror(errno)); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:807:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errbuf, "bind() failed: %s", strerror(errno)); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:822:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errbuf, "connect() to %s %u failed: %s", theirIP, port, data/ircd-irc2-2.11.2p3~dfsg/iauth/a_log.c:72:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(logbuf+1, pattern, va); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_lhex.c:161:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(query, "id:%u ip:%s", cl, cldata[cl].itsip); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_lhex.c:167:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(query, ident); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_lhex.c:172:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(query, cldata[cl].host); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_pipe.c:110:10: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void)execlp(cldata[cl].instance->popt, data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:140:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mydata->cache->ip, cldata[cl].itsip); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:609:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpbuf, cbuf); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:611:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(txtbuf, cbuf); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:130:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mydata->cache->ip, cldata[cl].itsip); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:228:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. query_len = sprintf(query, "CONNECT %s:%d HTTP/1.0\r\n\r\n", data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:366:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpbuf, cbuf); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:368:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(txtbuf, cbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:838:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(pbuf, chptr->mode.key); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:870:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmpbei, "%s!%s@%s", lp->value.alist->nick, data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:882:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(parabuf, name); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:919:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(parabuf, name); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:995:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, ":%s NJOIN %s :", me2, chptr->chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1006:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, ":%s NJOIN %s :", me2, chptr->chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1031:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(buf + len, p); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1792:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(pbuf, cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1793:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(upbuf, cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1814:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(pbuf, cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1815:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(upbuf, cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1837:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(pbuf, cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1838:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(upbuf, ucp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1897:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. tmplen = sprintf(nuh, "%s!%s@%s", data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1902:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(pbuf, nuh); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1903:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(upbuf, nuh); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2224:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. len = sprintf(who, "%s!%s@%s", sptr->name, data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2228:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inv->who, who); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2437:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "!%.*s%s", CHIDLEN, get_chid(), data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2482:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(jbuf + i, name); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2843:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(modebuf, mbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2849:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(parabuf, acptr->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2853:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(parabuf, acptr->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2864:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modebuf, mbuf+1); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2865:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(parabuf, acptr->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2976:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(buf, name); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3107:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(nbuf, who->user ? who->user->uid : data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3228:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(chptr->topic_nuh, "%s!%s@%s", sptr->name, data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3556:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pbuf,to); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:163:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(IRCDM4_PATH, R_OK) == -1) data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:189:9: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void)execlp(M4_PATH, "m4", data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:692:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(newhost, "*@%s", aconf->host); data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c:283:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(vbuf, pattern, va); data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:92:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(unixpath, "%s/%d", data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:203:9: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void)execv(IRCD_PATH, myargv); data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:732:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(mp->user->host, mp->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:968:8: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl(IAUTH_PATH, IAUTH, "-X", NULL) < 0) data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:276:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%p %p %p %p %d %d %p (%s)", data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:346:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%d %p %p %p %p (%s)", data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:96:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, tmp); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:459:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(rptr->name, name); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:665:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hostbuf + len, ircd_res.defdname); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:736:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(hp->h_name, hostbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:744:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(*alias++, hostbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:783:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(hp->h_name, hostbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:829:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(*alias++, hostbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:942:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "Bad hostname returned for %s", data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c:400:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ircd_res.defdname, cp + 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c:551:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *)malloc(strlen(cp) + 1), cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:116:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(abuf, pattern, va); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:278:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(iauth_stats->line, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:338:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf, "%c %d %s %u ", start[0], i, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:341:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf, "%c %d %s %u ", start[0], i, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:400:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cptr->auth+1, start+strlen(tbuf)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:591:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(abuf, "%d C %s %u ", cptr->fd, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:594:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(abuf+strlen(abuf), "%s %u", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:598:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(abuf, "%d C %s %u ", cptr->fd, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:600:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(abuf+strlen(abuf), "%s %u", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:750:19: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. char ruser[513], system[8]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:779:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. strncpyzt(system, t, sizeof(system)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:779:31: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. strncpyzt(system, t, sizeof(system)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:784:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. Debug((DEBUG_INFO,"auth reply ok [%s] [%s]", system, ruser)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:817:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!strncmp(system, "OTHER", 5)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:821:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cptr->auth+1, ruser); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:123:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(hname, ircd_res.defdname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:190:2: [4] (format) syslog: If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant format string for syslog. syslog(LOG_WARNING, text, host, strerror(errtmp)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:194:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,text,host,strerror(errtmp)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:311:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void)sprintf(buf, replies[RPL_MYPORTIS], ME, "*", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:399:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(unixpath, "%s/%d", path, port); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:456:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(unixpath, "%s/%d", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:630:8: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl(IAUTH_PATH, IAUTH, NULL) < 0) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:887:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(sockn, (char *)inetntoa((char *)&sk.sin_addr)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:1138:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(abuff, "%s@%s", cptr->username, fullname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:1158:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(abuff, "%s@%s", cptr->username, sockname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2692:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(cptr->serv->by, by->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2695:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cptr->serv->byuid, by->user->uid); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2945:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(line,"/dev/%s", linebuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2963:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(line,"\n\r\007Message from IRC_Daemon@%s at %d:%02d\n\r", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2984:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(line, "ircd: Channel %s, by %s@%s (%s) %s\n\r", chname, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3311:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "udp port recvfrom() from %s to %%s: %%s", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3392:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(s, ME); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3394:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(s, version); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:475:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(uaddr, "%s@%s", cptr->username, sockhost); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:486:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(uhost, "%s@%s", cptr->username, fullname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:984:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(userhost, "%s@%s", user, host); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1020:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(userhost, "%s@%s", cptr->username, cptr->sockhost); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1021:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(userip, "%s@%s", cptr->username, cptr->user->sip); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1371:9: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void)execlp(M4_PATH, "m4", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1426:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void *)strcpy(buf, orig); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1452:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf + j, t); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1461:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf + j, s); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1869:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newhost, "*@%s", aconf->host); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2289:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(reply, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2300:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(reply, ":%%s %%d %%s :%d minute%s%s", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2345:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(rpl, replies[RPL_BOUNCE], ME, "unknown", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c:159:3: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(debugbuf, form, va); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c:169:9: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. (void)vsprintf(debugbuf, form, va); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:249:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sid, conf); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:261:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(uid, "%s%s", me.serv->sid, ltoid(curr_cid, UIDLEN-SIDLEN)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:90:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(buf, "%s %s %d %d -- %02d:%02d %c%02d:%02d", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:186:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nbuf, "%s[%s]", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:189:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nbuf, "%s[%s]", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:196:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(nbuf, "%s[%.*s@%s]", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:214:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nbuf, "%s[%.*s@%s]", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:240:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nbuf, "%s[%s]", cptr->name, ME); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:243:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(nbuf, "%s[%-.*s@%-.*s]", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:588:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comment1, "%s %s", sptr->serv->up->name, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_numeric.c:75:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(buffer, parv[i]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_numeric.c:78:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(buffer, parv[parc-1]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send.c:99:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. oldplen = sprintf(oldprefixbuf, ":%s %s %s", orig->name, imsg, dname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send.c:140:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. newplen = sprintf(newprefixbuf, ":%s %s %s", oname, imsg, dname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send.c:192:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. plen = sprintf(prefixbuf, ":%s %s %s", orig->name, imsg, dname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send.c:213:9: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. slen = vsprintf(suffixbuf, format, va); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send.c:317:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. plen = sprintf(prefixbuf, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:240:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comment2, "%s (by %s)", comment, sptr->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:372:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", id, cptr->info); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:382:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", id, misc); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:523:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ecbuf, "SID collision (%s)", parv[1]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:625:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ecbuf, "SID collision (%s)", parv[3]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:653:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tbuf, "Server %s Exists",host); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:680:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, get_client_name(bcptr, TRUE)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:934:17: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. extern char *crypt(); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:936:10: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. encr = crypt(cptr->passwd, aconf->passwd); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:991:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(mlname, my_name_for_link(ME, aconf->port)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1209:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cptr->serv->sid, sid); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1549:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ttyname,"/dev/%s",linetmp); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1561:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(linebuf,linetmp); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1566:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(linebuf,linetmp); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1817:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"%s[%s]",tmp->name, tmp->host); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1819:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(buf, tmp->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:2609:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(killer, get_client_name(sptr, TRUE)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:2610:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "RESTART by %s", get_client_name(sptr, TRUE)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3181:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(killer, get_client_name(sptr, TRUE)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3702:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pbuf, root->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3855:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. len = sprintf(buf, ":%s ENCAP", sptr->serv->sid); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3867:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. len += sprintf(buf+len, " :%s", parv[i]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3869:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. len += sprintf(buf+len, " %s", parv[i]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:142:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf, fmt+3, va); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:208:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nbuf, "%s!%s@%s", sptr->name, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:288:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(uhost, "%s@%s", cptr->username, s); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:292:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(uhost, "%s@%s", cptr->username, cptr->sockhost); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:438:34: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(sptr->name, "@"), strcat(sptr->name, server); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:309:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(cp, s); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:723:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sptr->user->uid, next_uid()); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:727:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(sptr->name, nick); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:748:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s!%s@%s", nick, user->username, user->host); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:884:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, parv[k]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1100:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "(%s@%s[%s](%s) <- %s@%s[%s])", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1106:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "(%s@%s[%s] <- %s@%s[%s](%s))", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1184:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(sptr->name, nick); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1191:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(sptr->name, nick); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1332:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "(%s@%s)%s <- (%s@%s)%s", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1349:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nick, uid); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1418:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(acptr->name, nick); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1423:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(acptr->user->uid, uid); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1424:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(acptr->user->sip, parv[5]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2026:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(buf + len, chptr->chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2236:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ipbuf, (char *)inetntoa((char *)&sptr->ip)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2239:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(user->sip, ipbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2429:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s (%s)", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2526:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "Local Kill by %s (%s)", sptr->name, parv[2]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2539:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "Killed (%s)", killer); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2623:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy(away, awy2); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2748:16: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. extern char *crypt(); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2750:10: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. encr = crypt(password, aconf->passwd); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2854:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s %sOPER (%s) by (%s!%s@%s)" data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2946:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void)sprintf(buf, replies[RPL_USERHOST], ME, BadTo(parv[0])); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2956:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s%s=%c%s@%s", acptr->name, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2965:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void)sprintf(buf, replies[RPL_USERHOST], data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2999:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void)sprintf(buf, replies[RPL_ISON], ME, BadTo(*parv)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:3011:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(buf + len, acptr->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:3333:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sptr->name, sptr->user->uid); data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas.c:160:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(locked[lk_index].nick, np->ww_nick); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:66:13: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (c=getopt(argc, argv, "mdber:h?l:s:p:")) != -1) data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:304:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:307:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. salt[i] = saltChars[random() % 64]; data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:784:6: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (chroot(ROOT_PATH)!=0) data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:562:12: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. nstmp += lrand48() & 0xffff; data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c:212:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((cp = getenv("LOCALDOMAIN")) != NULL) { data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c:433:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((cp = getenv("RES_OPTIONS")) != NULL) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:1211:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seed); data/ircd-irc2-2.11.2p3~dfsg/common/dbuf.c:210:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(buf, d->data + off, chunk); data/ircd-irc2-2.11.2p3~dfsg/common/dbuf.c:341:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(b, buf, (int)chunk); data/ircd-irc2-2.11.2p3~dfsg/common/dbuf_def.h:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[2032]; /* Actual data stored here */ data/ircd-irc2-2.11.2p3~dfsg/common/irc_sprintf.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dtmpbuf[MAXDIGS]; /* scratch buffer for numbers */ data/ircd-irc2-2.11.2p3~dfsg/common/irc_sprintf_ext.h:35:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char atoo_tab[128] = { data/ircd-irc2-2.11.2p3~dfsg/common/irc_sprintf_ext.h:45:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char atox_tab[512] = { data/ircd-irc2-2.11.2p3~dfsg/common/irc_sprintf_ext.h:78:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char atoxx_tab[512] = { data/ircd-irc2-2.11.2p3~dfsg/common/irc_sprintf_ext.h:111:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char atod_tab[4000] = { data/ircd-irc2-2.11.2p3~dfsg/common/os.h:381:9: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # ifdef bcopy data/ircd-irc2-2.11.2p3~dfsg/common/os.h:382:10: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # undef bcopy data/ircd-irc2-2.11.2p3~dfsg/common/os.h:384:10: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define bcopy(a,b,c) memmove((b),(a),(c)) data/ircd-irc2-2.11.2p3~dfsg/common/os.h:395:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # ifdef memcpy data/ircd-irc2-2.11.2p3~dfsg/common/os.h:396:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # undef memcpy data/ircd-irc2-2.11.2p3~dfsg/common/os.h:398:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d,s,n) bcopy((s),(d),(n)) data/ircd-irc2-2.11.2p3~dfsg/common/os.h:398:24: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d,s,n) bcopy((s),(d),(n)) data/ircd-irc2-2.11.2p3~dfsg/common/parse.c:127:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *para[MPAR+1]; data/ircd-irc2-2.11.2p3~dfsg/common/parse.c:129:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sender[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/parse.c:359:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char servermask[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/parse.c:775:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/common/send.c:31:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sendbuf[2048]; data/ircd-irc2-2.11.2p3~dfsg/common/send.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char psendbuf[2048]; data/ircd-irc2-2.11.2p3~dfsg/common/send.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char notice[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/common/send.c:342:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ausr.username, "anonymous"); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:343:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ausr.uid, "0ANONYM"); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:344:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ausr.host, "anonymous."); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:353:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(anon.namebuf, "anonymous"); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:354:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(anon.username, "anonymous"); data/ircd-irc2-2.11.2p3~dfsg/common/send.c:982:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1111:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[1024]; data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[1024]; data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1187:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). shptr->fd = open(fname, O_WRONLY|O_APPEND|O_NDELAY data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1200:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). userlog = open(FNAME_USERLOG, O_WRONLY|O_APPEND|O_NDELAY data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1214:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). connlog = open(FNAME_CONNLOG, O_WRONLY|O_APPEND|O_NDELAY data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1274:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[1500]; data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1282:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[12]; data/ircd-irc2-2.11.2p3~dfsg/common/send.c:1305:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(buf, "%3d:%02d:%02d", data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:458:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[USERLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:459:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uid[UIDLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:460:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:467:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sip[1]; /* ip as a string, big enough for ipv6 data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:473:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:487:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char by[NICKLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:488:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char byuid[UIDLEN + 1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:489:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sid[SIDLEN + 1];/* The Server ID. */ data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:490:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char verstr[11]; /* server version, PATCHLEVEL format */ data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:508:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dist[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:523:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[NICKLEN+1]; /* nick of the client */ data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:524:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[USERLEN+1]; /* username here now for auth stuff */ data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:534:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZE]; /* Incoming message buffer */ data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:556:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sockhost[HOSTLEN+1]; /* This is the host name from the socket data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:560:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[PASSWDLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:632:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[KEYLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:691:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char topic[TOPICLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:693:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char topic_nuh[BANLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:706:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chname[1]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:31:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipv6string[INET6_ADDRSTRLEN]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:145:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[40]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:153:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errp, "Unknown Error %d", err_no); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:174:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[28]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:207:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char local_ipv6string[INET6_ADDRSTRLEN]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:277:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(local_ipv6string, out, the_size); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:297:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)dst + 12, dst, 4); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:319:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[16]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:327:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(buf, "%d.%d.%d.%d", a,b,c,d ); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char corename[12]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:478:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:499:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(corename, "core.%d", p); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:514:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *marray[100000]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:540:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&ret, ret, SZ_CH); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:541:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&x, ret + SZ_CH, SZ_ST); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:542:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy("VAVA", ret + SZ_CHST + (int)x, 4); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:566:8: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(x, (char *)&cp, SZ_CH); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:567:8: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(x + SZ_CH, (char *)&i, SZ_ST); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:568:8: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(x + (int)i + SZ_CHST, (char *)&k, 4); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:583:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&ret, ret, SZ_CH); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:584:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&y, ret + SZ_CH, SZ_ST); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:585:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy("VAVA", ret + SZ_CHST + (int)y, 4); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:616:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(x, (char *)&j, SZ_CH); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:617:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(x + SZ_CH, (char *)&i, SZ_ST); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:618:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(x + SZ_CHST + (int)i, (char *)k, 4); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:685:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dgbuf[8192]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:719:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(head, buf, n); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:785:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ver[15]; data/ircd-irc2-2.11.2p3~dfsg/common/support.c:789:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ver, "%d.%d", ve, (mi == 99) ? re + 1 : re); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:792:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ver + strlen(ver), ".%d", dv ? mi+1 : mi); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:794:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ver + strlen(ver), "%c%d", DEVLEVEL, dv); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:796:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ver + strlen(ver), "p%d", pl); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:810:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tis[0], data/ircd-irc2-2.11.2p3~dfsg/common/support.c:819:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tis[1], "PENALTY FNC EXCEPTS=e INVEX=I CASEMAPPING=ascii"); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:822:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tis[1], " NETWORK="); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:841:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_WRONLY); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:861:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[HBUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/common/support_ext.h:32:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EXTERN char ipv6string[INET6_ADDRSTRLEN]; data/ircd-irc2-2.11.2p3~dfsg/contrib/ircdwatch/ircdwatch.c:168:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(IRCDWATCH_PID_FILENAME, "w"); data/ircd-irc2-2.11.2p3~dfsg/contrib/ircdwatch/ircdwatch.c:217:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidbuf[PID_LEN]; data/ircd-irc2-2.11.2p3~dfsg/contrib/ircdwatch/ircdwatch.c:220:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(pid_filename, "r"); data/ircd-irc2-2.11.2p3~dfsg/contrib/ircdwatch/ircdwatch.c:229:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pid = atol(pidbuf); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:86:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). length = atoi(optarg); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:90:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rounds = atoi(optarg); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:188:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char salt[3]; data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:196:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[5]; data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:213:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char salt[10]; data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:223:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char salt[10]; data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:231:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char salt[21]; data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:249:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char salt[21]; data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:266:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char salt[31]; data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:267:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[3]; data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:273:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", rounds); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:286:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char salt[31]; data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:287:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[3]; data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:293:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", rounds); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:316:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fd = open("/dev/random", O_RDONLY)) < 0) data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char delimiter[2] = { IRCDCONF_DELIMITER, '\0' }; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:65:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tempus[256]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[TKS_MAXBUFFER]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:87:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tks_logf = fopen(TKSERV_LOGFILE, "a"); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[TKS_MAXBUFFER]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:122:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[TKS_MAXBUFFER]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[TKS_MAXBUFFER]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:163:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *args[TKS_MAXARGS]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ch, buf[TKS_MAXBUFFER+1]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:217:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmp[TKS_MAXBUFFER+1]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:271:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[TKS_MAXBUFFER + 1]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:353:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(TKSERV_ACCESSFILE, "r")) != NULL) data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:355:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[TKS_MAXBUFFER + 1]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:400:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[3]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[TKS_MAXBUFFER + 1]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:409:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(TKSERV_ACCESSFILE, "r")) != NULL) data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:566:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (iconf = fopen(CPATH, "a")) data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:601:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((iconf = fopen(CPATH, "r")) && (iconf_tmp = fopen(TKSERV_IRCD_CONFIG_TMP, "w"))) data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:601:53: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((iconf = fopen(CPATH, "r")) && (iconf_tmp = fopen(TKSERV_IRCD_CONFIG_TMP, "w"))) data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:605:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[TKS_MAXBUFFER + 1]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:606:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_tmp[TKS_MAXBUFFER + 1]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:632:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[TKS_MAXBUFFER + 1]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:662:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[TKS_MAXBUFFER + 1]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:747:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. nuh = (char *) strdup(args[0] + 1); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:748:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. cmd = (char *) strdup(args[3] + 1); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:844:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reason[TKS_MAXKILLREASON]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:884:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lifetime = atoi(args[5]); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:1025:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (ch = (char *) strchr(args[4], '\r')) data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:1047:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *host, *port, buffer[TKS_MAXBUFFER + 1], last_buf[TKS_MAXBUFFER + 1]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:1048:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[TKS_MAXPATH]; data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:1140:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). server.sin_port = htons(atoi(port)); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_conf.c:72:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char o_all[5]; data/ircd-irc2-2.11.2p3~dfsg/iauth/a_conf.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[160], *ch; data/ircd-irc2-2.11.2p3~dfsg/iauth/a_conf.c:87:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cfh = fopen((cfile) ? cfile : IAUTHCONF_PATH, "r"); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_conf.c:169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lfname[80]; data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:37:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char iobuf[IOBUFSIZE+1]; data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rbuf[IOBUFSIZE+1]; /* incoming ircd stream */ data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[4096]; data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:215:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cl = atoi(chp = buf); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:318:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ncl = atoi(chp+2); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:350:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(cldata+cl, cldata+ncl, sizeof(anAuthData)); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:481:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(buf, rbuf, rb_len = strlen(buf)); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:697:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(rbuf, iobuf, iob_len = rb_len); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:782:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errbuf[BUFSIZ]; data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:800:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(minus_one, sk.sin6_addr.s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:815:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(minus_one, sk.sin6_addr.s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io_ext.h:45:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EXTERN char strConn[256]; data/ircd-irc2-2.11.2p3~dfsg/iauth/a_log.c:42:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug = fopen(IAUTHDBG_PATH, "w"); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_log.c:52:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). authlog = fopen(FNAME_AUTHLOG, "a"); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_log.c:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logbuf[4096]; data/ircd-irc2-2.11.2p3~dfsg/iauth/a_struct_def.h:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[USERLEN+1]; /* username */ data/ircd-irc2-2.11.2p3~dfsg/iauth/a_struct_def.h:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[PASSWDLEN+1]; /* password */ data/ircd-irc2-2.11.2p3~dfsg/iauth/a_struct_def.h:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[HOSTLEN+1]; /* hostname */ data/ircd-irc2-2.11.2p3~dfsg/iauth/a_struct_def.h:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char itsip[HOSTLEN+1]; /* client ip */ data/ircd-irc2-2.11.2p3~dfsg/iauth/a_struct_def.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ourip[HOSTLEN+1]; /* our ip */ data/ircd-irc2-2.11.2p3~dfsg/iauth/a_struct_def.h:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idone[BDSIZE]; /* keeping track of instances' work */ data/ircd-irc2-2.11.2p3~dfsg/iauth/iauth.c:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidbuf[32]; data/ircd-irc2-2.11.2p3~dfsg/iauth/iauth.c:140:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (( fd = open(IAUTHPID_PATH, O_CREAT|O_WRONLY, 0600)) >= 0) data/ircd-irc2-2.11.2p3~dfsg/iauth/iauth.c:143:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(pidbuf, "%d\n", (int)getpid()); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_lhex.c:157:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[3+7+6+4+USERLEN+2*HOSTLEN+8+3];/*strlen(atoi(cl))<=8*/ data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_lhex.c:166:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(query, " ident:"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_lhex.c:171:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(query, " host:"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_lhex.c:175:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(query, "\r\n"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_pipe.c:89:15: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. switch (rc = vfork()) data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_pipe.c:98:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portbuf[6]; /* 5 chars to hold the port number */ data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_rfc931.c:170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[32]; data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_rfc931.c:172:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(query, "%u , %u\r\n", cldata[cl].itsport, data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_rfc931.c:212:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (!*ch || atoi(ch) != cldata[cl].itsport) data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_rfc931.c:220:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ch && (!*ch || atoi(ch) != cldata[cl].ourport)) data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:71:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). u_int noproxy, open, closed; data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:273:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(query + 4, ((char *)addr.s6_addr) + 12, 4); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:297:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(query + 4, data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:306:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(query + 4, addr.s6_addr, 16); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:522:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[80], cbuf[32]; data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:523:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char txtbuf[80]; data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:538:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpbuf, "port=%d", self->port); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:542:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",delayed"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:543:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Delayed"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:548:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",log"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:549:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Log"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:554:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",reject"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:555:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Reject"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:560:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",megaparanoid"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:561:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Megaparanoid"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:566:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",paranoid"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:567:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Paranoid"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:572:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",careful"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:573:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Careful"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:578:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",v4only"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:579:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", V4only"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:584:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",v5only"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:585:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", V5only"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:590:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",protocol"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:591:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Protocol"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:605:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mydata->lifetime = atoi(ch+1); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:608:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cbuf, ",cache=%d", mydata->lifetime); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:610:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cbuf, ", Cache %d (min)", mydata->lifetime); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_socks.c:643:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mydata->open, mydata->closed, mydata->noproxy); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:61:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). u_int noproxy, open, closed; data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:202:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[128]; /* big enough to hold all queries */ data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:313:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[80], cbuf[32]; data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:314:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char txtbuf[80]; data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:330:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpbuf, "port=%d", self->port); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:334:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",delayed"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:335:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Delayed"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:340:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",log"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:341:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Log"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:346:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",reject"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:347:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Reject"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:352:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpbuf, ",careful"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:353:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(txtbuf, ", Careful"); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:363:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mydata->lifetime = atoi(ch+6); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:365:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cbuf, ",cache=%d", mydata->lifetime); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:367:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cbuf, ", Cache %d (min)", mydata->lifetime); data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_webproxy.c:400:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mydata->open, mydata->closed, mydata->noproxy); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char asterix[2]="*"; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:79:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:80:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char modebuf[MODEBUFLEN], parabuf[MODEBUFLEN], uparabuf[MODEBUFLEN]; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:734:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: server errors"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:738:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: warnings and notices"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:742:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: operator and server kills"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:746:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: fake modes"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:750:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: numerics received"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:754:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: servers joining and leaving"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:758:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: hash tables growth"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:762:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: notices about local connections"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:766:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: services joining and leaving"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:771:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:777:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:782:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: debug messages [you shouldn't be here! ;)]"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:786:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: wallops received"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:791:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: clients activity"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:796:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chptr->topic, "SERVER MESSAGES: for your trusted eyes only"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:832:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pbuf, "%d ", chptr->mode.limit); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:850:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbei[NICKLEN+1+USERLEN+1+HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1140:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)mode, (char *)&oldm, sizeof(Mode)); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1488:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (!(nusers = atoi(*++parv))) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1666:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *user, *host, numeric[16]; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1750:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(numeric, "%-15d", nusers); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1892:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nuh[NICKLEN+USERLEN+HOSTLEN+3]; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2215:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char who[NICKLEN+USERLEN+HOSTLEN+3]; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2329:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char jbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2379:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (*name == '0' && !atoi(name)) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2497:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (*name == '0' && !atoi(name)) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2649:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbuf[3] /* "ov" */; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2650:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uidbuf[BUFSIZE], *u; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2712:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mbuf, "ov"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2728:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mbuf, "ov"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3006:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[BUFSIZE+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3537:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbuf, chptr->chname, pxlen); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3615:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbuf, acptr->name, nlen); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3715:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pbuf, "* * :"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3768:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbuf, acptr->name, nlen); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:75:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char maxsendq[12]; data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:102:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debugflag = atoi(argv[1]+2); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:207:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(configfile, O_RDONLY); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[512], c[80], *tmp; data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:295:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[512], c[80], *ftop; data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:520:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). aconf->port = atoi(tmp); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:528:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). aconf->class = get_class(atoi(tmp), nr); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:619:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(maxsendq, "%d", QUEUELEN); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:622:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(maxsendq, "%d", atoi(tmp)); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:622:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (void)sprintf(maxsendq, "%d", atoi(tmp)); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:623:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new_class(atoi(aconf->host)); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:624:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). aconf->class = get_class(atoi(aconf->host), nr); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:699:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(maxsendq, "%d", aconf->class->class); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:887:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dgbuf[8192]; data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:921:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(head, buf, n); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:1058:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[512]; data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:1071:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(filename, O_RDONLY)) == -1) data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:1130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[512]; data/ircd-irc2-2.11.2p3~dfsg/ircd/class.c:152:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cidramount = atoi(cidrlen_s); data/ircd-irc2-2.11.2p3~dfsg/ircd/class.c:153:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cidrlen = atoi(tmp); data/ircd-irc2-2.11.2p3~dfsg/ircd/class.c:275:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[64] = ""; data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c:22:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define fopen fbopen data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZE+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c:99:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[FILEMAX + 1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c:148:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(filep, start, (end - start) + 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c:161:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fdn = fopen(file, "r")) == NULL) data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c:189:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->line, line, linelen); data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c:271:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vbuf[8192]; data/ircd-irc2-2.11.2p3~dfsg/ircd/fileio.c:33:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, mode, fmode); data/ircd-irc2-2.11.2p3~dfsg/ircd/fileio.h:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; /* buffer */ data/ircd-irc2-2.11.2p3~dfsg/ircd/fileio.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[BUFSIZ + 1]; /* push back buffer */ data/ircd-irc2-2.11.2p3~dfsg/ircd/hash.c:1482:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). j = atoi(parv[3]); data/ircd-irc2-2.11.2p3~dfsg/ircd/hash.c:1500:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (!strcasecmp(parv[2], "show") && (i = atoi(parv[3]))) data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unixpath[256]; data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:478:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:486:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Kill line active: %.80s", data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:642:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:649:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Kill line active: %.80s", data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:909:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debuglevel = atoi(p); data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:961:11: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. switch (vfork()) data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:1318:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(IRCDDBG_PATH,O_WRONLY|O_CREAT,0600))<0) data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:1319:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("/dev/null", O_WRONLY)) < 0) data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:1439:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:1445:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(filename, O_CREAT|O_WRONLY, 0600)) >= 0) data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:1447:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(buf, "%d\n%d\n%d\n%d\n%d\n%d\n%d\n", ww_size, data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:1470:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:1473:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(filename, O_RDONLY)) != -1) data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:124:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void)strcpy(cptr->username, "unknown"); data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:274:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:344:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:86:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmp[6]; data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:89:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "(NULL)"); data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:95:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "/%d", prefix->bitlen); data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:114:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[INET6_ADDRSTRLEN + 6]; data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:116:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[16 + 6]; data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:140:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefix->add.sin6, dest, 16); data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:151:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefix->add.sin, dest, 4); data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:186:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save[MAXLINE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:213:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bitlen = atol(cp + 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/patricia.c:217:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save, string, cp - string); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hostbuf[HOSTLEN+1+100]; /* +100 for INET6 */ data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:104:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(minus_one, data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:225:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)lp, (char *)&nreq->cinfo, sizeof(Link)); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:431:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hname[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:470:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[128]; data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:479:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(ipbuf, "%u.%u.%u.%u.in-addr.arpa.", data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:485:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(ipbuf, data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:509:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(ipbuf, "%u.%u.%u.%u.in-addr.arpa.", data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:519:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(numb->s6_addr, rptr->addr.s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:520:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)numb->s6_addr, data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:524:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&numb->s_addr, data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:537:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPACKET]; data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:705:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(cp, (char *)&dr, dlen); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:711:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dr.s6_addr+12, cp, 4); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:713:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(dr.s6_addr, adr->s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:715:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(cp, (char *)&dr, dlen); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:851:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[sizeof(HEADER) + MAXPACKET]; data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:858:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:988:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&rptr->cinfo, lp, sizeof(Link)); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:1016:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&rptr->cinfo, lp, sizeof(Link)); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:1062:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&rptr->cinfo, lp, sizeof(Link)); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:1302:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(s, (char *)*--ab, sizeof(struct IN_ADDR)); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:1544:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&rptr->he.h_addr_list[n], s, data/ircd-irc2-2.11.2p3~dfsg/ircd/res_comp.c:533:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstp, srcp, n); data/ircd-irc2-2.11.2p3~dfsg/ircd/res_comp.c:659:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstp, srcp, n + 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/res_def.h:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *h_aliases[MAXALIASES]; /* alias list */ data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDNAME]; data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c:253:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(IRC_RESCONF, "r")) != NULL) { data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c:455:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(cp + sizeof("ndots:") - 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/res_mkquery.c:171:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(data, cp, datalen); data/ircd-irc2-2.11.2p3~dfsg/ircd/resolv_def.h:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */ data/ircd-irc2-2.11.2p3~dfsg/ircd/resolv_def.h:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defdname[256]; /* default domain (deprecated) */ data/ircd-irc2-2.11.2p3~dfsg/ircd/resolv_def.h:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused[3]; data/ircd-irc2-2.11.2p3~dfsg/ircd/resolv_def.h:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[72]; /* on an i386 this means 512b total */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:108:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char abuf[BUFSIZ], *p; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:162:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char obuf[READBUF_SIZE+1], last = '?'; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[READBUF_SIZE+1], *start, *end, tbuf[BUFSIZ]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:176:7: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(obuf, buf, olen); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:204:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ia_dbg = atoi(start+2); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:284:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(iauth_stats->next->line, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:325:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((cptr = local[i = atoi(start+2)]) == NULL) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:483:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(obuf, start, olen); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:589:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abuf[BUFSIZ]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:695:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char authbuf[32]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:711:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(authbuf, "%u , %u\r\n", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:750:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ruser[513], system[8]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:67:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char unixpath[256]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:69:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char readbuf[READBUF_SIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmbuf[BUFSIZE+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:183:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fmbuf, ":%s NOTICE %s :"); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:213:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipname[20]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:235:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(ipname, "%d.%d.%d.%d", ad[0], ad[1], ad[2], ad[3]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:237:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(cptr->sockhost, "%-.42s.%u", ip ? ip : ME, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:275:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(minus_one, server.sin6_addr.s6_addr, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:309:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:319:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(server.sin6_addr.s6_addr, cptr->ip.s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:613:23: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. switch ((iauth_pid = vfork())) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:642:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abuf[BUFSIZ]; /* size of abuf in vsendto_iauth */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:675:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "%d O\n", i); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:753:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logbuf[BUFSIZ]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:803:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("/dev/tty", O_RDWR)) >= 0) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:831:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[20]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:833:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(IRCDPID_PATH, O_CREAT|O_WRONLY, 0600))>=0) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:836:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(buff,"%5d\n", (int)getpid()); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:889:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&sk.SIN_ADDR, (char *)&cptr->ip, sizeof(struct IN_ADDR)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:904:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sockname[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:1087:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abuff[HOSTLEN+USERLEN+2]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:1088:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sockname[HOSTLEN+1], fullname[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:1231:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&cptr->ip, (char *)&c_conf->ipnum, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:1558:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(s, " %02x", *t++); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:1659:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(cptr->ip.s6_addr, blptr->ip.s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:1751:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy ((char *)&addr.SIN_ADDR, (char *)&acptr->ip, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:1856:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&me.ip, (char *)&acptr->ip, sizeof(struct IN_ADDR)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2607:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(hp->h_addr, (char *)&aconf->ipnum, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2701:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void)strcpy(cptr->serv->by, "AutoConn."); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2758:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&outip, &mysk, sizeof(mysk)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2763:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&outip, &mysk, sizeof(mysk)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2789:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(minus_one, aconf->ipnum.s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2803:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(hp->h_addr, (char *)&aconf->ipnum, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2806:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&aconf->ipnum, (char *)&server.SIN_ADDR, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2808:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&aconf->ipnum, (char *)&cptr->ip, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2865:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return (open(UTMP, O_RDONLY|O_NOCTTY)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2867:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return (open(UTMP, O_RDONLY)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2907:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[512]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2948:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(line, O_WRONLY | O_NDELAY | O_NOCTTY)) == -1) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2950:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(line, O_WRONLY | O_NDELAY)) == -1) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2973:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void)strcpy(line, "ircd: You are being summoned to Internet Relay \ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2995:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void)strcpy(line,"ircd: Respond with irc\n\r"); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3019:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmp[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3038:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(minus_one, mysk.sin6_addr.s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3093:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(hp->h_addr, (char *)&mysk.SIN_ADDR, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3121:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(minus_one, from.sin6_addr.s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3210:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(aconf->ipnum.s6_addr, sin.sin6_addr.s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3243:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(buf, (char *)&pi, sizeof(pi)); /* ensure nice byte align. */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3309:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3372:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(s = readbuf, (char *)&pi, MIN(n, sizeof(pi))); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3390:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)&pi, s, MIN(n, sizeof(pi))); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3463:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(hp->h_addr, (char *)&aconf->ipnum, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3475:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(hp->h_addr, (char *)&aconf->ipnum, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:137:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ifsbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:203:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pfsbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:228:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ofsbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:386:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[128]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:469:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uhost[HOSTLEN+USERLEN+2]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:470:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uaddr[HOSTLEN+USERLEN+2]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:478:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[HOSTLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:982:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char userhost[USERLEN+HOSTLEN+3]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1017:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char userhost[USERLEN+HOSTLEN+3]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1018:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char userip[USERLEN+HOSTLEN+3]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1340:9: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. switch(vfork()) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1394:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ret = open(configfile, O_RDONLY)) == -1) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1480:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char quotes[9][2] = {{'b', '\b'}, {'f', '\f'}, {'n', '\n'}, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1496:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[512], c[80]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1721:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). aconf->port = atoi(tmp); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1728:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Class(aconf) = find_class(atoi(tmp)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1759:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(aconf->host) >= 0) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1760:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). add_class(atoi(aconf->host), data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1761:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(aconf->passwd), data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1762:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(aconf->name), aconf->port, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1763:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp ? atoi(tmp) : 0, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1765:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(index(tmp, '.') + 1) : 0, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1766:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp3 ? atoi(tmp3) : 1, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1768:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(index(tmp3, '.') + 1) : 1, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1769:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp4 ? atoi(tmp4) : 1, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1771:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(index(tmp4, '.') + 1) : 1 data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1894:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). aconf->ping->port = atoi(index(tmp2, '.') + 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2024:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(hp->h_addr, (char *)&(aconf->ipnum), data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2029:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(minus_one, aconf->ipnum.s6_addr, IN6ADDRSZ); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2055:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char reply[256]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2343:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpl[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2347:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rpl, "\r\n"); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2371:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (class != atoi(aconf->host)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2416:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int ck = atoi(aconf->passwd); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2490:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp = atoi(s); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2518:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2643:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "Kill line active: %.80s", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2749:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kbuf[2*BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2768:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). kfd = open(KLINE_PATH, O_WRONLY|O_APPEND|O_NDELAY); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c:142:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char debugbuf[2*READBUF_SIZE]; /* needs to be big.. */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:30:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char id_alphabet[CHIDNB+1] = data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:69:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char idrpl[UIDLEN+1]; /* Currently nothing longer should be used. */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:241:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sid[SIDLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:255:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char uid[UIDLEN+1+5]; /* why +5? --Beeth */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:57:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[80], plus; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:65:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)gm, (char *)&gmbuf, sizeof(gmbuf)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:178:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nbuf[HOSTLEN * 2 + USERLEN + 5]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:232:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nbuf[HOSTLEN * 2 + USERLEN + 5]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:281:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char namebuf[HOSTLEN]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:447:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment1[HOSTLEN + HOSTLEN + 2]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:1032:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)ircstp, (char *)sp, sizeof(*sp)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:1122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[80]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:1125:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(filename, O_RDONLY)) == -1) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_numeric.c:32:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_numeric.c:77:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void)strcat(buffer, " :"); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send.c:30:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oldprefixbuf[512]; /* old style server-server prefix */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send.c:31:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newprefixbuf[512]; /* new style server-server prefix */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send.c:32:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prefixbuf[512]; /* server-client prefix */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_send.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char suffixbuf[2048]; /* suffix */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:41:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *check_servername_errors[3][2] = { data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:130:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char comment2[TOPICLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:300:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vers = atoi(version+4); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:519:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ecbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:567:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char info[REALLEN+1], *inpath, *host; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:568:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char versionbuf[11]; /* At least PATCHLEVEL size! */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:620:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ecbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:631:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hop = atoi(parv[2]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:652:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:867:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mlname[HOSTLEN+1], *inpath, *host, *s, *encr; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1296:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int rv = atoi(cptr->serv->verstr); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1322:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eobbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1362:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e, asptr->sid, SIDLEN); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1493:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostbuf[17], namebuf[10], linebuf[10]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1495:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linetmp[10], ttyname[15]; /* Ack */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1831:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char locip[100], *ret; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:2163:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[10],linebuf[10],hostbuf[17]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:2453:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(parv[2]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:2604:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char killer[HOSTLEN * 2 + USERLEN + 5]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3016:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eobbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(e, acptr->serv->sid, SIDLEN); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char killer[HOSTLEN * 2 + USERLEN + 5]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3285:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp = atoi(parv[2]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3337:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp = atoi(parv[2]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3350:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp = atoi(parv[3]); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3851:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv_ext.h:77:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EXTERN const char *check_servername_errors[3][2]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[NICKLEN + USERLEN + HOSTLEN + 3]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:138:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[NICKLEN + USERLEN + HOSTLEN + 3]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:262:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char uhost[HOSTLEN+USERLEN+3]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:612:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE] = "+"; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:654:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modebuf[MODEBUFLEN], parabuf[MODEBUFLEN]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:36:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[BUFSIZE], buf2[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:283:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[BUFSIZ]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:331:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *parv[3]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:337:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char savedusername[USERLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:639:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "K-lined: %.80s", reason); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:846:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nick[NICKLEN+2], *user, *host; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:872:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1097:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1251:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *uid, nick[NICKLEN+2], *user, *host, *realname; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1327:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1427:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pv[4]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1683:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[5]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2205:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[BUFSIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2223:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ((username = (char *)index(parv[1],'@'))) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2255:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sptr->user->flags |= (UFLAGS & atoi(umodes)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2337:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char comment[TOPICLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2847:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (logfile = open(FNAME_OPERLOG, O_WRONLY|O_APPEND data/ircd-irc2-2.11.2p3~dfsg/ircd/s_zip.c:69:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char unzipbuf[UNZIP_BUFFER_SIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_zip.c:70:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char zipbuf[ZIP_BUFFER_SIZE]; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_zip.c:216:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(buffer, cptr->zip->outbuf + cptr->zip->outcount,*length); data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas.c:386:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max = atoi(parv[2]); data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas_def.h:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ww_nick[NICKLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas_def.h:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ww_info[REALLEN+1]; data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas_def.h:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nick[NICKLEN + 1]; data/ircd-irc2-2.11.2p3~dfsg/common/common_def.h:20:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define DupString(x,y) do {x = (char *)MyMalloc(strlen((char *)y) + 1);\ data/ircd-irc2-2.11.2p3~dfsg/common/parse.c:450:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sender) == SIDLEN) data/ircd-irc2-2.11.2p3~dfsg/common/parse.c:865:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = field + strlen(field); data/ircd-irc2-2.11.2p3~dfsg/common/struct_def.h:867:37: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define strncpyzt(x, y, N) do{(void)strncpy(x,y,N);x[N-1]='\0';}while(0) data/ircd-irc2-2.11.2p3~dfsg/common/support.c:44:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = (char *) MyMalloc(strlen(s) + 1); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:733:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(fd, tail, n); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:792:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(ver + strlen(ver), ".%d", dv ? mi+1 : mi); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:794:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(ver + strlen(ver), "%c%d", DEVLEVEL, dv); data/ircd-irc2-2.11.2p3~dfsg/common/support.c:796:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(ver + strlen(ver), "p%d", pl); data/ircd-irc2-2.11.2p3~dfsg/contrib/ircdwatch/ircdwatch.c:109:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0); data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:137:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(saltpara) == 4)) data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:156:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(saltpara) == 2)) data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:232:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (saltpara && (strlen(saltpara) <= 16)) data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:268:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (saltpara && (strlen(saltpara) <= 22)) data/ircd-irc2-2.11.2p3~dfsg/contrib/mkpasswd/mkpasswd.c:321:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read(fd, buf, length) != length) data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:127:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(fd, buffer, strlen(buffer)); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:254:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(fd, buffer, TKS_MAXBUFFER); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:926:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(reason, args[7], TKS_MAXKILLREASON-1); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:933:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(reason, " ", TKS_MAXKILLREASON - strlen(reason) - 1); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:933:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(reason, " ", TKS_MAXKILLREASON - strlen(reason) - 1); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:934:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(reason, args[i], TKS_MAXKILLREASON - strlen(reason) - 1); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:934:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(reason, args[i], TKS_MAXKILLREASON - strlen(reason) - 1); data/ircd-irc2-2.11.2p3~dfsg/contrib/tkserv/tkserv.c:1109:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (connect(fd, (struct sockaddr *) &name, strlen(name.sun_path) + 2) == -1) data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:53:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ibuf, "\n"); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:54:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(0, ibuf, strlen(ibuf)) != strlen(ibuf)) data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:54:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(0, ibuf, strlen(ibuf)) != strlen(ibuf)) data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:480:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf)) data/ircd-irc2-2.11.2p3~dfsg/iauth/a_io.c:481:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bcopy(buf, rbuf, rb_len = strlen(buf)); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_log.c:79:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(logbuf, "\n"); data/ircd-irc2-2.11.2p3~dfsg/iauth/a_log.c:95:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(0, logbuf, strlen(logbuf)); data/ircd-irc2-2.11.2p3~dfsg/iauth/iauth.c:144:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, pidbuf, strlen(pidbuf)) == -1) data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_lhex.c:179:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(cldata[cl].wfd, query, strlen(query)) < 0) data/ircd-irc2-2.11.2p3~dfsg/iauth/mod_rfc931.c:174:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(cldata[cl].wfd, query, strlen(query)) < 0) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:46:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define BanLen(x) ((strlen(x->nick)+strlen(x->user)+strlen(x->host))) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:46:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define BanLen(x) ((strlen(x->nick)+strlen(x->user)+strlen(x->host))) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:46:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define BanLen(x) ((strlen(x->nick)+strlen(x->user)+strlen(x->host))) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:174:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MIN(strlen(nick), NICKLEN) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:185:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MIN(strlen(user), USERLEN) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:196:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MIN(strlen(host), HOSTLEN) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:409:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Reg int sz = sizeof(aChannel) + strlen(chptr->chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:535:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u_int sz = sizeof(aChannel) + strlen(chptr->chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:852:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp = modebuf + strlen(modebuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:860:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count = strlen(modebuf) - 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:876:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(parabuf) + strlen(name) + 10 < (size_t) MODEBUFLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:876:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(parabuf) + strlen(name) + 10 < (size_t) MODEBUFLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:880:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(parabuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:996:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1002:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(p); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1007:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1356:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(lp->value.cp) > data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1691:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1692:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ulen = strlen(upbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1771:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1794:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1795:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ulen += strlen(cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1796:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(pbuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1797:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(upbuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1802:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cp) > (size_t) KEYLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1816:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1817:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ulen += strlen(cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1818:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(pbuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1819:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(upbuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1839:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1840:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ulen += strlen(ucp); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1841:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(pbuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1842:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(upbuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1906:12: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(pbuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1907:12: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(upbuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:1947:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(modebuf) > 1) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2136:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2260:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_banmem -= (strlen(tmp->who)+1); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2278:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = sizeof(aChannel) + strlen(chptr->chname), now = 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2381:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void)strcpy(jbuf, "0"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2472:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(name); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2691:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(chptr->chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2699:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = BUFSIZE - 17 - strlen(parv[0]) - strlen(parv[1]) - NICKLEN; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2699:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = BUFSIZE - 17 - strlen(parv[0]) - strlen(parv[1]) - NICKLEN; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2719:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mbuf, "o"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2734:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mbuf, "o"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2742:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mbuf, "v"); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2844:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cnt += strlen(mbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2847:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(parabuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2852:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(parabuf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2913:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(comment) > TOPICLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2924:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = BUFSIZE - strlen(parv[0]) - 10; data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2965:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) + strlen(name) + 1 data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2965:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) + strlen(name) + 1 data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:2975:12: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(buf, ","); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3019:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(comment) > (size_t) TOPICLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3037:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = BUFSIZE - MAX(strlen(sender), strlen(sptr->name)) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3037:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = BUFSIZE - MAX(strlen(sender), strlen(sptr->name)) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3038:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). - strlen(comment) - 10; /* ":", " KICK ", " " and " :" */ data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3075:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = maxlen - strlen(name) - 1; /* for comma, see down */ data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3095:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nbuf) + (who->user ? UIDLEN : data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3096:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(who->name)) >= clen) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3105:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(nbuf, ","); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3536:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pxlen = strlen(chptr->chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3567:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). - strlen(ME) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3569:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). - strlen(to) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3578:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(acptr->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3720:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). - strlen(ME) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3722:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). - strlen(parv[0]) data/ircd-irc2-2.11.2p3~dfsg/ircd/channel.c:3752:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(acptr->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:235:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). etclen = strlen(IRCDCONF_DIR); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:690:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(aconf->host); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:864:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = field + strlen(field); data/ircd-irc2-2.11.2p3~dfsg/ircd/chkconf.c:935:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read(fd, tail, n); data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c:93:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). linelen = strlen(line); data/ircd-irc2-2.11.2p3~dfsg/ircd/config_read.c:279:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). etclen = strlen(IRCDCONF_DIR); data/ircd-irc2-2.11.2p3~dfsg/ircd/fileio.c:138:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(fb->fd, fb->buf, BUFSIZ); data/ircd-irc2-2.11.2p3~dfsg/ircd/fileio.c:258:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = write(fb->fd, str, strlen(str)); data/ircd-irc2-2.11.2p3~dfsg/ircd/hash.c:1058:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = ((char *)server + strlen(server)) - 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:811:8: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (void)umask(077); /* better safe than sorry --SRB */ data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:924:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tunefile) > 1023 || strlen(mybasename(tunefile)) > 42) data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:924:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tunefile) > 1023 || strlen(mybasename(tunefile)) > 42) data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:1104:23: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void)strcpy(tmp->serv->namebuf, "*"); data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:1450:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, buf, strlen(buf)) == -1) data/ircd-irc2-2.11.2p3~dfsg/ircd/ircd.c:1475:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, buf, 100); /* no panic if this fails.. */ data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:159:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_authmem -= strlen(cptr->auth) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:304:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_awaymem -= (strlen(user->away) + 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:630:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem -= aconf->host ? strlen(aconf->host)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:631:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem -= aconf->passwd ? strlen(aconf->passwd)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:632:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem -= aconf->name ? strlen(aconf->name)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:633:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem -= aconf->name2 ? strlen(aconf->name2)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:635:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem -= aconf->name3 ? strlen(aconf->name3)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:638:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem -= aconf->source_ip ? strlen(aconf->source_ip)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/list.c:643:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bzero(aconf->passwd, strlen(aconf->passwd)); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:435:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hname); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:440:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(hname) + 1 /* dot */ + strlen(ircd_res.defdname)) data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:440:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(hname) + 1 /* dot */ + strlen(ircd_res.defdname)) data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:445:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. (void)strncat(hname, dot, sizeof(hname) - len - 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:447:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. (void)strncat(hname, ircd_res.defdname, sizeof(hname) - len -1); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:458:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rptr->name = (char *)MyMalloc(strlen(name) + 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:648:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hostbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:652:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tmplen = strlen(ircd_res.defdname); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:666:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(ircd_res.defdname); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:761:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hostbuf); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:767:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hostbuf, len, strlen(hostbuf))); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:1833:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nm += strlen(h->h_aliases[i]); data/ircd-irc2-2.11.2p3~dfsg/ircd/res.c:1838:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nm += strlen(h->h_name); data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c:529:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy(ircd_res.defdname, data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c:540:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy(ircd_res.defdname, data/ircd-irc2-2.11.2p3~dfsg/ircd/res_init.c:551:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy((char *)malloc(strlen(cp) + 1), cp); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:53:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cptr->auth) > USERLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:86:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_authmem += strlen(cptr->auth) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:117:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(abuf, "\n"); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:119:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:345:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(tbuf, start, strlen(tbuf))) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:361:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*(start+strlen(tbuf)) == '\0') data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:372:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_authmem -= strlen(cptr->auth) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:376:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cptr->auth = mystrdup(start+strlen(tbuf)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:382:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*(start+strlen(tbuf)) == '\0') data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:393:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_authmem -= strlen(cptr->auth) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:397:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cptr->auth = MyMalloc(strlen(start+strlen(tbuf)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:397:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cptr->auth = MyMalloc(strlen(start+strlen(tbuf)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:400:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(cptr->auth+1, start+strlen(tbuf)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:594:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(abuf+strlen(abuf), "%s %u", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:600:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(abuf+strlen(abuf), "%s %u", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:723:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(cptr->authfd, authbuf, strlen(authbuf)) != strlen(authbuf)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:723:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(cptr->authfd, authbuf, strlen(authbuf)) != strlen(authbuf)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:763:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((len = read(cptr->authfd, cptr->buffer + cptr->count, data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:771:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. (sscanf(cptr->buffer, "%hd , %hd : USERID : %*[^:]: %512s", data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:813:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_authmem -= strlen(cptr->auth) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_auth.c:819:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cptr->auth = MyMalloc(strlen(ruser) + 2); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:103:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (hname[strlen(hname)-1] == '.') data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:105:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hname[strlen(hname)-1] = '\0'; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:119:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ircd_res.defdname) + 2 <= size) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:122:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(hname, "."); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:184:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fmbuf, text, BUFSIZE-strlen(fmbuf)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:184:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fmbuf, text, BUFSIZE-strlen(fmbuf)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:313:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void)write(0, buf, strlen(buf)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:410:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (bind(cptr->fd, (SAP)&un, strlen(unixpath)+2) == -1) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:837:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, buff, strlen(buff)) == -1) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:1135:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_local_domain(fullname, HOSTLEN-strlen(fullname)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2851:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *lenp = strlen(sock.sun_path) + 2; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2874:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(fd, (char *)&ut, sizeof (struct utmp)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2911:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(linebuf) > (size_t) 9) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2965:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, line, strlen(line)) != strlen(line)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2965:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, line, strlen(line)) != strlen(line)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2976:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, line, strlen(line)) != strlen(line)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2976:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, line, strlen(line)) != strlen(line)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2987:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, line, strlen(line)) != strlen(line)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2987:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, line, strlen(line)) != strlen(line)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2997:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, line, strlen(line)) != strlen(line)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:2997:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, line, strlen(line)) != strlen(line)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3047:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_local_domain(name, len - strlen(name)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3071:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_local_domain(tmp, sizeof(tmp) - strlen(tmp)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3291:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = sizeof(readbuf) - strlen(ME) - strlen(version); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3291:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = sizeof(readbuf) - strlen(ME) - strlen(version); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3393:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s)+1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_bsd.c:3395:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:471:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ulen = strlen(cptr->username) + 1; /* for '@' */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:484:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_local_domain(fullname, HOSTLEN - strlen(fullname)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:919:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:950:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(host); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1065:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int namelen = name ? strlen(name) : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1089:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int hostlen = host ? strlen(host) : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1107:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int hostlen = host ? strlen(host) : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1424:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(orig) + 2; /* +2 for '@' and '\0' */ data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1450:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(t); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1458:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(s) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1739:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem += aconf->host ? strlen(aconf->host)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1740:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem += aconf->passwd ? strlen(aconf->passwd)+1 :0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1741:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem += aconf->name ? strlen(aconf->name)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1742:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem += aconf->name2 ? strlen(aconf->name2)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1744:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem += aconf->name3 ? strlen(aconf->name3)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1746:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem += aconf->source_ip ? strlen(aconf->source_ip)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1867:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(aconf->host); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:1939:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tmp) < HOSTLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2093:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(host) > (size_t) HOSTLEN || data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2094:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (name ? strlen(name) : 0) > (size_t) HOSTLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2349:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendto(fd, rpl, strlen(rpl), 0, 0, 0); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2351:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send(fd, rpl, strlen(rpl), 0); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2546:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem += strlen(aconf->name) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2547:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem += strlen(aconf->host) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2548:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_confmem += strlen(aconf->passwd) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2693:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(user) > USERLEN+HOSTLEN+1) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_conf.c:2740:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(reason) > TOPICLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c:461:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d_awm += (strlen(acptr->user->away)+1); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c:489:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d_chhm+=strlen(chptr->chname)+sizeof(aChannel); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c:494:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d_chm += (strlen(chptr->chname) + data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c:508:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d_chbm += strlen(link->value.cp) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c:523:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d_com += aconf->host ? strlen(aconf->host)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c:524:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d_com += aconf->passwd ? strlen(aconf->passwd)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_debug.c:525:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d_com += aconf->name ? strlen(aconf->name)+1 : 0; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:159:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_cchanmem += sizeof(aChannel) + strlen(chptr->chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:190:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_cchanmem -= sizeof(aChannel) +strlen(del->chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:232:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (isdigit(sid[0]) && strlen(sid) == SIDLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:245:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!conf || (strlen(conf) != SIDLEN) || !sid_valid(conf)) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_id.c:296:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (isdigit(uid[0]) && strlen(uid) == UIDLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:296:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void)strncpy(&namebuf[1], name, HOSTLEN - 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:559:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_authmem -= strlen(sptr->auth) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_misc.c:662:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(comment1, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_numeric.c:74:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(buffer, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:230:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int k=TOPICLEN-strlen(sptr->name)-7; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:233:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(comment) > k) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:1844:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = strlen(ret) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3527:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(hostname) > HOSTLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3792:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(BadTo(sptr->name)) - strlen(ME) - 8); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3792:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(BadTo(sptr->name)) - strlen(ME) - 8); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_serv.c:3858:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len + strlen(parv[i]) >= BUFSIZE-2) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:88:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:407:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(parv[1]) + strlen(server) + 2 >= (size_t) HOSTLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:407:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(parv[1]) + strlen(server) + 2 >= (size_t) HOSTLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:438:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(sptr->name, "@"), strcat(sptr->name, server); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_service.c:479:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(info) > REALLEN) info[REALLEN] = '\0'; data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:530:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&user->username[1], buf2, USERLEN); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:533:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(user->username, buf2, USERLEN+1); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:596:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&user->username[1], buf2, USERLEN); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:883:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1392:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void)make_user(acptr, strlen(parv[5])); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:1399:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(realname) > REALLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2003:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = strlen(ME) + strlen(sptr->name) + 6 + strlen(name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2003:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = strlen(ME) + strlen(sptr->name) + 6 + strlen(name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2003:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = strlen(ME) + strlen(sptr->name) + 6 + strlen(name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2011:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len + strlen(chptr->chname) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2027:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(chptr->chname); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2028:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(buf + len, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2164:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nick) > (size_t) NICKLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2238:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). user = make_user(sptr, strlen(ipbuf)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2304:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(realname) > REALLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2346:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void) strcat(comment, "\""); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2375:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (IsAnOper(cptr) && strlen(path) > (size_t) TOPICLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2572:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_awaymem -= (strlen(away) + 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2592:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len = strlen(awy2)) > (size_t) TOPICLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2606:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_awaymem -= (strlen(away) + 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2872:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void)write(logfile, buf, strlen(buf)); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2918:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2919:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, parv[3], 100); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2922:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2923:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buf, parv[4], 5); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2947:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2955:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void)strcat(buf, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2960:10: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. (void)strncat(buf, buf2, sizeof(buf) - len); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2961:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(buf2); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:2967:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:3000:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:3005:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(acptr->name); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:3013:11: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void) strcpy(buf + len++, " "); data/ircd-irc2-2.11.2p3~dfsg/ircd/s_user.c:3105:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_awaymem -= (strlen(sptr->user->away) + 1); data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas.c:123:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_wwawaysmem -=strlen(np->ww_user->away) data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas.c:343:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). istat.is_wwawaysmem += strlen(cptr->user->away) + 1; data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas.c:422:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nick) > (size_t) NICKLEN) data/ircd-irc2-2.11.2p3~dfsg/ircd/whowas.c:464:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). am += (strlen(tmp->away)+1); ANALYSIS SUMMARY: Hits = 1083 Lines analyzed = 53457 in approximately 1.52 seconds (35161 lines/second) Physical Source Lines of Code (SLOC) = 39105 Hits@level = [0] 248 [1] 284 [2] 545 [3] 8 [4] 241 [5] 5 Hits@level+ = [0+] 1331 [1+] 1083 [2+] 799 [3+] 254 [4+] 246 [5+] 5 Hits/KSLOC@level+ = [0+] 34.0366 [1+] 27.6947 [2+] 20.4322 [3+] 6.49533 [4+] 6.29076 [5+] 0.127861 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.