Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/krb5-1.18.3/doc/doxy_examples/tkt_creds.c
Examining data/krb5-1.18.3/doc/doxy_examples/error_message.c
Examining data/krb5-1.18.3/doc/doxy_examples/cc_unique.c
Examining data/krb5-1.18.3/doc/doxy_examples/cc_set_config.c
Examining data/krb5-1.18.3/doc/doxy_examples/verify_init_creds.c
Examining data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c
Examining data/krb5-1.18.3/src/plugins/authdata/greet_server/greet_auth.c
Examining data/krb5-1.18.3/src/plugins/authdata/greet_client/greet.c
Examining data/krb5-1.18.3/src/plugins/kdcpolicy/test/main.c
Examining data/krb5-1.18.3/src/plugins/localauth/test/main.c
Examining data/krb5-1.18.3/src/plugins/audit/kdc_j_encode.c
Examining data/krb5-1.18.3/src/plugins/audit/kdc_j_encode.h
Examining data/krb5-1.18.3/src/plugins/audit/simple/au_simple_main.c
Examining data/krb5-1.18.3/src/plugins/audit/test/au_test.c
Examining data/krb5-1.18.3/src/plugins/audit/j_dict.h
Examining data/krb5-1.18.3/src/plugins/tls/k5tls/notls.c
Examining data/krb5-1.18.3/src/plugins/tls/k5tls/openssl.c
Examining data/krb5-1.18.3/src/plugins/pwqual/test/main.c
Examining data/krb5-1.18.3/src/plugins/hostrealm/test/main.c
Examining data/krb5-1.18.3/src/plugins/kadm5_hook/test/main.c
Examining data/krb5-1.18.3/src/plugins/certauth/test/main.c
Examining data/krb5-1.18.3/src/plugins/preauth/spake/iana.c
Examining data/krb5-1.18.3/src/plugins/preauth/spake/t_vectors.c
Examining data/krb5-1.18.3/src/plugins/preauth/spake/trace.h
Examining data/krb5-1.18.3/src/plugins/preauth/spake/spake_client.c
Examining data/krb5-1.18.3/src/plugins/preauth/spake/groups.c
Examining data/krb5-1.18.3/src/plugins/preauth/spake/util.h
Examining data/krb5-1.18.3/src/plugins/preauth/spake/groups.h
Examining data/krb5-1.18.3/src/plugins/preauth/spake/iana.h
Examining data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519_tables.h
Examining data/krb5-1.18.3/src/plugins/preauth/spake/openssl.c
Examining data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519_fiat.h
Examining data/krb5-1.18.3/src/plugins/preauth/spake/spake_kdc.c
Examining data/krb5-1.18.3/src/plugins/preauth/spake/util.c
Examining data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c
Examining data/krb5-1.18.3/src/plugins/preauth/test/kdctest.c
Examining data/krb5-1.18.3/src/plugins/preauth/test/cltest.c
Examining data/krb5-1.18.3/src/plugins/preauth/test/common.h
Examining data/krb5-1.18.3/src/plugins/preauth/test/common.c
Examining data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid_sam2_main.c
Examining data/krb5-1.18.3/src/plugins/preauth/securid_sam2/extern.h
Examining data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c
Examining data/krb5-1.18.3/src/plugins/preauth/securid_sam2/grail.c
Examining data/krb5-1.18.3/src/plugins/preauth/otp/otp_state.h
Examining data/krb5-1.18.3/src/plugins/preauth/otp/otp_state.c
Examining data/krb5-1.18.3/src/plugins/preauth/otp/main.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_matching.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_accessor.h
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit.h
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_profile.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_accessor.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_lib.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_kdf_test.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_identity.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_kdf_constants.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_srv.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_clnt.c
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_trace.h
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto.h
Examining data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.h
Examining data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c
Examining data/krb5-1.18.3/src/plugins/kdb/lmdb/lockout.c
Examining data/krb5-1.18.3/src/plugins/kdb/lmdb/klmdb-int.h
Examining data/krb5-1.18.3/src/plugins/kdb/lmdb/marshal.c
Examining data/krb5-1.18.3/src/plugins/kdb/test/kdb_test.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/kdb_xdr.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/adb_policy.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/kdb_db2.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/kdb_db2.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/lockout.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/page.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_debug.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_log2.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hsearch.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_func.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/extern.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/search.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/dbm.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-queue.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-dbm.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/config.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-ndbm.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_debug.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_search.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/btree.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_put.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_get.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_delete.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_close.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_utils.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_conv.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_overflow.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/extern.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_page.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/db/db.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tverify.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tread2.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/bigtest.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/mpool/mpool.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/mpool/mpool.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_get.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_close.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_seq.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_search.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_utils.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/extern.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_open.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_delete.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/recno.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/policy_db.h
Examining data/krb5-1.18.3/src/plugins/kdb/db2/pol_xdr.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/db2_exp.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/adb_openclose.c
Examining data/krb5-1.18.3/src/plugins/kdb/db2/kdb_xdr.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_main.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h
Examining data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_exp.c
Examining data/krb5-1.18.3/src/plugins/kadm5_auth/test/main.c
Examining data/krb5-1.18.3/src/include/gssrpc/pmap_clnt.h
Examining data/krb5-1.18.3/src/include/gssrpc/auth_gssapi.h
Examining data/krb5-1.18.3/src/include/gssrpc/rpc.h
Examining data/krb5-1.18.3/src/include/gssrpc/svc_auth.h
Examining data/krb5-1.18.3/src/include/gssrpc/clnt.h
Examining data/krb5-1.18.3/src/include/gssrpc/xdr.h
Examining data/krb5-1.18.3/src/include/gssrpc/svc.h
Examining data/krb5-1.18.3/src/include/gssrpc/pmap_prot.h
Examining data/krb5-1.18.3/src/include/gssrpc/rpc_msg.h
Examining data/krb5-1.18.3/src/include/gssrpc/auth_gss.h
Examining data/krb5-1.18.3/src/include/gssrpc/rename.h
Examining data/krb5-1.18.3/src/include/gssrpc/netdb.h
Examining data/krb5-1.18.3/src/include/gssrpc/pmap_rmt.h
Examining data/krb5-1.18.3/src/include/gssrpc/auth.h
Examining data/krb5-1.18.3/src/include/gssrpc/auth_unix.h
Examining data/krb5-1.18.3/src/include/fake-addrinfo.h
Examining data/krb5-1.18.3/src/include/socket-utils.h
Examining data/krb5-1.18.3/src/include/k5-platform.h
Examining data/krb5-1.18.3/src/include/k5-buf.h
Examining data/krb5-1.18.3/src/include/k5-ipc_stream.h
Examining data/krb5-1.18.3/src/include/adm_proto.h
Examining data/krb5-1.18.3/src/include/k5-spake.h
Examining data/krb5-1.18.3/src/include/win-mac.h
Examining data/krb5-1.18.3/src/include/k5-base64.h
Examining data/krb5-1.18.3/src/include/k5-gmt_mktime.h
Examining data/krb5-1.18.3/src/include/k5-int-pkinit.h
Examining data/krb5-1.18.3/src/include/k5-hex.h
Examining data/krb5-1.18.3/src/include/krb5.h
Examining data/krb5-1.18.3/src/include/k5-thread.h
Examining data/krb5-1.18.3/src/include/k5-queue.h
Examining data/krb5-1.18.3/src/include/k5-json.h
Examining data/krb5-1.18.3/src/include/k5-input.h
Examining data/krb5-1.18.3/src/include/k5-unicode.h
Examining data/krb5-1.18.3/src/include/k5-err.h
Examining data/krb5-1.18.3/src/include/iprop.h
Examining data/krb5-1.18.3/src/include/k5-utf8.h
Examining data/krb5-1.18.3/src/include/k5-plugin.h
Examining data/krb5-1.18.3/src/include/kdb_log.h
Examining data/krb5-1.18.3/src/include/port-sockets.h
Examining data/krb5-1.18.3/src/include/k5-tls.h
Examining data/krb5-1.18.3/src/include/kdb.h
Examining data/krb5-1.18.3/src/include/foreachaddr.h
Examining data/krb5-1.18.3/src/include/gssapi.h
Examining data/krb5-1.18.3/src/include/k5-cmocka.h
Examining data/krb5-1.18.3/src/include/krb5/authdata_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/audit_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/plugin.h
Examining data/krb5-1.18.3/src/include/krb5/certauth_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/ccselect_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/clpreauth_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/kadm5_hook_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/preauth_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/kadm5_auth_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/locate_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/kdcpreauth_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/pwqual_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/localauth_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/hostrealm_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/kdcpolicy_plugin.h
Examining data/krb5-1.18.3/src/include/krb5/kdcauthdata_plugin.h
Examining data/krb5-1.18.3/src/include/CredentialsCache.h
Examining data/krb5-1.18.3/src/include/k5-util.h
Examining data/krb5-1.18.3/src/include/krad.h
Examining data/krb5-1.18.3/src/include/kdb_kt.h
Examining data/krb5-1.18.3/src/include/CredentialsCache2.h
Examining data/krb5-1.18.3/src/include/kcm.h
Examining data/krb5-1.18.3/src/include/k5-hashtab.h
Examining data/krb5-1.18.3/src/include/iprop_hdr.h
Examining data/krb5-1.18.3/src/include/k5-trace.h
Examining data/krb5-1.18.3/src/include/copyright.h
Examining data/krb5-1.18.3/src/include/net-server.h
Examining data/krb5-1.18.3/src/include/k5-int.h
Examining data/krb5-1.18.3/src/patchlevel.h
Examining data/krb5-1.18.3/src/appl/simple/client/sim_client.c
Examining data/krb5-1.18.3/src/appl/simple/simple.h
Examining data/krb5-1.18.3/src/appl/simple/server/sim_server.c
Examining data/krb5-1.18.3/src/appl/sample/sample.h
Examining data/krb5-1.18.3/src/appl/sample/sclient/sclient.c
Examining data/krb5-1.18.3/src/appl/sample/sserver/sserver.c
Examining data/krb5-1.18.3/src/appl/user_user/server.c
Examining data/krb5-1.18.3/src/appl/user_user/client.c
Examining data/krb5-1.18.3/src/appl/gss-sample/gss-client.c
Examining data/krb5-1.18.3/src/appl/gss-sample/gss-misc.c
Examining data/krb5-1.18.3/src/appl/gss-sample/gss-misc.h
Examining data/krb5-1.18.3/src/appl/gss-sample/gss-server.c
Examining data/krb5-1.18.3/src/windows/include/leasherr.h
Examining data/krb5-1.18.3/src/windows/include/loadfuncs-com_err.h
Examining data/krb5-1.18.3/src/windows/include/loadfuncs-profile.h
Examining data/krb5-1.18.3/src/windows/include/loadfuncs-krb5.h
Examining data/krb5-1.18.3/src/windows/include/loadfuncs-lsa.h
Examining data/krb5-1.18.3/src/windows/include/loadfuncs-leash.h
Examining data/krb5-1.18.3/src/windows/include/leashinfo.h
Examining data/krb5-1.18.3/src/windows/include/leashwin.h
Examining data/krb5-1.18.3/src/windows/include/loadfuncs.h
Examining data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c
Examining data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.h
Examining data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c
Examining data/krb5-1.18.3/src/windows/kfwlogon/kfwcpcc.c
Examining data/krb5-1.18.3/src/windows/winlevel.h
Examining data/krb5-1.18.3/src/windows/ms2mit/ms2mit.c
Examining data/krb5-1.18.3/src/windows/ms2mit/mit2ms.c
Examining data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp
Examining data/krb5-1.18.3/src/windows/installer/wix/custom/custom.h
Examining data/krb5-1.18.3/src/windows/leashdll/resource.h
Examining data/krb5-1.18.3/src/windows/leashdll/lshfunc.c
Examining data/krb5-1.18.3/src/windows/leashdll/winutil.c
Examining data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c
Examining data/krb5-1.18.3/src/windows/leashdll/leashdll.h
Examining data/krb5-1.18.3/src/windows/leashdll/leashdll.c
Examining data/krb5-1.18.3/src/windows/leashdll/leasherr.c
Examining data/krb5-1.18.3/src/windows/leashdll/reminder.h
Examining data/krb5-1.18.3/src/windows/leashdll/krb5routines.c
Examining data/krb5-1.18.3/src/windows/leashdll/timesync.c
Examining data/krb5-1.18.3/src/windows/leashdll/leash-int.h
Examining data/krb5-1.18.3/src/windows/leashdll/leashids.h
Examining data/krb5-1.18.3/src/windows/leashdll/winerr.c
Examining data/krb5-1.18.3/src/windows/leashdll/lshutil.cpp
Examining data/krb5-1.18.3/src/windows/lib/cacheapi.h
Examining data/krb5-1.18.3/src/windows/lib/loadfuncs.c
Examining data/krb5-1.18.3/src/windows/leash/Lglobals.h
Examining data/krb5-1.18.3/src/windows/leash/LeashView.h
Examining data/krb5-1.18.3/src/windows/leash/resource.h
Examining data/krb5-1.18.3/src/windows/leash/LeashDebugWindow.h
Examining data/krb5-1.18.3/src/windows/leash/LeashFrame.h
Examining data/krb5-1.18.3/src/windows/leash/out2con.cpp
Examining data/krb5-1.18.3/src/windows/leash/LeashDebugWindow.cpp
Examining data/krb5-1.18.3/src/windows/leash/LeashDoc.cpp
Examining data/krb5-1.18.3/src/windows/leash/Leash.h
Examining data/krb5-1.18.3/src/windows/leash/LeashMessageBox.h
Examining data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp
Examining data/krb5-1.18.3/src/windows/leash/LeashFrame.cpp
Examining data/krb5-1.18.3/src/windows/leash/reminder.h
Examining data/krb5-1.18.3/src/windows/leash/LeashUICommandHandler.h
Examining data/krb5-1.18.3/src/windows/leash/LeashUIApplication.cpp
Examining data/krb5-1.18.3/src/windows/leash/StdAfx.cpp
Examining data/krb5-1.18.3/src/windows/leash/LeashDoc.h
Examining data/krb5-1.18.3/src/windows/leash/MainFrm.cpp
Examining data/krb5-1.18.3/src/windows/leash/KrbListTickets.cpp
Examining data/krb5-1.18.3/src/windows/leash/LeashAboutBox.h
Examining data/krb5-1.18.3/src/windows/leash/LeashView.cpp
Examining data/krb5-1.18.3/src/windows/leash/StdAfx.h
Examining data/krb5-1.18.3/src/windows/leash/LeashMessageBox.cpp
Examining data/krb5-1.18.3/src/windows/leash/MainFrm.h
Examining data/krb5-1.18.3/src/windows/leash/LeashUIApplication.h
Examining data/krb5-1.18.3/src/windows/leash/out2con.h
Examining data/krb5-1.18.3/src/windows/leash/LeashUICommandHandler.cpp
Examining data/krb5-1.18.3/src/windows/leash/Leash.cpp
Examining data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c
Examining data/krb5-1.18.3/src/lib/gssapi/spnego/gssapiP_spnego.h
Examining data/krb5-1.18.3/src/lib/gssapi/spnego/spnego_mech.c
Examining data/krb5-1.18.3/src/lib/gssapi/spnego/gssapiP_negoex.h
Examining data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_trace.c
Examining data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_ctx.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/s4u_gss_glue.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/compare_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/lucid_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/process_context_token.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/set_ccache.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/context_time.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/gssapi_krb5.h
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/export_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/rel_oid.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/inq_names.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/acquire_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/export_sec_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/val_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/canon_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/util_seed.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/util_seqnum.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/prf.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/rel_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/init_sec_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/wrap_size_limit.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/import_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/util_cksum.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/accept_sec_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/delete_sec_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/duplicate_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealiov.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/util_crypt.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3iov.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/cred_store.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/disp_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/k5seal.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/export_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/krb5_gss_glue.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/naming_exts.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/import_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/ser_sctx.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/inq_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/iakerb.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/k5unsealiov.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/copy_ccache.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/disp_status.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/store_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/inq_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/rel_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/gssapiP_krb5.h
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/indicate_mechs.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/gssapi_krb5.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/k5unseal.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/import_sec_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/get_tkt_flags.c
Examining data/krb5-1.18.3/src/lib/gssapi/krb5/set_allowable_enctypes.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_canon_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_store_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_negoex.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_wrap_aead.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_del_name_attr.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_rel_name_mapping.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_saslname.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_imp_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_context_time.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_inq_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_export_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_seal.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_imp_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/mechglue.h
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_init_sec_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_rel_oid_set.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_get_name_attr.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_compare_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_imp_sec_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_inq_context_oid.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_rel_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_rel_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_export_name_comp.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_inq_cred_oid.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_sign.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_mechname.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_mech_invoke.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_delete_sec_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_set_neg_mechs.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_set_name_attr.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_process_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_set_context_option.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_wrap_iov.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_mechattr.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_verify.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_oid_ops.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_accept_sec_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_dup_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_map_name_to_any.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_export_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_prf.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_unseal.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/mglueP.h
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_inq_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_complete_auth_token.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_decapsulate_token.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_buffer_set.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_set_cred_option.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_authorize_localname.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_acquire_cred.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_inq_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_unwrap_aead.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_encapsulate_token.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_dsp_name.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_inq_names.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_rel_buffer.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_dsp_status.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_unwrap_iov.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_glue.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_dsp_name_ext.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_exp_sec_context.c
Examining data/krb5-1.18.3/src/lib/gssapi/mechglue/g_initialize.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/util_buffer_set.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/util_buffer.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/oid_ops.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/gssapiP_generic.h
Examining data/krb5-1.18.3/src/lib/gssapi/generic/gssapi_ext.h
Examining data/krb5-1.18.3/src/lib/gssapi/generic/t_seqstate.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/util_seqstate.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/gssapi_alloc.h
Examining data/krb5-1.18.3/src/lib/gssapi/generic/gssapi_generic.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/rel_buffer.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/disp_com_err_status.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/rel_oid_set.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/util_errmap.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/util_set.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/gssapi_generic.h
Examining data/krb5-1.18.3/src/lib/gssapi/generic/disp_major_status.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/maptest.c
Examining data/krb5-1.18.3/src/lib/gssapi/generic/util_token.c
Examining data/krb5-1.18.3/src/lib/apputils/udppktinfo.c
Examining data/krb5-1.18.3/src/lib/apputils/udppktinfo.h
Examining data/krb5-1.18.3/src/lib/apputils/net-server.c
Examining data/krb5-1.18.3/src/lib/apputils/daemon.c
Examining data/krb5-1.18.3/src/lib/krad/t_remote.c
Examining data/krb5-1.18.3/src/lib/krad/packet.c
Examining data/krb5-1.18.3/src/lib/krad/t_attr.c
Examining data/krb5-1.18.3/src/lib/krad/remote.c
Examining data/krb5-1.18.3/src/lib/krad/internal.h
Examining data/krb5-1.18.3/src/lib/krad/t_test.h
Examining data/krb5-1.18.3/src/lib/krad/client.c
Examining data/krb5-1.18.3/src/lib/krad/t_packet.c
Examining data/krb5-1.18.3/src/lib/krad/t_code.c
Examining data/krb5-1.18.3/src/lib/krad/t_daemon.h
Examining data/krb5-1.18.3/src/lib/krad/t_client.c
Examining data/krb5-1.18.3/src/lib/krad/t_test.c
Examining data/krb5-1.18.3/src/lib/krad/code.c
Examining data/krb5-1.18.3/src/lib/krad/t_attrset.c
Examining data/krb5-1.18.3/src/lib/krad/attr.c
Examining data/krb5-1.18.3/src/lib/krad/attrset.c
Examining data/krb5-1.18.3/src/lib/kadm5/alt_prof.c
Examining data/krb5-1.18.3/src/lib/kadm5/admin_xdr.h
Examining data/krb5-1.18.3/src/lib/kadm5/misc_free.c
Examining data/krb5-1.18.3/src/lib/kadm5/str_conv.c
Examining data/krb5-1.18.3/src/lib/kadm5/clnt/client_init.c
Examining data/krb5-1.18.3/src/lib/kadm5/clnt/clnt_privs.c
Examining data/krb5-1.18.3/src/lib/kadm5/clnt/clnt_policy.c
Examining data/krb5-1.18.3/src/lib/kadm5/clnt/client_handle.c
Examining data/krb5-1.18.3/src/lib/kadm5/clnt/clnt_chpass_util.c
Examining data/krb5-1.18.3/src/lib/kadm5/clnt/client_rpc.c
Examining data/krb5-1.18.3/src/lib/kadm5/clnt/client_principal.c
Examining data/krb5-1.18.3/src/lib/kadm5/clnt/client_internal.h
Examining data/krb5-1.18.3/src/lib/kadm5/chpass_util.c
Examining data/krb5-1.18.3/src/lib/kadm5/admin_internal.h
Examining data/krb5-1.18.3/src/lib/kadm5/srv/server_init.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/pwqual_empty.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/svr_principal.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/svr_iters.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/server_misc.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/kadm5_hook.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/pwqual.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/svr_policy.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/server_handle.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/pwqual_dict.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/adb_xdr.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/pwqual_princ.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/pwqual_hesiod.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/svr_chpass_util.c
Examining data/krb5-1.18.3/src/lib/kadm5/srv/server_kdb.c
Examining data/krb5-1.18.3/src/lib/kadm5/server_internal.h
Examining data/krb5-1.18.3/src/lib/kadm5/kadm_rpc.h
Examining data/krb5-1.18.3/src/lib/kadm5/admin.h
Examining data/krb5-1.18.3/src/lib/kadm5/kadm_rpc_xdr.c
Examining data/krb5-1.18.3/src/lib/kadm5/unit-test/setkey-test.c
Examining data/krb5-1.18.3/src/lib/kadm5/unit-test/lock-test.c
Examining data/krb5-1.18.3/src/lib/kadm5/unit-test/destroy-test.c
Examining data/krb5-1.18.3/src/lib/kadm5/unit-test/handle-test.c
Examining data/krb5-1.18.3/src/lib/kadm5/unit-test/iter-test.c
Examining data/krb5-1.18.3/src/lib/kadm5/unit-test/init-test.c
Examining data/krb5-1.18.3/src/lib/kadm5/unit-test/randkey-test.c
Examining data/krb5-1.18.3/src/lib/kadm5/logger.c
Examining data/krb5-1.18.3/src/lib/win_glue.c
Examining data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucdata.h
Examining data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucdata.c
Examining data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucpgba.c
Examining data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/uctable.h
Examining data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c
Examining data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucpgba.h
Examining data/krb5-1.18.3/src/lib/krb5/unicode/ucstr.c
Examining data/krb5-1.18.3/src/lib/krb5/unicode/ure/ure.h
Examining data/krb5-1.18.3/src/lib/krb5/unicode/ure/ure.c
Examining data/krb5-1.18.3/src/lib/krb5/unicode/ure/urestubs.c
Examining data/krb5-1.18.3/src/lib/krb5/unicode/utbm/utbmstub.c
Examining data/krb5-1.18.3/src/lib/krb5/unicode/utbm/utbm.h
Examining data/krb5-1.18.3/src/lib/krb5/unicode/utbm/utbm.c
Examining data/krb5-1.18.3/src/lib/krb5/krb5_libinit.c
Examining data/krb5-1.18.3/src/lib/krb5/asn.1/asn1_encode.h
Examining data/krb5-1.18.3/src/lib/krb5/asn.1/krbasn1.h
Examining data/krb5-1.18.3/src/lib/krb5/asn.1/asn1_encode.c
Examining data/krb5-1.18.3/src/lib/krb5/asn.1/ldap_key_seq.c
Examining data/krb5-1.18.3/src/lib/krb5/asn.1/asn1_k_encode.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/ai_authdata.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/gic_keytab.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_valid_times.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/kfree.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_authdata.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/enc_helper.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/ser_actx.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/ser_key.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/response_items.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/deltat.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_ser.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/copy_addrs.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/fast.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/copy_athctr.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/rd_safe.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_vfy_increds.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/copy_data.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/recvauth.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/gen_seqnum.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/privsafe.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/auth_con.h
Examining data/krb5-1.18.3/src/lib/krb5/krb/mk_req.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/fast.h
Examining data/krb5-1.18.3/src/lib/krb5/krb/copy_auth.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/vfy_increds.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/str_conv.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/init_ctx.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/ser_addr.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/conv_creds.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/init_keyblock.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/srv_rcache.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/gen_save_subkey.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/tgtname.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/preauth_otp.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/rd_priv.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/preauth_sam2.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/cp_key_cnt.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/get_etype_info.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_ad_fx_armor.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/auth_con.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/princ_comp.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/encrypt_tk.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/authdata_enc.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/send_tgs.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/strptime.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/etype_list.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/rd_error.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/parse.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/plugin.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/authdata.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/mk_safe.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/rd_req.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/preauth2.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/authdata_dec.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_princ.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/enc_keyhelper.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/addr_order.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/vic_opt.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_deltat.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_cc_config.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/val_renew.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_in_ccache.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/chpw.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/ser_ctx.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/pr_to_salt.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_etypes.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/kerrs.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/ser_princ.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/parse_host_string.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/preauth_encts.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/s4u_creds.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/gic_opt.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/copy_tick.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_sname_match.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/libdef_parse.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/bld_princ.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/allow_weak.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/appdefault.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/ser_adata.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/srv_dec_tkt.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/fwd_tgt.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/addr_srch.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_expand.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/copy_cksum.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_walk_rtree.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/rd_rep.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/get_creds.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_parse_host_string.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_kerb.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/sname_match.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/mk_req_ext.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_pac.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_response_items.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/cammac_util.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/copy_princ.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/copy_ctx.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/encode_kdc.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/addr_comp.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_get_etype_info.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/preauth_ec.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/padata.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_copy_context.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/mk_rep.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/random_str.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/copy_key.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/rd_req_dec.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/serialize.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/t_expire_warn.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/mk_priv.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/authdata_exp.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/in_tkt_sky.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/kdc_rep_dc.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/valid_times.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/decode_kdc.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/gc_via_tkt.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/pac.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/sendauth.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/int-proto.h
Examining data/krb5-1.18.3/src/lib/krb5/krb/pac_sign.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/decrypt_tk.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/copy_creds.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/walk_rtree.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/brand.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/rd_cred.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/init_creds_ctx.h
Examining data/krb5-1.18.3/src/lib/krb5/krb/unparse.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/gen_subkey.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/set_realm.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/gic_pwd.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/ser_cksum.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/authdata.h
Examining data/krb5-1.18.3/src/lib/krb5/krb/mk_error.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/preauth_pkinit.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/s4u_authdata.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/bld_pr_ext.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/ser_auth.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/chk_trans.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/mk_cred.c
Examining data/krb5-1.18.3/src/lib/krb5/krb/get_in_tkt.c
Examining data/krb5-1.18.3/src/lib/krb5/posix/syslog.c
Examining data/krb5-1.18.3/src/lib/krb5/krb5_libinit.h
Examining data/krb5-1.18.3/src/lib/krb5/keytab/ktdefault.c
Examining data/krb5-1.18.3/src/lib/krb5/keytab/t_keytab.c
Examining data/krb5-1.18.3/src/lib/krb5/keytab/ktfr_entry.c
Examining data/krb5-1.18.3/src/lib/krb5/keytab/ktremove.c
Examining data/krb5-1.18.3/src/lib/krb5/keytab/ktfns.c
Examining data/krb5-1.18.3/src/lib/krb5/keytab/ktadd.c
Examining data/krb5-1.18.3/src/lib/krb5/keytab/read_servi.c
Examining data/krb5-1.18.3/src/lib/krb5/keytab/kt-int.h
Examining data/krb5-1.18.3/src/lib/krb5/keytab/kt_memory.c
Examining data/krb5-1.18.3/src/lib/krb5/keytab/ktbase.c
Examining data/krb5-1.18.3/src/lib/krb5/keytab/kt_file.c
Examining data/krb5-1.18.3/src/lib/krb5/rcache/rc-int.h
Examining data/krb5-1.18.3/src/lib/krb5/rcache/memrcache.h
Examining data/krb5-1.18.3/src/lib/krb5/rcache/rc_dfl.c
Examining data/krb5-1.18.3/src/lib/krb5/rcache/rc_none.c
Examining data/krb5-1.18.3/src/lib/krb5/rcache/t_rcfile2.c
Examining data/krb5-1.18.3/src/lib/krb5/rcache/rc_file2.c
Examining data/krb5-1.18.3/src/lib/krb5/rcache/memrcache.c
Examining data/krb5-1.18.3/src/lib/krb5/rcache/t_memrcache.c
Examining data/krb5-1.18.3/src/lib/krb5/rcache/rc_base.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/cc-int.h
Examining data/krb5-1.18.3/src/lib/krb5/ccache/t_stdio.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccselect.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/cc_memory.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccselect_hostname.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/cc_dir.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/cccopy.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/t_cc.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccdefops.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccbase.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/scc.h
Examining data/krb5-1.18.3/src/lib/krb5/ccache/t_cccol.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccdefault.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccselect_k5identity.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/cc_retr.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccmarshal.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/cc_keyring.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/cccursor.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/t_cccursor.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/cc_kcm.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccfns.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/kcmrpc_types.h
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc.h
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.h
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/winccld.h
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/winccld.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/fcc.h
Examining data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/ccselect_realm.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/t_memory.c
Examining data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c
Examining data/krb5-1.18.3/src/lib/krb5/os/realm_dom.c
Examining data/krb5-1.18.3/src/lib/krb5/os/localauth_names.c
Examining data/krb5-1.18.3/src/lib/krb5/os/toffset.c
Examining data/krb5-1.18.3/src/lib/krb5/os/dnsglue.c
Examining data/krb5-1.18.3/src/lib/krb5/os/gen_port.c
Examining data/krb5-1.18.3/src/lib/krb5/os/changepw.c
Examining data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c
Examining data/krb5-1.18.3/src/lib/krb5/os/expand_path.c
Examining data/krb5-1.18.3/src/lib/krb5/os/localauth.c
Examining data/krb5-1.18.3/src/lib/krb5/os/t_kuserok.c
Examining data/krb5-1.18.3/src/lib/krb5/os/hostrealm.c
Examining data/krb5-1.18.3/src/lib/krb5/os/write_msg.c
Examining data/krb5-1.18.3/src/lib/krb5/os/sn2princ.c
Examining data/krb5-1.18.3/src/lib/krb5/os/hostrealm_profile.c
Examining data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c
Examining data/krb5-1.18.3/src/lib/krb5/os/t_an_to_ln.c
Examining data/krb5-1.18.3/src/lib/krb5/os/read_msg.c
Examining data/krb5-1.18.3/src/lib/krb5/os/sendto_kdc.c
Examining data/krb5-1.18.3/src/lib/krb5/os/lock_file.c
Examining data/krb5-1.18.3/src/lib/krb5/os/full_ipadr.c
Examining data/krb5-1.18.3/src/lib/krb5/os/prompter.c
Examining data/krb5-1.18.3/src/lib/krb5/os/c_ustime.c
Examining data/krb5-1.18.3/src/lib/krb5/os/krbfileio.c
Examining data/krb5-1.18.3/src/lib/krb5/os/mk_faddr.c
Examining data/krb5-1.18.3/src/lib/krb5/os/hostrealm_dns.c
Examining data/krb5-1.18.3/src/lib/krb5/os/localauth_k5login.c
Examining data/krb5-1.18.3/src/lib/krb5/os/unlck_file.c
Examining data/krb5-1.18.3/src/lib/krb5/os/hostaddr.c
Examining data/krb5-1.18.3/src/lib/krb5/os/hostrealm_registry.c
Examining data/krb5-1.18.3/src/lib/krb5/os/gen_rname.c
Examining data/krb5-1.18.3/src/lib/krb5/os/dnssrv.c
Examining data/krb5-1.18.3/src/lib/krb5/os/dnsglue.h
Examining data/krb5-1.18.3/src/lib/krb5/os/thread_safe.c
Examining data/krb5-1.18.3/src/lib/krb5/os/ktdefname.c
Examining data/krb5-1.18.3/src/lib/krb5/os/t_expand_path.c
Examining data/krb5-1.18.3/src/lib/krb5/os/ustime.c
Examining data/krb5-1.18.3/src/lib/krb5/os/net_read.c
Examining data/krb5-1.18.3/src/lib/krb5/os/read_pwd.c
Examining data/krb5-1.18.3/src/lib/krb5/os/net_write.c
Examining data/krb5-1.18.3/src/lib/krb5/os/localauth_an2ln.c
Examining data/krb5-1.18.3/src/lib/krb5/os/t_locate_kdc.c
Examining data/krb5-1.18.3/src/lib/krb5/os/localauth_rule.c
Examining data/krb5-1.18.3/src/lib/krb5/os/localaddr.c
Examining data/krb5-1.18.3/src/lib/krb5/os/port2ip.c
Examining data/krb5-1.18.3/src/lib/krb5/os/hostrealm_domain.c
Examining data/krb5-1.18.3/src/lib/krb5/os/t_trace.c
Examining data/krb5-1.18.3/src/lib/krb5/os/locate_kdc.c
Examining data/krb5-1.18.3/src/lib/krb5/os/trace.c
Examining data/krb5-1.18.3/src/lib/krb5/os/accessor.c
Examining data/krb5-1.18.3/src/lib/krb5/os/genaddrs.c
Examining data/krb5-1.18.3/src/lib/krb5/os/timeofday.c
Examining data/krb5-1.18.3/src/lib/krb5/os/t_gifconf.c
Examining data/krb5-1.18.3/src/lib/krb5/os/os-proto.h
Examining data/krb5-1.18.3/src/lib/krb5/os/t_std_conf.c
Examining data/krb5-1.18.3/src/lib/krb5/error_tables/init_ets.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/prng_device.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/prf_aes2.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/checksum_dk_cmac.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/t_fortuna.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/keylengths.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/verify_checksum_iov.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/encrypt.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/old_api_glue.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/make_checksum.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/s2k_pbkdf2.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/prng_os.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/enc_etm.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/verify_checksum.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/state.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/cf2.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/prf.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/decrypt.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/derive.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/random_to_key.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/crypto_libinit.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/cksumtype_to_string.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/enc_raw.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/checksum_unkeyed.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/aead.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/string_to_key.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/s2k_rc4.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/keyed_checksum_types.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/string_to_cksumtype.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/etypes.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/mandatory_sumtype.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/encrypt_iov.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/keyed_cksum.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/prf_dk.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/checksum_hmac_md5.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/cksumtypes.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/valid_cksumtype.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/prf_rc4.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/decrypt_iov.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/checksum_dk_hmac.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/checksum_length.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/enc_rc4.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/prf_des.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/coll_proof_cksum.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/keyblocks.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/enctype_util.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/cmac.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/key.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/enc_dk_cmac.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/checksum_etm.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/prf_cmac.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/crypto_int.h
Examining data/krb5-1.18.3/src/lib/crypto/krb/nfold.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/crypto_length.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/default_state.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/enc_dk_hmac.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/make_random_key.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/encrypt_length.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/prng.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/make_checksum_iov.c
Examining data/krb5-1.18.3/src/lib/crypto/krb/block_size.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/md5/rsa-md5.h
Examining data/krb5-1.18.3/src/lib/crypto/builtin/md5/md5.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/hash_provider/hash_md5.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/hash_provider/hash_sha2.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/hash_provider/hash_sha1.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/hash_provider/hash_md4.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/pbkdf2.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/key_sched.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/f_parity.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/d3_kysched.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/des_int.h
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/f_cksum.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/d3_aead.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/weak_key.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/f_aead.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/des_keys.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/f_cbc.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/f_tables.h
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/f_sched.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/f_tables.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/des/destest.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/hmac.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha256.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha512.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha2.h
Examining data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes.h
Examining data/krb5-1.18.3/src/lib/crypto/builtin/aes/aescrypp.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/aes/aeskey.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/aes/aestab.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/aes/aescpp.h
Examining data/krb5-1.18.3/src/lib/crypto/builtin/aes/aescrypt.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/aes/aeskeypp.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/aes/aesopt.h
Examining data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia.h
Examining data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/rc4.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/des3.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/md4/md4.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/md4/rsa-md4.h
Examining data/krb5-1.18.3/src/lib/crypto/builtin/init.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/crypto_mod.h
Examining data/krb5-1.18.3/src/lib/crypto/builtin/sha1/shs.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs.c
Examining data/krb5-1.18.3/src/lib/crypto/builtin/sha1/shs.h
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/camellia-test.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_hmac.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_decrypt.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_pkcs5.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cts.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_prng.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_encrypt.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cksums.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_kperf.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cmac.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_prf.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mddriver.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/aes-test.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mdcksum.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_sha2.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_str2key.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_fork.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_short.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cf2.c
Examining data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_derive.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/hash_provider/hash_evp.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/pbkdf2.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/des/des_keys.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/hmac.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/stubs.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/rc4.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/des3.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/aes.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/sha256.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/init.c
Examining data/krb5-1.18.3/src/lib/crypto/openssl/crypto_mod.h
Examining data/krb5-1.18.3/src/lib/kdb/kdb_convert.c
Examining data/krb5-1.18.3/src/lib/kdb/kdb5.h
Examining data/krb5-1.18.3/src/lib/kdb/t_sort_key_data.c
Examining data/krb5-1.18.3/src/lib/kdb/encrypt_key.c
Examining data/krb5-1.18.3/src/lib/kdb/kdb_log.c
Examining data/krb5-1.18.3/src/lib/kdb/keytab.c
Examining data/krb5-1.18.3/src/lib/kdb/kdb5.c
Examining data/krb5-1.18.3/src/lib/kdb/decrypt_key.c
Examining data/krb5-1.18.3/src/lib/kdb/t_stringattr.c
Examining data/krb5-1.18.3/src/lib/kdb/kdb_default.c
Examining data/krb5-1.18.3/src/lib/kdb/kdb5int.h
Examining data/krb5-1.18.3/src/lib/kdb/t_ulog.c
Examining data/krb5-1.18.3/src/lib/kdb/iprop_xdr.c
Examining data/krb5-1.18.3/src/lib/kdb/kdb_cpw.c
Examining data/krb5-1.18.3/src/lib/rpc/authunix_prot.c
Examining data/krb5-1.18.3/src/lib/rpc/clnt_simple.c
Examining data/krb5-1.18.3/src/lib/rpc/get_myaddress.c
Examining data/krb5-1.18.3/src/lib/rpc/dyn.h
Examining data/krb5-1.18.3/src/lib/rpc/pmap_getmaps.c
Examining data/krb5-1.18.3/src/lib/rpc/clnt_raw.c
Examining data/krb5-1.18.3/src/lib/rpc/rpc_callmsg.c
Examining data/krb5-1.18.3/src/lib/rpc/gssrpcint.h
Examining data/krb5-1.18.3/src/lib/rpc/rpc_commondata.c
Examining data/krb5-1.18.3/src/lib/rpc/svc_simple.c
Examining data/krb5-1.18.3/src/lib/rpc/xdr_array.c
Examining data/krb5-1.18.3/src/lib/rpc/xdr_reference.c
Examining data/krb5-1.18.3/src/lib/rpc/auth_none.c
Examining data/krb5-1.18.3/src/lib/rpc/getrpcport.c
Examining data/krb5-1.18.3/src/lib/rpc/svc_auth_gssapi.c
Examining data/krb5-1.18.3/src/lib/rpc/svc_run.c
Examining data/krb5-1.18.3/src/lib/rpc/auth_unix.c
Examining data/krb5-1.18.3/src/lib/rpc/bindresvport.c
Examining data/krb5-1.18.3/src/lib/rpc/svc_udp.c
Examining data/krb5-1.18.3/src/lib/rpc/auth_gssapi_misc.c
Examining data/krb5-1.18.3/src/lib/rpc/svc_tcp.c
Examining data/krb5-1.18.3/src/lib/rpc/xdr_alloc.c
Examining data/krb5-1.18.3/src/lib/rpc/svc_auth_gss.c
Examining data/krb5-1.18.3/src/lib/rpc/pmap_prot2.c
Examining data/krb5-1.18.3/src/lib/rpc/auth_gssapi.c
Examining data/krb5-1.18.3/src/lib/rpc/xdr_stdio.c
Examining data/krb5-1.18.3/src/lib/rpc/svc_auth_unix.c
Examining data/krb5-1.18.3/src/lib/rpc/xdr_sizeof.c
Examining data/krb5-1.18.3/src/lib/rpc/svc.c
Examining data/krb5-1.18.3/src/lib/rpc/dynP.h
Examining data/krb5-1.18.3/src/lib/rpc/xdr.c
Examining data/krb5-1.18.3/src/lib/rpc/clnt_udp.c
Examining data/krb5-1.18.3/src/lib/rpc/dyn.c
Examining data/krb5-1.18.3/src/lib/rpc/rpc_prot.c
Examining data/krb5-1.18.3/src/lib/rpc/xdr_rec.c
Examining data/krb5-1.18.3/src/lib/rpc/pmap_prot.c
Examining data/krb5-1.18.3/src/lib/rpc/svc_auth.c
Examining data/krb5-1.18.3/src/lib/rpc/rpc_dtablesize.c
Examining data/krb5-1.18.3/src/lib/rpc/clnt_tcp.c
Examining data/krb5-1.18.3/src/lib/rpc/dyntest.c
Examining data/krb5-1.18.3/src/lib/rpc/authgss_prot.c
Examining data/krb5-1.18.3/src/lib/rpc/auth_gss.c
Examining data/krb5-1.18.3/src/lib/rpc/xdr_float.c
Examining data/krb5-1.18.3/src/lib/rpc/pmap_getport.c
Examining data/krb5-1.18.3/src/lib/rpc/clnt_perror.c
Examining data/krb5-1.18.3/src/lib/rpc/pmap_rmt.c
Examining data/krb5-1.18.3/src/lib/rpc/pmap_clnt.c
Examining data/krb5-1.18.3/src/lib/rpc/clnt_generic.c
Examining data/krb5-1.18.3/src/lib/rpc/getrpcent.c
Examining data/krb5-1.18.3/src/lib/rpc/svc_raw.c
Examining data/krb5-1.18.3/src/lib/rpc/svc_auth_none.c
Examining data/krb5-1.18.3/src/lib/rpc/xdr_mem.c
Examining data/krb5-1.18.3/src/lib/rpc/unit-test/server.c
Examining data/krb5-1.18.3/src/lib/rpc/unit-test/client.c
Examining data/krb5-1.18.3/src/lib/rpc/unit-test/rpc_test_svc.c
Examining data/krb5-1.18.3/src/lib/rpc/unit-test/rpc_test.h
Examining data/krb5-1.18.3/src/lib/rpc/unit-test/rpc_test_clnt.c
Examining data/krb5-1.18.3/src/tests/dejagnu/t_inetd.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_context.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_pcontok.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_credstore.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_s4u.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_iov.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_ccselect.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_export_cred.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_srcattrs.c
Examining data/krb5-1.18.3/src/tests/gssapi/ccinit.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_saslname.c
Examining data/krb5-1.18.3/src/tests/gssapi/ccrefresh.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_accname.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_inq_mechs_name.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_s4u2proxy_krb5.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_prf.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_add_cred.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_imp_cred.c
Examining data/krb5-1.18.3/src/tests/gssapi/common.h
Examining data/krb5-1.18.3/src/tests/gssapi/common.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_invalid.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_ciflags.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_err.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_inq_ctx.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_inq_cred.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_gssexts.c
Examining data/krb5-1.18.3/src/tests/gssapi/reload.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_oid.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_namingexts.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_lifetime.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_imp_name.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_spnego.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_enctypes.c
Examining data/krb5-1.18.3/src/tests/gssapi/t_export_name.c
Examining data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c
Examining data/krb5-1.18.3/src/tests/hammer/pp.c
Examining data/krb5-1.18.3/src/tests/s4u2self.c
Examining data/krb5-1.18.3/src/tests/s2p.c
Examining data/krb5-1.18.3/src/tests/localauth.c
Examining data/krb5-1.18.3/src/tests/icinterleave.c
Examining data/krb5-1.18.3/src/tests/asn.1/ktest.h
Examining data/krb5-1.18.3/src/tests/asn.1/ktest.c
Examining data/krb5-1.18.3/src/tests/asn.1/utility.h
Examining data/krb5-1.18.3/src/tests/asn.1/utility.c
Examining data/krb5-1.18.3/src/tests/asn.1/krb5_encode_test.c
Examining data/krb5-1.18.3/src/tests/asn.1/ktest_equal.h
Examining data/krb5-1.18.3/src/tests/asn.1/krb5_decode_test.c
Examining data/krb5-1.18.3/src/tests/asn.1/debug.h
Examining data/krb5-1.18.3/src/tests/asn.1/ktest_equal.c
Examining data/krb5-1.18.3/src/tests/asn.1/krb5_decode_leak.c
Examining data/krb5-1.18.3/src/tests/asn.1/trval.c
Examining data/krb5-1.18.3/src/tests/asn.1/make-vectors.c
Examining data/krb5-1.18.3/src/tests/asn.1/t_trval.c
Examining data/krb5-1.18.3/src/tests/s4u2proxy.c
Examining data/krb5-1.18.3/src/tests/hooks.c
Examining data/krb5-1.18.3/src/tests/hrealm.c
Examining data/krb5-1.18.3/src/tests/unlockiter.c
Examining data/krb5-1.18.3/src/tests/verify/kdb5_verify.c
Examining data/krb5-1.18.3/src/tests/verify/pkey.c
Examining data/krb5-1.18.3/src/tests/adata.c
Examining data/krb5-1.18.3/src/tests/icred.c
Examining data/krb5-1.18.3/src/tests/responder.c
Examining data/krb5-1.18.3/src/tests/gcred.c
Examining data/krb5-1.18.3/src/tests/hist.c
Examining data/krb5-1.18.3/src/tests/resolve/addrinfo-test.c
Examining data/krb5-1.18.3/src/tests/resolve/fake-addrinfo-test.c
Examining data/krb5-1.18.3/src/tests/resolve/resolve.c
Examining data/krb5-1.18.3/src/tests/test1.c
Examining data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c
Examining data/krb5-1.18.3/src/tests/replay.c
Examining data/krb5-1.18.3/src/tests/threads/init_ctx.c
Examining data/krb5-1.18.3/src/tests/threads/gss-perf.c
Examining data/krb5-1.18.3/src/tests/threads/prof1.c
Examining data/krb5-1.18.3/src/tests/threads/profread.c
Examining data/krb5-1.18.3/src/tests/threads/t_rcache.c
Examining data/krb5-1.18.3/src/tests/rdreq.c
Examining data/krb5-1.18.3/src/tests/dump.c
Examining data/krb5-1.18.3/src/tests/forward.c
Examining data/krb5-1.18.3/src/tests/softpkcs11/main.c
Examining data/krb5-1.18.3/src/tests/etinfo.c
Examining data/krb5-1.18.3/src/tests/plugorder.c
Examining data/krb5-1.18.3/src/tests/gss-threads/gss-client.c
Examining data/krb5-1.18.3/src/tests/gss-threads/gss-misc.c
Examining data/krb5-1.18.3/src/tests/gss-threads/gss-misc.h
Examining data/krb5-1.18.3/src/tests/gss-threads/gss-server.c
Examining data/krb5-1.18.3/src/tests/kdbtest.c
Examining data/krb5-1.18.3/src/tests/misc/test_cxx_kadm5.cpp
Examining data/krb5-1.18.3/src/tests/misc/test_getsockname.c
Examining data/krb5-1.18.3/src/tests/misc/test_cxx_rpc.cpp
Examining data/krb5-1.18.3/src/tests/misc/test_nfold.c
Examining data/krb5-1.18.3/src/tests/misc/test_chpw_message.c
Examining data/krb5-1.18.3/src/tests/misc/test_getpw.c
Examining data/krb5-1.18.3/src/tests/misc/test_cxx_k5int.cpp
Examining data/krb5-1.18.3/src/tests/misc/test_cxx_krb5.cpp
Examining data/krb5-1.18.3/src/tests/misc/test_cxx_gss.cpp
Examining data/krb5-1.18.3/src/tests/shlib/t_loader.c
Examining data/krb5-1.18.3/src/kdc/do_as_req.c
Examining data/krb5-1.18.3/src/kdc/do_tgs_req.c
Examining data/krb5-1.18.3/src/kdc/cammac.c
Examining data/krb5-1.18.3/src/kdc/kdc_preauth_encts.c
Examining data/krb5-1.18.3/src/kdc/kdc_transit.c
Examining data/krb5-1.18.3/src/kdc/policy.h
Examining data/krb5-1.18.3/src/kdc/extern.c
Examining data/krb5-1.18.3/src/kdc/authind.c
Examining data/krb5-1.18.3/src/kdc/dispatch.c
Examining data/krb5-1.18.3/src/kdc/policy.c
Examining data/krb5-1.18.3/src/kdc/kdc_preauth_ec.c
Examining data/krb5-1.18.3/src/kdc/tgs_policy.c
Examining data/krb5-1.18.3/src/kdc/kdc_audit.h
Examining data/krb5-1.18.3/src/kdc/kdc_authdata.c
Examining data/krb5-1.18.3/src/kdc/kdc_util.h
Examining data/krb5-1.18.3/src/kdc/realm_data.h
Examining data/krb5-1.18.3/src/kdc/rtest.c
Examining data/krb5-1.18.3/src/kdc/kdc_audit.c
Examining data/krb5-1.18.3/src/kdc/replay.c
Examining data/krb5-1.18.3/src/kdc/extern.h
Examining data/krb5-1.18.3/src/kdc/kdc_log.c
Examining data/krb5-1.18.3/src/kdc/kdc_preauth.c
Examining data/krb5-1.18.3/src/kdc/t_replay.c
Examining data/krb5-1.18.3/src/kdc/reqstate.h
Examining data/krb5-1.18.3/src/kdc/main.c
Examining data/krb5-1.18.3/src/kdc/fast_util.c
Examining data/krb5-1.18.3/src/kdc/kdc_util.c
Examining data/krb5-1.18.3/src/wconfig.c
Examining data/krb5-1.18.3/src/kadmin/cli/keytab_local.c
Examining data/krb5-1.18.3/src/kadmin/cli/keytab.c
Examining data/krb5-1.18.3/src/kadmin/cli/ss_wrapper.c
Examining data/krb5-1.18.3/src/kadmin/cli/kadmin.h
Examining data/krb5-1.18.3/src/kadmin/cli/kadmin.c
Examining data/krb5-1.18.3/src/kadmin/testing/util/bsddb_dump.c
Examining data/krb5-1.18.3/src/kadmin/testing/util/test.c
Examining data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.h
Examining data/krb5-1.18.3/src/kadmin/testing/util/tcl_krb5_hash.c
Examining data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c
Examining data/krb5-1.18.3/src/kadmin/ktutil/ktutil.h
Examining data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c
Examining data/krb5-1.18.3/src/kadmin/ktutil/ktutil_funcs.c
Examining data/krb5-1.18.3/src/kadmin/server/schpw.c
Examining data/krb5-1.18.3/src/kadmin/server/misc.h
Examining data/krb5-1.18.3/src/kadmin/server/auth_self.c
Examining data/krb5-1.18.3/src/kadmin/server/auth_acl.c
Examining data/krb5-1.18.3/src/kadmin/server/misc.c
Examining data/krb5-1.18.3/src/kadmin/server/ovsec_kadmd.c
Examining data/krb5-1.18.3/src/kadmin/server/auth.c
Examining data/krb5-1.18.3/src/kadmin/server/kadm_rpc_svc.c
Examining data/krb5-1.18.3/src/kadmin/server/auth.h
Examining data/krb5-1.18.3/src/kadmin/server/server_stubs.c
Examining data/krb5-1.18.3/src/kadmin/server/ipropd_svc.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/tabdump.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/ovload.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/kadm5_create.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/kdb5_util.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/strtok.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/kdb5_stash.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/tdumputil.h
Examining data/krb5-1.18.3/src/kadmin/dbutil/kdb5_create.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/kdb5_util.h
Examining data/krb5-1.18.3/src/kadmin/dbutil/nstrtok.h
Examining data/krb5-1.18.3/src/kadmin/dbutil/dump.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/kdb5_destroy.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/t_tdumputil.c
Examining data/krb5-1.18.3/src/kadmin/dbutil/tdumputil.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_destroy.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_v2.h
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_store.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_compare.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_remove_cred.c
Examining data/krb5-1.18.3/src/ccapi/test/simple_lock_test.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_new_credentials_iterator.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_log.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_context_open_ccache.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_create.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_log.h
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_seq_fetch_creds_begin.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_check.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_constants.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_release.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_get_cred_version.c
Examining data/krb5-1.18.3/src/ccapi/test/pingtest.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_remove_credentials.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_get_name.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_context_compare.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_move.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_util.h
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_context_get_change_time.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_context_new_ccache_iterator.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_get_change_time.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_shutdown.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_close.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_globals.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_destroy.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_get_principal.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_context_create_ccache.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_context.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_get_principal.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_set_default.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_get_name.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_get_kdc_time_offset.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_context_create_new_ccache.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_get_last_default_time.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_seq_fetch_creds_next.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.h
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_get_NC_info.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_check.h
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_iterators.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_globals.h
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_v2.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_set_principal.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_set_principal.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_context_create_default_ccache.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_credentials_iterator_next.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_util.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_open.c
Examining data/krb5-1.18.3/src/ccapi/test/test_constants.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_get_change_time.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_seq_fetch_NCs_next.c
Examining data/krb5-1.18.3/src/ccapi/test/main.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_context.h
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_store_credentials.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_iterators.h
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_context_open_default_ccache.c
Examining data/krb5-1.18.3/src/ccapi/test/test_ccapi_constants.h
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_clear_kdc_time_offset.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_iterator_next.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_context_get_default_ccache_name.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_set_kdc_time_offset.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_ccache_get_credentials_version.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_seq_fetch_NCs_begin.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_initialize.c
Examining data/krb5-1.18.3/src/ccapi/test/test_cc_context_release.c
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_string.h
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_credentials.h
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_ccache.c
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_v2.c
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_context_change_time.h
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_context.c
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_string.c
Examining data/krb5-1.18.3/src/ccapi/lib/unix/stubs.c
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_ipc.c
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_credentials_iterator.h
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_ccache_iterator.c
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_context.h
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_credentials.c
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_context_change_time.c
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_ipc.h
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_ccache_iterator.h
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_os_ipc.h
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_ccache.h
Examining data/krb5-1.18.3/src/ccapi/lib/ccapi_credentials_iterator.c
Examining data/krb5-1.18.3/src/ccapi/lib/win/ccapi_os_ipc.cxx
Examining data/krb5-1.18.3/src/ccapi/lib/win/dllmain.cxx
Examining data/krb5-1.18.3/src/ccapi/lib/win/OldCC/client.cxx
Examining data/krb5-1.18.3/src/ccapi/lib/win/OldCC/ccapi.h
Examining data/krb5-1.18.3/src/ccapi/lib/win/OldCC/client.h
Examining data/krb5-1.18.3/src/ccapi/lib/win/dllmain.h
Examining data/krb5-1.18.3/src/ccapi/lib/win/ccs_reply_proc.c
Examining data/krb5-1.18.3/src/ccapi/common/cci_common.h
Examining data/krb5-1.18.3/src/ccapi/common/cci_debugging.h
Examining data/krb5-1.18.3/src/ccapi/common/cci_array_internal.h
Examining data/krb5-1.18.3/src/ccapi/common/cci_message.c
Examining data/krb5-1.18.3/src/ccapi/common/cci_identifier.c
Examining data/krb5-1.18.3/src/ccapi/common/cci_types.h
Examining data/krb5-1.18.3/src/ccapi/common/cci_debugging.c
Examining data/krb5-1.18.3/src/ccapi/common/cci_os_debugging.h
Examining data/krb5-1.18.3/src/ccapi/common/cci_array_internal.c
Examining data/krb5-1.18.3/src/ccapi/common/cci_os_identifier.h
Examining data/krb5-1.18.3/src/ccapi/common/cci_message.h
Examining data/krb5-1.18.3/src/ccapi/common/cci_cred_union.h
Examining data/krb5-1.18.3/src/ccapi/common/cci_cred_union.c
Examining data/krb5-1.18.3/src/ccapi/common/cci_identifier.h
Examining data/krb5-1.18.3/src/ccapi/common/win/win-utils.c
Examining data/krb5-1.18.3/src/ccapi/common/win/tls.c
Examining data/krb5-1.18.3/src/ccapi/common/win/win-utils.h
Examining data/krb5-1.18.3/src/ccapi/common/win/tls.h
Examining data/krb5-1.18.3/src/ccapi/common/win/cci_os_debugging.c
Examining data/krb5-1.18.3/src/ccapi/common/win/OldCC/ccutils.c
Examining data/krb5-1.18.3/src/ccapi/common/win/OldCC/init.cxx
Examining data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx
Examining data/krb5-1.18.3/src/ccapi/common/win/OldCC/ccutils.h
Examining data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.h
Examining data/krb5-1.18.3/src/ccapi/common/win/OldCC/ccutil.cxx
Examining data/krb5-1.18.3/src/ccapi/common/win/OldCC/name.h
Examining data/krb5-1.18.3/src/ccapi/common/win/OldCC/secure.cxx
Examining data/krb5-1.18.3/src/ccapi/common/win/OldCC/opts.cxx
Examining data/krb5-1.18.3/src/ccapi/common/win/cci_os_identifier.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_callback.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_credentials_iterator.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_os_pipe.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_list_internal.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_cache_collection.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_lock_state.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_client.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_credentials.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_os_server.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_cache_collection.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_client.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_list.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_ccache_iterator.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_credentials_iterator.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_server.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_pipe.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_os_notify.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_ccache_iterator.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_list.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_types.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_callback.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_lock.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_list_internal.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_ccache.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_lock_state.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_lock.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_array.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_ccache.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_credentials.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_pipe.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_server.c
Examining data/krb5-1.18.3/src/ccapi/server/ccs_common.h
Examining data/krb5-1.18.3/src/ccapi/server/ccs_array.h
Examining data/krb5-1.18.3/src/ccapi/server/win/WorkQueue.h
Examining data/krb5-1.18.3/src/ccapi/server/win/ccs_request_proc.c
Examining data/krb5-1.18.3/src/ccapi/server/win/ccs_os_pipe.c
Examining data/krb5-1.18.3/src/ccapi/server/win/ccs_os_server.cpp
Examining data/krb5-1.18.3/src/ccapi/server/win/ccs_win_pipe.h
Examining data/krb5-1.18.3/src/ccapi/server/win/ccs_win_pipe.c
Examining data/krb5-1.18.3/src/ccapi/server/win/WorkQueue.cpp
Examining data/krb5-1.18.3/src/ccapi/server/win/WorkItem.cpp
Examining data/krb5-1.18.3/src/ccapi/server/win/workitem.h
Examining data/krb5-1.18.3/src/prototype/prototype.c
Examining data/krb5-1.18.3/src/prototype/prototype.h
Examining data/krb5-1.18.3/src/util/profile/test_load.c
Examining data/krb5-1.18.3/src/util/profile/prof_init.c
Examining data/krb5-1.18.3/src/util/profile/prof_get.c
Examining data/krb5-1.18.3/src/util/profile/testmod/testmod_main.c
Examining data/krb5-1.18.3/src/util/profile/test_profile.c
Examining data/krb5-1.18.3/src/util/profile/prof_parse.c
Examining data/krb5-1.18.3/src/util/profile/prof_set.c
Examining data/krb5-1.18.3/src/util/profile/argv_parse.c
Examining data/krb5-1.18.3/src/util/profile/prof_file.c
Examining data/krb5-1.18.3/src/util/profile/prof_tree.c
Examining data/krb5-1.18.3/src/util/profile/test_vtable.c
Examining data/krb5-1.18.3/src/util/profile/profile_tcl.c
Examining data/krb5-1.18.3/src/util/profile/test_parse.c
Examining data/krb5-1.18.3/src/util/profile/prof_FSp_glue.c
Examining data/krb5-1.18.3/src/util/profile/argv_parse.h
Examining data/krb5-1.18.3/src/util/profile/prof_int.h
Examining data/krb5-1.18.3/src/util/et/com_err.h
Examining data/krb5-1.18.3/src/util/et/error_table.h
Examining data/krb5-1.18.3/src/util/et/error_message.c
Examining data/krb5-1.18.3/src/util/et/et_name.c
Examining data/krb5-1.18.3/src/util/et/com_err.c
Examining data/krb5-1.18.3/src/util/et/t_com_err.c
Examining data/krb5-1.18.3/src/util/et/mit-sipb-copyright.h
Examining data/krb5-1.18.3/src/util/et/test_et.c
Examining data/krb5-1.18.3/src/util/windows/libecho.c
Examining data/krb5-1.18.3/src/util/support/t_hex.c
Examining data/krb5-1.18.3/src/util/support/t_k5buf.c
Examining data/krb5-1.18.3/src/util/support/getopt_long.c
Examining data/krb5-1.18.3/src/util/support/utf8.c
Examining data/krb5-1.18.3/src/util/support/t_json.c
Examining data/krb5-1.18.3/src/util/support/dir_filenames.c
Examining data/krb5-1.18.3/src/util/support/path.c
Examining data/krb5-1.18.3/src/util/support/t_hashtab.c
Examining data/krb5-1.18.3/src/util/support/hashtab.c
Examining data/krb5-1.18.3/src/util/support/ipc_stream.c
Examining data/krb5-1.18.3/src/util/support/threads.c
Examining data/krb5-1.18.3/src/util/support/t_unal.c
Examining data/krb5-1.18.3/src/util/support/fnmatch.c
Examining data/krb5-1.18.3/src/util/support/json.c
Examining data/krb5-1.18.3/src/util/support/t_path.c
Examining data/krb5-1.18.3/src/util/support/secure_getenv.c
Examining data/krb5-1.18.3/src/util/support/t_utf16.c
Examining data/krb5-1.18.3/src/util/support/getopt.c
Examining data/krb5-1.18.3/src/util/support/cache-addrinfo.h
Examining data/krb5-1.18.3/src/util/support/fake-addrinfo.c
Examining data/krb5-1.18.3/src/util/support/k5buf.c
Examining data/krb5-1.18.3/src/util/support/strlcpy.c
Examining data/krb5-1.18.3/src/util/support/t_utf8.c
Examining data/krb5-1.18.3/src/util/support/zap.c
Examining data/krb5-1.18.3/src/util/support/plugins.c
Examining data/krb5-1.18.3/src/util/support/gettimeofday.c
Examining data/krb5-1.18.3/src/util/support/mkstemp.c
Examining data/krb5-1.18.3/src/util/support/utf8_conv.c
Examining data/krb5-1.18.3/src/util/support/t_base64.c
Examining data/krb5-1.18.3/src/util/support/bcmp.c
Examining data/krb5-1.18.3/src/util/support/init-addrinfo.c
Examining data/krb5-1.18.3/src/util/support/printf.c
Examining data/krb5-1.18.3/src/util/support/base64.c
Examining data/krb5-1.18.3/src/util/support/gmt_mktime.c
Examining data/krb5-1.18.3/src/util/support/errors.c
Examining data/krb5-1.18.3/src/util/support/hex.c
Examining data/krb5-1.18.3/src/util/support/supp-int.h
Examining data/krb5-1.18.3/src/util/support/strerror_r.c
Examining data/krb5-1.18.3/src/util/exitsleep.c
Examining data/krb5-1.18.3/src/util/verto/verto.c
Examining data/krb5-1.18.3/src/util/verto/verto.h
Examining data/krb5-1.18.3/src/util/verto/ev.h
Examining data/krb5-1.18.3/src/util/verto/verto-module.h
Examining data/krb5-1.18.3/src/util/verto/ev_win32.c
Examining data/krb5-1.18.3/src/util/verto/module.h
Examining data/krb5-1.18.3/src/util/verto/ev_select.c
Examining data/krb5-1.18.3/src/util/verto/ev.c
Examining data/krb5-1.18.3/src/util/verto/ev_poll.c
Examining data/krb5-1.18.3/src/util/verto/module.c
Examining data/krb5-1.18.3/src/util/verto/ev_vars.h
Examining data/krb5-1.18.3/src/util/verto/verto-k5ev.c
Examining data/krb5-1.18.3/src/util/verto/verto-libev.c
Examining data/krb5-1.18.3/src/util/verto/ev_wrap.h
Examining data/krb5-1.18.3/src/util/ss/requests.c
Examining data/krb5-1.18.3/src/util/ss/listen.c
Examining data/krb5-1.18.3/src/util/ss/mk_cmds.c
Examining data/krb5-1.18.3/src/util/ss/utils.c
Examining data/krb5-1.18.3/src/util/ss/parse.c
Examining data/krb5-1.18.3/src/util/ss/options.c
Examining data/krb5-1.18.3/src/util/ss/ss_internal.h
Examining data/krb5-1.18.3/src/util/ss/execute_cmd.c
Examining data/krb5-1.18.3/src/util/ss/data.c
Examining data/krb5-1.18.3/src/util/ss/help.c
Examining data/krb5-1.18.3/src/util/ss/invocation.c
Examining data/krb5-1.18.3/src/util/ss/mit-sipb-copyright.h
Examining data/krb5-1.18.3/src/util/ss/pager.c
Examining data/krb5-1.18.3/src/util/ss/test_ss.c
Examining data/krb5-1.18.3/src/util/ss/list_rqs.c
Examining data/krb5-1.18.3/src/util/ss/request_tbl.c
Examining data/krb5-1.18.3/src/util/ss/ss.h
Examining data/krb5-1.18.3/src/util/ss/prompt.c
Examining data/krb5-1.18.3/src/util/ss/error.c
Examining data/krb5-1.18.3/src/util/ss/copyright.h
Examining data/krb5-1.18.3/src/kprop/kproplog.c
Examining data/krb5-1.18.3/src/kprop/kpropd_rpc.c
Examining data/krb5-1.18.3/src/kprop/kprop.c
Examining data/krb5-1.18.3/src/kprop/kpropd.c
Examining data/krb5-1.18.3/src/kprop/kprop.h
Examining data/krb5-1.18.3/src/kprop/kprop_util.c
Examining data/krb5-1.18.3/src/clients/kinit/kinit.c
Examining data/krb5-1.18.3/src/clients/kinit/extern.h
Examining data/krb5-1.18.3/src/clients/kinit/kinit_kdb.c
Examining data/krb5-1.18.3/src/clients/kvno/kvno.c
Examining data/krb5-1.18.3/src/clients/kswitch/kswitch.c
Examining data/krb5-1.18.3/src/clients/kpasswd/kpasswd.c
Examining data/krb5-1.18.3/src/clients/kdeltkt/kdeltkt.c
Examining data/krb5-1.18.3/src/clients/klist/klist.c
Examining data/krb5-1.18.3/src/clients/ksu/krb_auth_su.c
Examining data/krb5-1.18.3/src/clients/ksu/xmalloc.c
Examining data/krb5-1.18.3/src/clients/ksu/heuristic.c
Examining data/krb5-1.18.3/src/clients/ksu/setenv.c
Examining data/krb5-1.18.3/src/clients/ksu/ccache.c
Examining data/krb5-1.18.3/src/clients/ksu/authorization.c
Examining data/krb5-1.18.3/src/clients/ksu/main.c
Examining data/krb5-1.18.3/src/clients/ksu/ksu.h
Examining data/krb5-1.18.3/src/clients/kdestroy/kdestroy.c
Examining data/krb5-1.18.3/src/clients/kcpytkt/kcpytkt.c

FINAL RESULTS:

data/krb5-1.18.3/src/ccapi/common/win/win-utils.c:51:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(_clientEndpoint, UUID, UUID_SIZE);
data/krb5-1.18.3/src/ccapi/common/win/win-utils.c:59:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(_serverEndpoint, user, UUID_SIZE);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_dir.c:193:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(newpath, S_IRUSR | S_IWUSR);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:470:10:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    st = chmod(data->filename, S_IRUSR | S_IWUSR);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:861:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(data->filename, S_IRUSR | S_IWUSR);
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:264:9:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
	(void) strncat(str, clnt_sperrno(rpc_createerr.cf_stat), BUFSIZ - 1);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash.c:532:3:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
		chmod(hashp->fname, 0700);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:967:5:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
    strncat(cachename, filename, sizeof(cachename));
data/krb5-1.18.3/src/ccapi/common/win/OldCC/ccutils.c:77:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(event_name, uuid_string);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/ccutils.c:79:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(event_name, suffix);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/secure.cxx:137:9:  [4] (access) SetThreadToken:
  If this call fails, the program could fail to drop heightened privileges
  (CWE-250). Make sure the return value is checked, and do not continue if a
  failure is reported.
    if (SetThreadToken(&hThDuplicate, NULL)) {
data/krb5-1.18.3/src/ccapi/common/win/OldCC/secure.cxx:148:14:  [4] (access) SetThreadToken:
  If this call fails, the program could fail to drop heightened privileges
  (CWE-250). Make sure the return value is checked, and do not continue if a
  failure is reported.
        if (!SetThreadToken(&hThread, m_hToken)) {
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:490:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(result, name);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:492:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(result + name_size + 1, file);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:511:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(result, prog);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:513:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(result, arg1);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:515:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(result, arg2);
data/krb5-1.18.3/src/ccapi/common/win/cci_os_debugging.c:37:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf ( in_format, in_args );
data/krb5-1.18.3/src/ccapi/common/win/cci_os_identifier.c:48:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(*out_uuid_string, uuidStringTemp);
data/krb5-1.18.3/src/ccapi/common/win/win-utils.c:50:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(_clientEndpoint, clientPrefix);
data/krb5-1.18.3/src/ccapi/common/win/win-utils.c:58:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(_serverEndpoint, serverPrefix);
data/krb5-1.18.3/src/ccapi/server/win/WorkItem.cpp:101:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "WorkItem msg#:%d sst:%ld pipe:<%s>/0x%X", _rpcmsg, _sst,
data/krb5-1.18.3/src/ccapi/server/win/ccs_os_server.cpp:819:14:  [4] (access) RpcImpersonateClient:
  If this call fails, the program could fail to drop heightened privileges
  (CWE-250). Make sure the return value is checked, and do not continue if a
  failure is reported.
    status = RpcImpersonateClient(0);
data/krb5-1.18.3/src/ccapi/server/win/ccs_win_pipe.c:55:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(uuidCopy, uuid);
data/krb5-1.18.3/src/ccapi/test/test_ccapi_log.c:12:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf(stdout, format, ap);
data/krb5-1.18.3/src/clients/kinit/kinit.c:205:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, args);
data/krb5-1.18.3/src/clients/klist/klist.c:118:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, args);
data/krb5-1.18.3/src/clients/ksu/main.c:117:19:  [4] (misc) getpass:
  This function is obsolete and not portable. It was in SUSv2 but removed by
  POSIX.2. What it does exactly varies considerably between systems,
  particularly in where its prompt is displayed and where it gets its data
  (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
  overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
  exactly what you want. If you continue to use it, or write your own, be
  sure to zero the password as soon as possible to avoid leaving the
  cleartext password visible in the process' address space.
    extern char * getpass(), *crypt();
data/krb5-1.18.3/src/clients/ksu/main.c:117:31:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
    extern char * getpass(), *crypt();
data/krb5-1.18.3/src/clients/ksu/main.c:338:19:  [4] (misc) getlogin:
  It's often easy to fool getlogin. Sometimes it does not work at all,
  because some program messed up the utmp file. Often, it gives only the
  first 8 characters of the login name. The user currently logged in on the
  controlling tty of our program need not be the user who started it. Avoid
  getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
  and extract the desired information instead.
    source_user = getlogin(); /*checks for the the login name in /etc/utmp*/
data/krb5-1.18.3/src/clients/ksu/main.c:754:9:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        execv(params[0], params);
data/krb5-1.18.3/src/clients/ksu/main.c:790:13:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            execv(params[0], params);
data/krb5-1.18.3/src/clients/ksu/main.c:1072:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(stderr, fmt, ap);
data/krb5-1.18.3/src/clients/kvno/kvno.c:181:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, args);
data/krb5-1.18.3/src/include/k5-platform.h:909:1:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
vsnprintf(char *str, size_t size, const char *format, va_list args)
data/krb5-1.18.3/src/include/k5-platform.h:924:1:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
snprintf(char *str, size_t size, const char *format, ...)
data/krb5-1.18.3/src/include/k5-platform.h:930:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    n = vsnprintf(str, size, format, args);
data/krb5-1.18.3/src/include/k5-platform.h:935:37:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#error We need an implementation of vsnprintf.
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:83:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(fmt, ap);
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:96:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, ap);
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:240:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, args);
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:850:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(format, va);
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_util.c:176:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf (stderr, fmt, args);
data/krb5-1.18.3/src/kadmin/dbutil/tdumputil.c:225:15:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        ret = vfprintf(h->fh, fmt, ap);
data/krb5-1.18.3/src/kadmin/server/ipropd_svc.c:59:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf(stderr, __VA_ARGS__);	\
data/krb5-1.18.3/src/kadmin/server/ipropd_svc.c:375:6:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	p = popen(ubuf, "w");
data/krb5-1.18.3/src/kadmin/server/ipropd_svc.c:402:13:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    pret = execl(kprop, "kprop", "-r", handle->params.realm, "-f",
data/krb5-1.18.3/src/kadmin/server/ipropd_svc.c:407:13:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    pret = execl(kprop, "kprop", "-r", handle->params.realm, "-f",
data/krb5-1.18.3/src/kadmin/server/misc.c:105:21:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                    snprintf(msg_ret, msg_len, errstr, time_string);
data/krb5-1.18.3/src/kprop/kpropd.c:1035:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        vsnprintf(error_buf, sizeof(error_buf), fmt, args);
data/krb5-1.18.3/src/kprop/kpropd.c:1564:9:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        execv(kdb_util, edit_av);
data/krb5-1.18.3/src/lib/crypto/builtin/des/f_tables.h:55:25:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DEB(foofraw)    printf foofraw
data/krb5-1.18.3/src/lib/gssapi/spnego/gssapiP_spnego.h:149:20:  [4] (format) syslog:
  If syslog's format strings can be influenced by an attacker, they can be
  exploited (CWE-134). Use a constant format string for syslog.
#define	dsyslog(a) syslog(LOG_DEBUG, a)
data/krb5-1.18.3/src/lib/kadm5/chpass_util.c:196:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT),
data/krb5-1.18.3/src/lib/kadm5/chpass_util.c:206:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_TOO_FEW_CLASSES),
data/krb5-1.18.3/src/lib/kadm5/chpass_util.c:225:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON),
data/krb5-1.18.3/src/lib/kadm5/logger.c:473:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    fprintf(stderr, lspec_parse_err_1, whoami, cp);
data/krb5-1.18.3/src/lib/kadm5/logger.c:474:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    fprintf(stderr, lspec_parse_err_2, whoami);
data/krb5-1.18.3/src/lib/kadm5/logger.c:678:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(syslogp, sizeof(outbuf) - (syslogp - outbuf), format, arglist);
data/krb5-1.18.3/src/lib/kadm5/logger.c:709:17:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                fprintf(stderr, log_file_err, log_control.log_whoami,
data/krb5-1.18.3/src/lib/kadm5/logger.c:724:17:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                fprintf(stderr, log_device_err, log_control.log_whoami,
data/krb5-1.18.3/src/lib/kadm5/srv/svr_principal.c:1279:13:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            execv (task_path, task_argv);
data/krb5-1.18.3/src/lib/kadm5/unit-test/destroy-test.c:40:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if(access(cp, F_OK) == 0) {
data/krb5-1.18.3/src/lib/krad/t_daemon.h:72:14:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        exit(execlp(argv[1], argv[1], argv[2], NULL));
data/krb5-1.18.3/src/lib/krb5/ccache/cc_keyring.c:118:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, ap);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:218:5:  [4] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    wcscat(princbuf, realmbuf);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:241:9:  [4] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
        wcscat(princbuf, tmpbuf);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:244:5:  [4] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    wcscat(princbuf, realm);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:1568:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(data->cc_name, residual);
data/krb5-1.18.3/src/lib/krb5/krb/chk_trans.c:38:37:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define Tprintf(ARGS) if (verbose) printf ARGS
data/krb5-1.18.3/src/lib/krb5/krb/deltat.c:675:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:206:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(p, APPEND_KRB5CC);
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:48:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(*pname, DEFAULT_PROFILE_FILENAME);
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:80:21:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define Tprintf(X) printf X
data/krb5-1.18.3/src/lib/krb5/os/localauth_k5login.c:110:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(filename, F_OK) != 0) {
data/krb5-1.18.3/src/lib/krb5/os/locate_kdc.c:116:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, ap);
data/krb5-1.18.3/src/lib/krb5/posix/syslog.c:7:1:  [4] (format) syslog:
  If syslog's format strings can be influenced by an attacker, they can be
  exploited (CWE-134). Use a constant format string for syslog.
syslog(int pri, const char *fmt, ...)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1343:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _ucprop_size = %d;\n\n", NUMPROPS);
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1345:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_2 _ucprop_offsets[] = {");
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1355:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _ucprop_ranges[] = {");
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1405:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _uccase_size = %ld;\n\n",
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1408:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_2 _uccase_len[2] = {%ld, %ld};\n\n",
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1410:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _uccase_map[] = {");
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1492:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _uccomp_size = %ld;\n\n",
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1495:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _uccomp_data[] = {");
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1552:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _ucdcmp_size = %ld;\n\n",
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1555:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _ucdcmp_nodes[] = {");
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1572:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(out, PREF "krb5_ui_4 _ucdcmp_decomp[] = {");
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1644:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _uckdcmp_size = %ld;\n\n",
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1647:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _uckdcmp_nodes[] = {");
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1664:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(out, PREF "krb5_ui_4 _uckdcmp_decomp[] = {");
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1742:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _uccmcl_size = %ld;\n\n", (long) ccl_used);
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1744:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _uccmcl_nodes[] = {");
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1801:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _ucnum_size = %lu;\n\n",
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1804:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(out, PREF "krb5_ui_4 _ucnum_nodes[] = {");
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1819:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(out, PREF "short _ucnum_vals[] = {");
data/krb5-1.18.3/src/lib/rpc/authgss_prot.c:290:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/krb5-1.18.3/src/lib/rpc/svc_auth_gssapi.c:55:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(format, ap);
data/krb5-1.18.3/src/lib/rpc/svc_auth_gssapi.c:62:6:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    vfprintf(f, format, ap);
data/krb5-1.18.3/src/lib/win_glue.c:245:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf, "Your version of %s has expired.\n",
data/krb5-1.18.3/src/lib/win_glue.c:260:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buf, "Your version of %s will expire in %ld days.\n",
data/krb5-1.18.3/src/plugins/kdb/db2/adb_openclose.c:256:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(db->lock->filename, F_OK) < 0) {
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c:52:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(id1,key.data);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c:56:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(id2,data.data);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:837:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	(void)vfprintf(stderr, fmt, ap);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:230:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf (stderr, fmt, args);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:158:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(filter, princlen, FILTER"%s))", filtuser);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit.h:85:18:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define pkiDebug	printf
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:594:21:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                    sprintf(PIN_message,
data/krb5-1.18.3/src/tests/asn.1/debug.h:44:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(message);
data/krb5-1.18.3/src/tests/dejagnu/t_inetd.c:139:8:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if(execv(path, &argv[3]))
data/krb5-1.18.3/src/tests/softpkcs11/main.c:161:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(fmt, ap);
data/krb5-1.18.3/src/tests/softpkcs11/main.c:174:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(soft_token.logfile, fmt, ap);
data/krb5-1.18.3/src/tests/softpkcs11/main.c:185:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = vsnprintf(str, size, fmt, ap);
data/krb5-1.18.3/src/tests/softpkcs11/main.c:194:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf error_use_st_logf
data/krb5-1.18.3/src/util/et/com_err.c:88:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(stderr, fmt, ap);
data/krb5-1.18.3/src/util/et/error_message.c:80:20:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define dprintf(X) printf X
data/krb5-1.18.3/src/util/profile/prof_file.c:84:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(filespec, W_OK) == 0)
data/krb5-1.18.3/src/util/profile/prof_file.c:108:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(filespec, R_OK) == 0)
data/krb5-1.18.3/src/util/profile/profile_tcl.c:665:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1147:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(c,ty->name);
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1149:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(c,(char *)"NULL");
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1171:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,type->name);
data/krb5-1.18.3/src/util/ss/execute_cmd.c:192:13:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            system(line_ptr);
data/krb5-1.18.3/src/util/ss/mk_cmds.c:45:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(path, argv[1]);
data/krb5-1.18.3/src/util/ss/pager.c:101:12:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    (void) execlp(_ss_pager_name, _ss_pager_name, (char *) NULL);
data/krb5-1.18.3/src/util/support/k5buf.c:178:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        r = vsnprintf(endptr(buf), remaining, fmt, ap);
data/krb5-1.18.3/src/util/support/k5buf.c:189:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    r = vsnprintf(endptr(buf), remaining, fmt, apcopy);
data/krb5-1.18.3/src/util/support/k5buf.c:201:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        r = vsnprintf(endptr(buf), remaining, fmt, ap);
data/krb5-1.18.3/src/util/support/plugins.c:87:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf (stderr, fmt, va);
data/krb5-1.18.3/src/util/support/plugins.c:129:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(filespec, dir);
data/krb5-1.18.3/src/util/support/printf.c:51:16:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        len2 = vsnprintf(str, len, format, ap2);
data/krb5-1.18.3/src/util/verto/ev.c:4262:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy (path, w->path);
data/krb5-1.18.3/src/util/windows/libecho.c:53:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(filepath, f);
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:166:5:  [4] (buffer) _tcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
    _tcscpy( tchVersionKey, _T( KFW_CLIENT_KEY ) );
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:167:5:  [4] (buffer) _tcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    _tcscat( tchVersionKey, tchVersionString );
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:739:5:  [4] (buffer) lstrcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    lstrcat(target,str);
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:743:5:  [4] (buffer) lstrcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    lstrcat(charset,str2);
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:761:8:  [4] (buffer) lstrcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
       lstrcat(str, str2);
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:768:8:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
       lstrcpy(str+(match-target),match+lstrlen(str2)+2);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:450:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(ccname,"API:%s",pname);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:674:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pname, username);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:676:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(pname, realm);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:1032:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(cachename, filename);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:1109:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(cachename, filename);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:1129:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cachename, "API:%s", name);
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:503:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(filename, szLogonId);
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:530:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(newfilename, szLogonId);
data/krb5-1.18.3/src/windows/leash/KrbListTickets.cpp:164:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(list->encTypes, Buffer);
data/krb5-1.18.3/src/windows/leash/Leash.cpp:169:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(modulePath, LEASH_HELP_FILE);
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:94:13:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
            lstrcpy(szModNames, me32.szExePath);
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:133:17:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
                lstrcpy(checkName, szModName);
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:218:5:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
    lstrcpy(cp, sname_version);
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:225:5:  [4] (format) _sntprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    _sntprintf(version, sizeof(version), TEXT("MIT Kerberos Version %s"), szVersion);
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:229:5:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
    lstrcpy(cp, sname_copyright);
data/krb5-1.18.3/src/windows/leash/LeashDebugWindow.cpp:163:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(pDebugText, listboxItem);
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:606:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ldi.in.username,username);
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:608:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ldi.in.realm,realm);
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:1494:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(debugFilePath, ptestenv);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:103:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(desiredPrincipal, lpdlginfo->principal);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:151:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(mytitle, "Obtain Kerberos TGT for %s@%s",desiredName,desiredRealm);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:253:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(mytitle, "Obtain Kerberos TGT for %s@%s",desiredName,desiredRealm);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:554:13:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
            lstrcpy(principal, lpdi->principal);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:812:4:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
			lstrcpy((LPSTR)gbuf, (LPSTR)err_context);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:882:25:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
                        lstrcpy((LPSTR)gbuf, (LPSTR)err_context);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1598:4:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
			lstrcpy((LPSTR)gbuf, (LPSTR)err_context);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1859:4:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
			lstrcpy((LPSTR)gbuf, (LPSTR)err_context);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:499:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp, first_part);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:500:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(realm, second_part);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:505:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(aname, first_part);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:506:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(inst, second_part);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:519:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(aname, temp);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:524:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(aname, temp);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:530:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp, aname);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:534:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(temp, inst);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:539:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(temp, realm);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:623:17:  [4] (buffer) lstrcpynW:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                lstrcpynW (buffer, usBuffer, usLength);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:624:17:  [4] (buffer) lstrcatW:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
                lstrcatW (buffer,L"");
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:763:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( KRB_HelpFile, szHelpFile );
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:768:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( KRB_HelpFile, tmpHelpFile );
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:773:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( KRB_HelpFile, HELPFILE );
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1016:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy(buf, value);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1167:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy(buf, value);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2533:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(mytitle, "Obtain Kerberos TGT for %s@%s",desiredName,desiredRealm);
data/krb5-1.18.3/src/windows/leashdll/timesync.c:121:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(hostname, value);
data/krb5-1.18.3/src/windows/leashdll/timesync.c:144:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(timeServerName, hostname);
data/krb5-1.18.3/src/windows/leashdll/timesync.c:198:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(tmpstr1, "Unreachable server: %s\n", hostname);
data/krb5-1.18.3/src/windows/leashdll/timesync.c:199:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(tmpstr, tmpstr1);
data/krb5-1.18.3/src/windows/leashdll/timesync.c:286:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(tmpstr, "The time has been syncronized with the server:   %s\n\n", hostname);
data/krb5-1.18.3/src/windows/leashdll/timesync.c:288:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmpstr, ctime((time_t *)&hosttime));
data/krb5-1.18.3/src/windows/leashdll/winerr.c:55:5:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
    lstrcpy(buf, com_err_msg);
data/krb5-1.18.3/src/windows/leashdll/winerr.c:62:9:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
        lstrcpy(buf, com_err_msg);
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:114:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((ch = getopt(argc, argv, "p:S:s:")) != -1) {
data/krb5-1.18.3/src/appl/simple/client/sim_client.c:106:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((ch = getopt(argc, argv, "p:m:h:s:")) != -1)
data/krb5-1.18.3/src/appl/simple/server/sim_server.c:101:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((ch = getopt(argc, argv, "p:s:S:")) != -1) {
data/krb5-1.18.3/src/ccapi/common/win/OldCC/ccutil.cxx:109:42:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    if (!status) {status = !(s_hRpcDll = LoadLibrary(TEXT("rpcrt4.dll")));}
data/krb5-1.18.3/src/ccapi/common/win/OldCC/init.cxx:109:42:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    if (!status) {status = !(s_hRpcDll = LoadLibrary(TEXT("rpcrt4.dll")));}
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:348:14:  [3] (misc) AddAccessAllowedAce:
  This doesn't set the inheritance bits in the access control entry (ACE)
  header (CWE-732). Make sure that you set inheritance by hand if you wish it
  to inherit.
        if (!AddAccessAllowedAce(pAcl, ACL_REVISION, GENERIC_ALL, pSid)) status = GetLastError();
data/krb5-1.18.3/src/ccapi/server/win/WorkItem.cpp:122:5:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
    EnterCriticalSection(&cs);
data/krb5-1.18.3/src/ccapi/server/win/WorkItem.cpp:135:9:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
        EnterCriticalSection(&cs);
data/krb5-1.18.3/src/clients/kcpytkt/kcpytkt.c:34:22:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((option = getopt(argc, argv, "c:e:f:hq")) != -1) {
data/krb5-1.18.3/src/clients/kdeltkt/kdeltkt.c:33:22:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((option = getopt(argc, argv, "c:e:f:hq")) != -1) {
data/krb5-1.18.3/src/clients/kdestroy/kdestroy.c:100:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "54Aqc:p:")) != -1) {
data/krb5-1.18.3/src/clients/kinit/kinit.c:255:17:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((i = getopt_long(argc, argv, shopts, long_options, 0)) != -1) {
data/krb5-1.18.3/src/clients/klist/klist.c:136:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "dfetKsnacki45lAVC")) != -1) {
data/krb5-1.18.3/src/clients/ksu/main.c:194:22:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
           (option = getopt(pargc, pargv,"n:c:r:a:zZDfFpPkql:e:")) != -1) {
data/krb5-1.18.3/src/clients/ksu/main.c:813:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env_ccname = getenv(KRB5_ENV_CCNAME);
data/krb5-1.18.3/src/clients/ksu/setenv.c:140:1:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
getenv(name)
data/krb5-1.18.3/src/clients/kswitch/kswitch.c:61:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "c:p:")) != -1) {
data/krb5-1.18.3/src/clients/kvno/kvno.c:87:22:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((option = getopt_long(argc, argv, shopts, lopts, NULL)) != -1) {
data/krb5-1.18.3/src/include/k5-platform.h:1114:9:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
#define getopt k5_getopt
data/krb5-1.18.3/src/include/k5-platform.h:1135:9:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
#define getopt_long k5_getopt_long
data/krb5-1.18.3/src/include/k5-platform.h:1140:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#define secure_getenv getenv
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:315:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv,
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:519:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        } else if ((luser = getenv("USER"))) {
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_create.c:157:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv, "sW")) != -1) {
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_destroy.c:56:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv, "f")) != -1) {
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:219:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv, "e:s")) != -1) {
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:879:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv, "fnv")) != -1) {
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:1080:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv, "fnv")) != -1) {
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_stash.c:80:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv, "f:")) != -1) {
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_util.c:486:8:  [3] (buffer) getwd:
  This does not protect against buffer overflows by itself, so use with
  caution (CWE-120, CWE-20). Use getcwd instead.
#undef getwd
data/krb5-1.18.3/src/kadmin/dbutil/t_tdumputil.c:58:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((ch = getopt(argc, argv, "T:c")) != -1) {
data/krb5-1.18.3/src/kadmin/dbutil/tabdump.c:622:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((ch = getopt(argc, argv, "Hceno:")) != -1) {
data/krb5-1.18.3/src/kadmin/server/ovsec_kadmd.c:553:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        kprop_port = getenv("KPROP_PORT");
data/krb5-1.18.3/src/kdc/main.c:700:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "x:r:d:mM:k:R:e:P:p:s:nw:4:T:X3")) != -1) {
data/krb5-1.18.3/src/kprop/kprop.c:128:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "r:f:dP:s:")) != -1) {
data/krb5-1.18.3/src/kprop/kpropd.c:1062:17:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt_long(argc, argv, "A:f:F:p:P:r:s:DdSa:tx:",
data/krb5-1.18.3/src/kprop/kproplog.c:434:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "Rvhe:")) != -1) {
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:26:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(42);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:27:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(42);
data/krb5-1.18.3/src/lib/gssapi/krb5/acquire_cred.c:276:21:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
        hLeashDLL = LoadLibrary(LEASH_DLL);
data/krb5-1.18.3/src/lib/gssapi/krb5/init_sec_context.c:317:9:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srand(time(0) ^ getpid());
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:103:13:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            srand(time(0));
data/krb5-1.18.3/src/lib/gssapi/spnego/gssapiP_negoex.h:82:13:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    uint8_t random[32];
data/krb5-1.18.3/src/lib/gssapi/spnego/gssapiP_negoex.h:150:33:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                        uint8_t random[32]);
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_ctx.c:130:13:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    uint8_t random[32];
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_ctx.c:132:39:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    major = negoex_random(minor, ctx, random, 32);
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_ctx.c:136:50:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    negoex_add_nego_message(ctx, INITIATOR_NEGO, random);
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_ctx.c:162:13:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    uint8_t random[32];
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_ctx.c:164:39:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    major = negoex_random(minor, ctx, random, 32);
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_ctx.c:168:49:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    negoex_add_nego_message(ctx, ACCEPTOR_NEGO, random);
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:235:44:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    p = k5_input_get_bytes(in, sizeof(msg->random));
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:237:21:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        memcpy(msg->random, p, sizeof(msg->random));
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:237:44:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        memcpy(msg->random, p, sizeof(msg->random));
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:582:33:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                        uint8_t random[32])
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:594:45:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    k5_buf_add_len(&ctx->negoex_transcript, random, 32);
data/krb5-1.18.3/src/lib/gssapi/spnego/spnego_mech.c:1590:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		char *envstr = getenv("MS_FORCE_NO_MIC");
data/krb5-1.18.3/src/lib/kadm5/unit-test/setkey-test.c:6:25:  [3] (random) lrand48:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define RAND()          lrand48()
data/krb5-1.18.3/src/lib/kadm5/unit-test/setkey-test.c:11:25:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define SRAND(a)        srand(a)
data/krb5-1.18.3/src/lib/kadm5/unit-test/setkey-test.c:14:25:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define RAND()          random()
data/krb5-1.18.3/src/lib/kadm5/unit-test/setkey-test.c:15:25:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define SRAND(a)        srandom(a)
data/krb5-1.18.3/src/lib/kadm5/unit-test/setkey-test.c:18:8:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
need a random number generator
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/winccld.c:53:15:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    if (!(h = LoadLibrary(dll_name))) {
data/krb5-1.18.3/src/lib/krb5/ccache/ccdefault.c:77:21:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
        hLeashDLL = LoadLibrary(LEASH_DLL);
data/krb5-1.18.3/src/lib/krb5/krb/t_cc_config.c:128:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "p:")) != -1) {
data/krb5-1.18.3/src/lib/krb5/krb/t_get_etype_info.c:50:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "e:T:")) != -1) {
data/krb5-1.18.3/src/lib/krb5/krb/t_in_ccache.c:80:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "I:A:")) != -1) {
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:200:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if (!try_dir(getenv("TEMP"), p, size) &&
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:201:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            !try_dir(getenv("TMP"), p, size))
data/krb5-1.18.3/src/lib/krb5/os/t_std_conf.c:193:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "cdr:C:D:l:s:")) != -1) {
data/krb5-1.18.3/src/lib/krb5/rcache/rc_dfl.c:59:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    dir = getenv("KRB5RCACHEDIR");
data/krb5-1.18.3/src/lib/rpc/unit-test/client.c:79:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "a:m:os:tu")) != -1) {
data/krb5-1.18.3/src/lib/rpc/unit-test/server.c:75:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
     while ((c = getopt(argc, argv, "tu")) != -1) {
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:61:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        envstr = getenv("HOPS");
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:73:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    envstr = getenv("INIT_FAIL");
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:124:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    envstr = getenv("ACCEPT_FAIL");
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:240:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    envstr = getenv(initiator ? "INIT_QUERY_FAIL" : "ACCEPT_QUERY_FAIL");
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:243:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    envstr = getenv(initiator ? "INIT_QUERY_NONE" : "ACCEPT_QUERY_NONE");
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:264:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    envstr = getenv(initiator ? "INIT_EXCHANGE_FAIL" : "ACCEPT_EXCHANGE_FAIL");
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:309:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    envstr = getenv("KEY");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:408:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	envtmp = getenv("TMPDIR");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:202:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "bc:di:lp:ruw")) != -1) {
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:141:15:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((ch = getopt(argc, argv, "f:i:lo:s")) != -1)
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:191:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		p = getenv("TMPDIR");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c:89:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(17);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c:12:2:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srandom(101173);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c:15:8:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
			r = random() % 122;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c:17:10:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
				r += random() % (122 - r);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1459:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv, "f")) != -1) {
data/krb5-1.18.3/src/tests/adata.c:298:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "+c:p:")) != -1) {
data/krb5-1.18.3/src/tests/asn.1/krb5_encode_test.c:85:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv, "tp:")) != -1) {
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:114:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv, "D:P:p:n:d:r:k:M:e:m")) != -1) {
data/krb5-1.18.3/src/tests/gcred.c:79:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "ft")) != -1) {
data/krb5-1.18.3/src/tests/gssapi/t_enctypes.c:101:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "i:a:")) != -1) {
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:134:22:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((option = getopt(argc, argv, "D:p:n:c:R:P:e:bvr:t")) != -1) {
data/krb5-1.18.3/src/tests/icred.c:72:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "so:X:")) != -1) {
data/krb5-1.18.3/src/tests/responder.c:352:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "X:x:cr:p:")) != -1) {
data/krb5-1.18.3/src/tests/softpkcs11/main.c:841:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        fn = getenv("SOFTPKCS11RC");
data/krb5-1.18.3/src/tests/softpkcs11/main.c:845:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        home = getenv("HOME");
data/krb5-1.18.3/src/tests/threads/gss-perf.c:129:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt (argc, argv, optstring)) != -1) {
data/krb5-1.18.3/src/tests/threads/init_ctx.c:103:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt (argc, argv, optstring)) != -1) {
data/krb5-1.18.3/src/tests/threads/prof1.c:58:27:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    const char *mypath = (random() & 1) ? path : filename;
data/krb5-1.18.3/src/tests/threads/prof1.c:82:23:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        req.tv_nsec = random() & 499999999;
data/krb5-1.18.3/src/tests/threads/profread.c:105:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt (argc, argv, optstring)) != -1) {
data/krb5-1.18.3/src/tests/threads/t_rcache.c:148:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, optstring)) != -1) {
data/krb5-1.18.3/src/tests/unlockiter.c:228:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "lt:u")) != -1) {
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:110:23:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optchar = getopt(argc, argv, "D:P:p:n:d:r:R:k:M:e:m")) != -1) {
data/krb5-1.18.3/src/util/ss/pager.c:19:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
extern char *getenv();
data/krb5-1.18.3/src/util/ss/pager.c:98:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if ((_ss_pager_name = getenv("PAGER")) == (char *)NULL)
data/krb5-1.18.3/src/util/support/getopt.c:86:1:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
getopt(nargc, nargv, ostr)
data/krb5-1.18.3/src/util/support/getopt_long.c:158:1:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
getopt_long(nargc, nargv, options, long_options, index)
data/krb5-1.18.3/src/util/support/plugins.c:310:18:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
        handle = LoadLibrary(filepath);
data/krb5-1.18.3/src/util/support/secure_getenv.c:110:40:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    return elevated_privilege ? NULL : getenv(name);
data/krb5-1.18.3/src/util/support/threads.c:344:5:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
    EnterCriticalSection(&key_lock);
data/krb5-1.18.3/src/util/support/threads.c:376:5:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
    EnterCriticalSection(&key_lock);
data/krb5-1.18.3/src/util/support/threads.c:422:5:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
    InitializeCriticalSection(&key_lock);
data/krb5-1.18.3/src/util/verto/ev.c:2868:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
          && getenv ("LIBEV_FLAGS"))
data/krb5-1.18.3/src/util/verto/ev.c:2869:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        flags = atoi (getenv ("LIBEV_FLAGS"));
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:541:9:  [3] (shell) CreateProcessAsUser:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Especially watch out for embedded spaces.
    if (CreateProcessAsUser( pInfo->hToken,
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:597:9:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    if (CreateProcess( NULL,
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:597:9:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    if (CreateProcess( NULL,
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:617:47:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        DebugEvent("KFW_Logon_Event PATH %s", getenv("PATH"));
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:1490:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        CHAR* ptestenv = getenv(*pEnv);
data/krb5-1.18.3/src/windows/lib/loadfuncs.c:58:9:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    h = LoadLibrary(dll_name);
data/krb5-1.18.3/src/windows/ms2mit/mit2ms.c:60:22:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((option = getopt(argc, argv, "c:h")) != -1) {
data/krb5-1.18.3/src/windows/ms2mit/ms2mit.c:105:22:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((option = getopt(argc, argv, "c:h")) != -1) {
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:369:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(file_name, O_RDONLY, 0)) < 0) {
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:796:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            port = atoi(*argv);
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:827:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            max_threads = atoi(*argv);
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:848:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            ccount = atoi(*argv);
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:856:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            mcount = atoi(*argv);
data/krb5-1.18.3/src/appl/gss-sample/gss-misc.c:167:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char lenbuf[4];
data/krb5-1.18.3/src/appl/gss-sample/gss-misc.c:240:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char lenbuf[4];
data/krb5-1.18.3/src/appl/gss-sample/gss-server.c:383:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(copied_token.value, context_token.value, copied_token.length);
data/krb5-1.18.3/src/appl/gss-sample/gss-server.c:681:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            port = atoi(*argv);
data/krb5-1.18.3/src/appl/gss-sample/gss-server.c:689:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            max_threads = atoi(*argv);
data/krb5-1.18.3/src/appl/gss-sample/gss-server.c:712:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                logfile = fopen(*argv, "a");
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:157:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char abuf[NI_MAXHOST], pbuf[NI_MAXSERV];
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:158:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char mbuf[NI_MAXHOST + NI_MAXSERV + 64];
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:87:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char repbuf[BUFSIZ];
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:117:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            port = atoi(optarg);
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:143:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        port = atoi(argv[1]);
data/krb5-1.18.3/src/appl/simple/client/sim_client.c:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char my_hostname[MAXHOSTNAMELEN];
data/krb5-1.18.3/src/appl/simple/client/sim_client.c:109:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            port = atoi(optarg);
data/krb5-1.18.3/src/appl/simple/server/sim_server.c:84:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pktbuf[BUFSIZ];
data/krb5-1.18.3/src/appl/simple/server/sim_server.c:104:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            port = atoi(optarg);
data/krb5-1.18.3/src/appl/user_user/client.c:66:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        port = htons(atoi(argv[3]));
data/krb5-1.18.3/src/appl/user_user/server.c:82:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            l_inaddr.sin_port = htons(atoi(argv[1]));
data/krb5-1.18.3/src/ccapi/common/cci_cred_union.c:562:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (data, in_ccdata->data, in_ccdata->length);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/opts.cxx:108:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                opts.cMaxCalls = (unsigned int) atoi(argv[++i]);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/opts.cxx:111:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                opts.cMinCalls = (unsigned int) atoi(argv[++i]);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/opts.cxx:114:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                opts.fDontWait = (unsigned int) atoi(argv[++i]);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lid[3*sizeof(LUID)+1+5];
data/krb5-1.18.3/src/ccapi/common/win/tls.h:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                _uuid[UUID_SIZE];
data/krb5-1.18.3/src/ccapi/common/win/win-utils.c:46:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char            _ts[MAX_TIMESTAMP];
data/krb5-1.18.3/src/ccapi/lib/win/ccapi_os_ipc.cxx:195:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tspdata_handle[8] = { 0 };
data/krb5-1.18.3/src/ccapi/lib/win/ccapi_os_ipc.cxx:244:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(tspdata_handle, &ptspdata, sizeof(ptspdata));
data/krb5-1.18.3/src/ccapi/lib/win/ccapi_os_ipc.cxx:307:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char           tspdata_handle[8] = {0};
data/krb5-1.18.3/src/ccapi/lib/win/ccapi_os_ipc.cxx:336:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tspdata_handle, &tsp, sizeof(tsp));
data/krb5-1.18.3/src/ccapi/lib/win/dllmain.cxx:46:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char     _user[UNLEN+1];     // Username is used as part of the server and client endpoints.
data/krb5-1.18.3/src/ccapi/server/win/WorkItem.cpp:90:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        buf[2048];
data/krb5-1.18.3/src/ccapi/server/win/ccs_os_server.cpp:218:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR  infoBuf[INFO_BUFFER_SIZE];
data/krb5-1.18.3/src/ccapi/server/win/ccs_os_server.cpp:561:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR sysMsg[256];
data/krb5-1.18.3/src/ccapi/server/win/ccs_os_server.cpp:911:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char peer_name[1024];
data/krb5-1.18.3/src/ccapi/server/win/ccs_os_server.cpp:912:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char client_name[1024];
data/krb5-1.18.3/src/ccapi/test/test_ccapi_globals.c:10:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * ccapi_error_strings[30] = {
data/krb5-1.18.3/src/ccapi/test/test_ccapi_globals.c:49:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * ccapiv2_error_strings[24] = {
data/krb5-1.18.3/src/ccapi/test/test_ccapi_globals.h:23:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char * ccapi_error_strings[30];
data/krb5-1.18.3/src/clients/kcpytkt/kcpytkt.c:43:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            flags = atoi(optarg);
data/krb5-1.18.3/src/clients/kdeltkt/kdeltkt.c:42:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            flags = atoi(optarg);
data/krb5-1.18.3/src/clients/kinit/kinit.c:60:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char name[1024];
data/krb5-1.18.3/src/clients/klist/klist.c:126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *name, tmp[BUFSIZ];
data/krb5-1.18.3/src/clients/klist/klist.c:270:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ]; /* Hopefully large enough for any type */
data/krb5-1.18.3/src/clients/klist/klist.c:573:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[100];
data/krb5-1.18.3/src/clients/klist/klist.c:591:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[32];
data/krb5-1.18.3/src/clients/klist/klist.c:629:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timestring[BUFSIZ], fill = ' ';
data/krb5-1.18.3/src/clients/klist/klist.c:819:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[NI_MAXHOST];
data/krb5-1.18.3/src/clients/klist/klist.c:832:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&sinp->sin_addr, a->contents, 4);
data/krb5-1.18.3/src/clients/klist/klist.c:842:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&sin6p->sin6_addr, a->contents, 16);
data/krb5-1.18.3/src/clients/kpasswd/kpasswd.c:53:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pw[1024];
data/krb5-1.18.3/src/clients/ksu/authorization.c:103:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((login_fp = fopen(k5login_path, "r")) == NULL)
data/krb5-1.18.3/src/clients/ksu/authorization.c:112:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((users_fp = fopen(k5users_path, "r")) == NULL) {
data/krb5-1.18.3/src/clients/ksu/ccache.c:297:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[32];
data/krb5-1.18.3/src/clients/ksu/ccache.c:328:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmtbuf[18], fill = ' ';
data/krb5-1.18.3/src/clients/ksu/ccache.c:342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pbuf[MAXPATHLEN];
data/krb5-1.18.3/src/clients/ksu/ccache.c:368:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(pbuf, "r")) == NULL) {
data/krb5-1.18.3/src/clients/ksu/ccache.c:503:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bytes[6], *p, *sym;
data/krb5-1.18.3/src/clients/ksu/heuristic.c:225:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((login_fp = fopen(k5login_path, "r")) == NULL)
data/krb5-1.18.3/src/clients/ksu/heuristic.c:234:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((users_fp = fopen(k5users_path, "r")) == NULL)
data/krb5-1.18.3/src/clients/ksu/krb_auth_su.c:152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char password[255], *client_name, prompt[255];
data/krb5-1.18.3/src/clients/ksu/ksu.h:71:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char k5login_path[MAXPATHLEN];
data/krb5-1.18.3/src/clients/ksu/ksu.h:72:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char k5users_path[MAXPATHLEN];
data/krb5-1.18.3/src/clients/ksu/main.c:39:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char k5login_path[MAXPATHLEN];
data/krb5-1.18.3/src/clients/ksu/main.c:40:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char k5users_path[MAXPATHLEN];
data/krb5-1.18.3/src/clients/ksu/main.c:985:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[MAXPATHLEN + 5];
data/krb5-1.18.3/src/clients/ksu/setenv.c:96:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(P, environ, cnt * sizeof(char *));
data/krb5-1.18.3/src/clients/ksu/xmalloc.c:64:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (dst, src, len);
data/krb5-1.18.3/src/clients/kvno/kvno.c:215:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char linebuf[256];
data/krb5-1.18.3/src/clients/kvno/kvno.c:222:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(file_name, "r");
data/krb5-1.18.3/src/include/gssrpc/auth.h:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char c[8];
data/krb5-1.18.3/src/include/gssrpc/auth_gssapi.h:154:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
     memcpy((dest).value, (src).value, (dest).length); }
data/krb5-1.18.3/src/include/k5-int.h:2327:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, in, len);
data/krb5-1.18.3/src/include/k5-int.h:2338:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, in, len);
data/krb5-1.18.3/src/include/k5-platform.h:730:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(vp, &n, 2);
data/krb5-1.18.3/src/include/k5-platform.h:736:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(vp, &n, 4);
data/krb5-1.18.3/src/include/k5-platform.h:742:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(vp, &n, 8);
data/krb5-1.18.3/src/include/k5-platform.h:748:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&n, p, 2);
data/krb5-1.18.3/src/include/k5-platform.h:755:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&n, p, 4);
data/krb5-1.18.3/src/include/k5-platform.h:762:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&n, p, 8);
data/krb5-1.18.3/src/include/k5-platform.h:880:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define va_copy(dest, src)      memcpy(dest, src, sizeof(va_list))
data/krb5-1.18.3/src/include/k5-platform.h:994:9:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
#define mkstemp krb5int_mkstemp
data/krb5-1.18.3/src/include/k5-utf8.h:143:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char krb5int_utf8_lentab[128];
data/krb5-1.18.3/src/include/k5-utf8.h:144:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char krb5int_utf8_mintab[32];
data/krb5-1.18.3/src/include/krb5/audit_plugin.h:91:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char req_id[REQID_LEN];  /**< request ID */
data/krb5-1.18.3/src/include/krb5/audit_plugin.h:259:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    krb5_audit_open_fn      open;
data/krb5-1.18.3/src/include/krb5/pwqual_plugin.h:103:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    krb5_pwqual_open_fn open;
data/krb5-1.18.3/src/include/port-sockets.h:278:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        : (sprintf((DST), "%d.%d.%d.%d",                                \
data/krb5-1.18.3/src/include/port-sockets.h:279:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                   ((const unsigned char *)(const void *)(SRC))[0] & 0xff, \
data/krb5-1.18.3/src/include/port-sockets.h:280:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                   ((const unsigned char *)(const void *)(SRC))[1] & 0xff, \
data/krb5-1.18.3/src/include/port-sockets.h:281:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                   ((const unsigned char *)(const void *)(SRC))[2] & 0xff, \
data/krb5-1.18.3/src/include/port-sockets.h:282:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                   ((const unsigned char *)(const void *)(SRC))[3] & 0xff), \
data/krb5-1.18.3/src/include/win-mac.h:223:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define THREEPARAMOPEN(x,y,z) open(x,y,z)
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:120:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char out[50];
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:145:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char out[40];
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:671:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char reply[5];
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:719:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char reply[5];
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:790:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char newpw[1024];
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:791:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char prompt1[1024], prompt2[1024];
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:958:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(copy, contents, len);
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1069:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oprinc->kvno = atoi(argv[i]);
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1202:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newpw[1024], dummybuf[256];
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1203:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char prompt1[1024], prompt2[1024];
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1457:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char enctype[BUFSIZ], salttype[BUFSIZ];
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1578:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            policy->pw_min_length = atoi(argv[i]);
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1584:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            policy->pw_min_classes = atoi(argv[i]);
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1590:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            policy->pw_history_num = atoi(argv[i]);
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1597:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            policy->pw_max_fail = atoi(argv[i]);
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1707:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char reply[5];
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1831:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        keepkvno = atoi(argv[2]);
data/krb5-1.18.3/src/kadmin/cli/keytab.c:389:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        kvno = atoi(kvno_str);
data/krb5-1.18.3/src/kadmin/cli/keytab.c:497:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[100];
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:156:10:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    fd = mkstemp(*tmpname);
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:200:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600);
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:243:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errmsg[BUFSIZ];
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char regexp_buffer[RE_BUF_SIZE];
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:829:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[1024];
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:866:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[1024];
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:906:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[1024];
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:907:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keysaltbuf[KRB5_KDB_MAX_ALLOWED_KS_LEN + 1];
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:992:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rectype[100];
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:1100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char head[128];
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:1145:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ], *r;
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:1148:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(ifile, "r");
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:1210:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                ipropx_version = atoi(argv[aindex] + 2);
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:1472:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        f = fopen(dumpfile, "r");
data/krb5-1.18.3/src/kadmin/dbutil/kadm5_create.c:143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localname[MAXHOSTNAMELEN];
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_destroy.c:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5];
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:47:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char out[40];
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:369:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    use_kvno = atoi(argv[1]);
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:847:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ansbuf[100];
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:1059:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5];
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_stash.c:93:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmp[32];
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_util.c:274:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            global_params.kvno = (krb5_kvno) atoi(koptarg);
data/krb5-1.18.3/src/kadmin/dbutil/ovload.c:40:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        key_data->key_data_type[0] = atoi(cp);
data/krb5-1.18.3/src/kadmin/dbutil/ovload.c:47:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        key_data->key_data_length[0] = atoi(cp);
data/krb5-1.18.3/src/kadmin/dbutil/ovload.c:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                    line[LINESIZE];
data/krb5-1.18.3/src/kadmin/dbutil/ovload.c:145:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    rec->old_key_len = atoi(cp);
data/krb5-1.18.3/src/kadmin/dbutil/ovload.c:151:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    rec->old_key_next = atoi(cp);
data/krb5-1.18.3/src/kadmin/dbutil/ovload.c:157:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    rec->admin_history_kvno = atoi(cp);
data/krb5-1.18.3/src/kadmin/dbutil/t_tdumputil.c:83:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nf = atoi(*argv);
data/krb5-1.18.3/src/kadmin/dbutil/tabdump.c:147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/krb5-1.18.3/src/kadmin/dbutil/tabdump.c:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/krb5-1.18.3/src/kadmin/dbutil/tabdump.c:207:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/krb5-1.18.3/src/kadmin/dbutil/tabdump.c:571:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        f = fopen(opts->fname, "w");
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:145:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            kvno = (krb5_kvno) atoi(argv[++i]);
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:196:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1]));
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:198:64:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        com_err(argv[0], retval, _("while deleting entry %d"), atoi(argv[1]));
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:245:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char fmtbuf[18];
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:261:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            static char buf[256];
data/krb5-1.18.3/src/kadmin/ktutil/ktutil_funcs.c:165:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ];
data/krb5-1.18.3/src/kadmin/ktutil/ktutil_funcs.c:166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char promptstr[1024];
data/krb5-1.18.3/src/kadmin/ktutil/ktutil_funcs.c:357:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ktname[MAXPATHLEN+sizeof("WRFILE:")+1];
data/krb5-1.18.3/src/kadmin/server/auth_acl.c:398:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(fname, "r");
data/krb5-1.18.3/src/kadmin/server/ipropd_svc.c:125:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s, b->value, b->length);
data/krb5-1.18.3/src/kadmin/server/ipropd_svc.c:154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obuf[256] = {0};
data/krb5-1.18.3/src/kadmin/server/ipropd_svc.c:252:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cl, s, e - s);
data/krb5-1.18.3/src/kadmin/server/ipropd_svc.c:262:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char clhost[NI_MAXHOST] = {0};
data/krb5-1.18.3/src/kadmin/server/ovsec_kadmd.c:127:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(pid_file, "w");
data/krb5-1.18.3/src/kadmin/server/ovsec_kadmd.c:411:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            params.kadmind_port = atoi(*argv);
data/krb5-1.18.3/src/kadmin/server/schpw.c:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strresult[1024];
data/krb5-1.18.3/src/kadmin/server/schpw.c:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addrbuf[100];
data/krb5-1.18.3/src/kadmin/server/schpw.c:230:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&sin->sin_addr, addr->contents, addr->length);
data/krb5-1.18.3/src/kadmin/server/schpw.c:239:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&sin6->sin6_addr, addr->contents, addr->length);
data/krb5-1.18.3/src/kadmin/server/schpw.c:317:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, strresult, strlen(strresult));
data/krb5-1.18.3/src/kadmin/server/schpw.c:409:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, ap_rep.data, ap_rep.length);
data/krb5-1.18.3/src/kadmin/server/schpw.c:415:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, cipher.data, cipher.length);
data/krb5-1.18.3/src/kadmin/server/server_stubs.c:150:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char abuf[128];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:116:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[20];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:129:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "kadm5_handle%d", i);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:455:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2048];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:468:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%d", key->key_data_type[0]);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:470:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%d", key->key_data_ver > 1 ?
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:474:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buf, "0x");
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:476:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(buf + 2*(j+1), "%02x",
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:490:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2048];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:501:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%d", tl_data->tl_data_type);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:503:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%d", tl_data->tl_data_length);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:673:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:700:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%u", (unsigned int)princ->princ_expire_time);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:703:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%u", (unsigned int)princ->last_pwd_change);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:706:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%u", (unsigned int)princ->pw_expiration);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:709:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", princ->max_life);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:725:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%u", (unsigned int)princ->mod_date);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:736:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", princ->kvno);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:739:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", princ->mkvno);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:758:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", princ->max_renewable_life);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:761:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%u", (unsigned int)princ->last_success);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:764:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%u", (unsigned int)princ->last_failed);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:767:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", princ->fail_auth_count);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:770:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", princ->n_key_data);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:773:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", princ->n_tl_data);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1323:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1337:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%ld", policy->pw_min_life);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1340:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%ld", policy->pw_max_life);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1343:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%ld", policy->pw_min_length);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1346:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%ld", policy->pw_min_classes);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1349:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%ld", policy->pw_history_num);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1352:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%ld", policy->policy_refcnt);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1355:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", policy->pw_max_fail);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1358:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", policy->pw_failcnt_interval);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1361:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", policy->pw_lockout_duration);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1505:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[50];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1518:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1556:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[3];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1557:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(buf, "%02x", (int) keyblock->contents[i]);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:1957:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg_ret[1024], *msg_ret_var;
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:2039:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *keyblock_var, *num_var, buf[50];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:2081:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buf, "%d", num_keys);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:2511:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:2517:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:2519:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    (void) sprintf(buf, "%d", KADM5_API_VERSION_2);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:2521:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    (void) sprintf(buf, "%d", KADM5_API_VERSION_3);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:2523:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    (void) sprintf(buf, "%d", KADM5_API_VERSION_4);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:2525:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    (void) sprintf(buf, "%d", KADM5_API_VERSION_MASK);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:2527:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION_MASK);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_krb5_hash.c:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char int_buf[ID_BUF_SIZE];
data/krb5-1.18.3/src/kadmin/testing/util/tcl_krb5_hash.c:90:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(int_buf, "%d", id_counter++);
data/krb5-1.18.3/src/kdc/authind.c:112:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(list + count, strings, scount * sizeof(*strings));
data/krb5-1.18.3/src/kdc/dispatch.c:151:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[46];
data/krb5-1.18.3/src/kdc/do_as_req.c:832:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(e_data, e_data_in, count * sizeof(*e_data));
data/krb5-1.18.3/src/kdc/fast_util.c:461:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((*out)->contents, contents, len);
data/krb5-1.18.3/src/kdc/fast_util.c:713:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pa->contents, "MIT1", 4);
data/krb5-1.18.3/src/kdc/fast_util.c:715:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pa->contents + 8, enc.ciphertext.data, enc.ciphertext.length);
data/krb5-1.18.3/src/kdc/kdc_audit.c:106:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (vtable.open != NULL) {
data/krb5-1.18.3/src/kdc/kdc_audit.c:107:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            ret = vtable.open(&auctx);
data/krb5-1.18.3/src/kdc/kdc_authdata.c:516:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    enc_sp.data = (char *)sp_authdata[0]->contents;
data/krb5-1.18.3/src/kdc/kdc_authdata.c:601:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sp.delegated, deleg_path, count * sizeof(krb5_principal));
data/krb5-1.18.3/src/kdc/kdc_log.c:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fromstringbuf[70];
data/krb5-1.18.3/src/kdc/kdc_log.c:130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fromstringbuf[70];
data/krb5-1.18.3/src/kdc/kdc_preauth.c:524:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ckbuf[4];
data/krb5-1.18.3/src/kdc/kdc_preauth.c:819:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ckbuf[4];
data/krb5-1.18.3/src/kdc/kdc_preauth.c:853:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pa->contents + 8, cksum.contents, cksum.length);
data/krb5-1.18.3/src/kdc/kdc_preauth.c:1621:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pa->contents, tl_data.tl_data_contents, tl_data.tl_data_length);
data/krb5-1.18.3/src/kdc/kdc_transit.c:137:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(s, d->data, d->length);
data/krb5-1.18.3/src/kdc/kdc_transit.c:156:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        prev[MAX_REALM_LN];
data/krb5-1.18.3/src/kdc/kdc_transit.c:157:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        next[MAX_REALM_LN];
data/krb5-1.18.3/src/kdc/kdc_transit.c:158:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        current[MAX_REALM_LN];
data/krb5-1.18.3/src/kdc/kdc_transit.c:159:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        exp[MAX_REALM_LN];      /* Expanded current realm name     */
data/krb5-1.18.3/src/kdc/kdc_util.c:122:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(retdata[i]->contents, (*ptr)->contents, retdata[i]->length);
data/krb5-1.18.3/src/kdc/kdc_util.c:1121:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[64];
data/krb5-1.18.3/src/kdc/kdc_util.c:1140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[64];
data/krb5-1.18.3/src/kdc/kdc_util.c:1206:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(p, krb5_princ_component(context, req->user, i)->data,
data/krb5-1.18.3/src/kdc/kdc_util.c:1213:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, krb5_princ_realm(context, req->user)->data,
data/krb5-1.18.3/src/kdc/kdc_util.c:1219:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, req->auth_package.data, req->auth_package.length);
data/krb5-1.18.3/src/kdc/kdc_util.c:1449:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pa->contents,
data/krb5-1.18.3/src/kdc/kdc_util.c:1451:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&pa->contents[req_s4u_user->cksum.length],
data/krb5-1.18.3/src/kdc/main.c:211:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char          *hierarchy[4];
data/krb5-1.18.3/src/kdc/main.c:213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ename[32];
data/krb5-1.18.3/src/kdc/main.c:636:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char          *hierarchy[3];
data/krb5-1.18.3/src/kdc/main.c:784:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            workers = atoi(optarg);
data/krb5-1.18.3/src/kdc/main.c:810:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            time_offset = atoi(optarg);
data/krb5-1.18.3/src/kdc/main.c:875:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "w");
data/krb5-1.18.3/src/kdc/rtest.c:51:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dat, str, strlen(str));
data/krb5-1.18.3/src/kdc/rtest.c:88:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(otrans.data,argv[1], otrans.length);
data/krb5-1.18.3/src/kprop/kprop.c:354:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(dbpathname, O_RDONLY);
data/krb5-1.18.3/src/kprop/kprop.c:420:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[KPROP_BUFSIZ];
data/krb5-1.18.3/src/kprop/kprop_util.c:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *canonhost, localname[MAXHOSTNAMELEN];
data/krb5-1.18.3/src/kprop/kpropd.c:184:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(path, "w");
data/krb5-1.18.3/src/kprop/kpropd.c:293:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        devnull = open("/dev/null", O_RDWR);
data/krb5-1.18.3/src/kprop/kpropd.c:489:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char host[INET6_ADDRSTRLEN + 1];
data/krb5-1.18.3/src/kprop/kpropd.c:546:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    lock_fd = open(temp_file_name, O_RDWR | O_CREAT, 0600);
data/krb5-1.18.3/src/kprop/kpropd.c:555:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    database_fd = open(temp_file_name, O_WRONLY | O_CREAT | O_TRUNC, 0600);
data/krb5-1.18.3/src/kprop/kpropd.c:1031:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char error_buf[8096];
data/krb5-1.18.3/src/kprop/kpropd.c:1190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *name, etypebuf[100];
data/krb5-1.18.3/src/kprop/kpropd.c:1292:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *name, *ptr, buf[1024];
data/krb5-1.18.3/src/kprop/kpropd.c:1302:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    acl_file = fopen(acl_file_name, "r");
data/krb5-1.18.3/src/kprop/kpropd.c:1350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/krb5-1.18.3/src/kprop/kpropd.c:1463:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/krb5-1.18.3/src/kprop/kpropd.c:1523:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *edit_av[10];
data/krb5-1.18.3/src/kprop/kproplog.c:79:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[30];
data/krb5-1.18.3/src/kprop/kproplog.c:410:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(filename, O_RDONLY);
data/krb5-1.18.3/src/kprop/kproplog.c:440:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            entry = atoi(optarg);
data/krb5-1.18.3/src/lib/apputils/daemon.c:73:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		n = open("/dev/tty", O_RDWR);
data/krb5-1.18.3/src/lib/apputils/daemon.c:85:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		int devnull = open(_PATH_DEVNULL, O_RDWR, 0);
data/krb5-1.18.3/src/lib/apputils/net-server.c:100:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[100];
data/krb5-1.18.3/src/lib/apputils/net-server.c:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char portbuf[10];
data/krb5-1.18.3/src/lib/apputils/net-server.c:143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addrbuf[56];
data/krb5-1.18.3/src/lib/apputils/net-server.c:155:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char lenbuf[4];
data/krb5-1.18.3/src/lib/apputils/net-server.c:974:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pktbuf[MAX_DGRAM_SIZE];
data/krb5-1.18.3/src/lib/apputils/net-server.c:997:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char saddrbuf[NI_MAXHOST], sportbuf[NI_MAXSERV];
data/krb5-1.18.3/src/lib/apputils/net-server.c:998:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char daddrbuf[NI_MAXHOST];
data/krb5-1.18.3/src/lib/apputils/net-server.c:1143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[10];
data/krb5-1.18.3/src/lib/apputils/net-server.c:1460:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmpbuf[10];
data/krb5-1.18.3/src/lib/apputils/udppktinfo.c:289:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmsg[CMSG_SPACE(sizeof(union pktinfo))];
data/krb5-1.18.3/src/lib/apputils/udppktinfo.c:463:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cbuf[CMSG_SPACE(sizeof(union pktinfo))];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:12:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char key[16];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:16:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ivec[16];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:17:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char input[4*16];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:18:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output[4*16];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:50:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char fipskey[16] = {
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:53:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char input[16] = {
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:57:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char expected[16] = {
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:61:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output[16];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:62:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[16];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:128:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[B];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:130:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (tmp, iv, B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:137:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (tmp, out + i, B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:148:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[B];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:149:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (tmp, iv, B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:155:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (out + i, tmp, B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:166:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pn1[B], pn[B], cn[B], cn1[B];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:187:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (pn, in+B, len-B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:194:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, cn1, B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:195:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out+B, cn, len-B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:204:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pn1[B], pn[B], cn[B], cn1[B];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:217:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (cn1, in, B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:221:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (cn, in+B, len-B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:223:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (cn+len-B, pn+len-B, 2*B-len);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:227:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, pn1, B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:228:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out+B, pn, len-B);
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:234:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[4*B];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:260:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char ivec[16] = { 0 };
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:265:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[4*B];
data/krb5-1.18.3/src/lib/crypto/builtin/aes/aes-gen.c:294:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[4*B];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:12:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char key[16];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:16:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ivec[16];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:17:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char input[4*16];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:18:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output[4*16];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:51:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char fipskey[16] = {
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:55:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char input[16] = {
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:59:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char expected[16] = {
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:63:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output[16];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:64:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[16];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:133:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[B];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:135:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (tmp, iv, B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:142:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (tmp, out + i, B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:154:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[B];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:155:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (tmp, iv, B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:161:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (out + i, tmp, B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:172:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pn1[B], pn[B], cn[B], cn1[B];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:193:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (pn, in+B, len-B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:200:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, cn1, B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:201:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out+B, cn, len-B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:210:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pn1[B], pn[B], cn[B], cn1[B];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:223:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (cn1, in, B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:227:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (cn, in+B, len-B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:229:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (cn+len-B, pn+len-B, 2*B-len);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:233:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, pn1, B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:234:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out+B, pn, len-B);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:240:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[4*B];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:266:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char ivec[16] = { 0 };
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:271:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[4*B];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia-gen.c:300:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[4*B];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia.c:953:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char kk[32];
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia.c:956:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(kk, key, 24);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia.c:957:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((unsigned char *)&krll, key+16,4);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia.c:958:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((unsigned char *)&krlr, key+20,4);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia.c:961:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(kk+24, (unsigned char *)&krrl, 4);
data/krb5-1.18.3/src/lib/crypto/builtin/camellia/camellia.c:962:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(kk+28, (unsigned char *)&krrr, 4);
data/krb5-1.18.3/src/lib/crypto/builtin/des/d3_aead.c:40:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char block[MIT_DES_BLOCK_LENGTH];
data/krb5-1.18.3/src/lib/crypto/builtin/des/d3_aead.c:87:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char block[MIT_DES_BLOCK_LENGTH];
data/krb5-1.18.3/src/lib/crypto/builtin/des/des_int.h:92:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char des_cblock[8]     /* crypto-block size */
data/krb5-1.18.3/src/lib/crypto/builtin/des/destest.c:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char block1[17], block2[17], block3[17];
data/krb5-1.18.3/src/lib/crypto/builtin/des/destest.c:71:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    union { unsigned char c[8*4+3]; long l; } u;
data/krb5-1.18.3/src/lib/crypto/builtin/des/f_aead.c:40:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char block[MIT_DES_BLOCK_LENGTH];
data/krb5-1.18.3/src/lib/crypto/builtin/des/f_aead.c:81:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char block[MIT_DES_BLOCK_LENGTH];
data/krb5-1.18.3/src/lib/crypto/builtin/des/f_aead.c:134:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char block[MIT_DES_BLOCK_LENGTH];
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:77:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char cipher_text[64];
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:78:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char clear_text[64] = "Now is the time for all " ;
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:79:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char clear_text2[64] = "7654321 Now is the time for ";
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:80:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0};
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:81:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char output[64];
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:82:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0};
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:83:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:87:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char default_key[8] = {
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:90:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f };
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:91:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 };
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:93:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char default_ivec[8] = {
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:97:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:99:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char cipher1[8] = {
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:102:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char cipher2[8] = {
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:105:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char cipher3[64] = {
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:110:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char checksum[8] = {
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:114:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char zresult[8] = {
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:118:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char mresult[8] = {
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:210:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv, data, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:218:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char last_cipherblock[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:226:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(last_cipherblock, data, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:232:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(iv, last_cipherblock, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:239:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv[BLOCK_SIZE], block[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:240:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char blockN2[BLOCK_SIZE], blockN1[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:261:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv, ivec->data, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:292:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, iv, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:301:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv[BLOCK_SIZE], dummy_iv[BLOCK_SIZE], block[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:302:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char blockN2[BLOCK_SIZE], blockN1[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:324:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv, ivec->data, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:349:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, blockN2, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/aes.c:358:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(blockN1 + last_len, blockN2 + last_len, BLOCK_SIZE - last_len);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:92:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv, data, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:100:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char last_cipherblock[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:104:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(last_cipherblock, data, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:111:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(iv, last_cipherblock, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:118:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv[BLOCK_SIZE], block[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:119:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char blockN2[BLOCK_SIZE], blockN1[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:140:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv, ivec->data, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:171:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, iv, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:180:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv[BLOCK_SIZE], dummy_iv[BLOCK_SIZE], block[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:181:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char blockN2[BLOCK_SIZE], blockN1[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:203:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv, ivec->data, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:228:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, blockN2, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:237:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(blockN1 + last_len, blockN2 + last_len, BLOCK_SIZE - last_len);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:252:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv[BLOCK_SIZE], block[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:263:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv, ivec->data, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/camellia.c:272:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output->data, iv, BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/enc_provider/rc4.c:16:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char state[256];
data/krb5-1.18.3/src/lib/crypto/builtin/hash_provider/hash_md4.c:51:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH);
data/krb5-1.18.3/src/lib/crypto/builtin/hash_provider/hash_md5.c:51:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output->data, ctx.digest, RSA_MD5_CKSUM_LENGTH);
data/krb5-1.18.3/src/lib/crypto/builtin/hmac.c:86:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ihash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
data/krb5-1.18.3/src/lib/crypto/builtin/md4/md4.c:41:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char PADDING[64] = {
data/krb5-1.18.3/src/lib/crypto/builtin/md4/rsa-md4.h:77:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char in[64];                 /* input buffer */
data/krb5-1.18.3/src/lib/crypto/builtin/md4/rsa-md4.h:78:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[16];             /* actual digest after MD4Final call */
data/krb5-1.18.3/src/lib/crypto/builtin/md5/md5.c:54:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char PADDING[64] = {
data/krb5-1.18.3/src/lib/crypto/builtin/md5/rsa-md5.h:46:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char in[64];                 /* input buffer */
data/krb5-1.18.3/src/lib/crypto/builtin/md5/rsa-md5.h:47:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[16];             /* actual digest after MD5Final call */
data/krb5-1.18.3/src/lib/crypto/builtin/pbkdf2.c:101:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ibytes[4];
data/krb5-1.18.3/src/lib/crypto/builtin/pbkdf2.c:110:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(u_tmp2, salt->data, salt->length);
data/krb5-1.18.3/src/lib/crypto/builtin/pbkdf2.c:111:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(u_tmp2 + salt->length, ibytes, 4);
data/krb5-1.18.3/src/lib/crypto/builtin/pbkdf2.c:120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output, u_tmp1, hlen);
data/krb5-1.18.3/src/lib/crypto/builtin/pbkdf2.c:125:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(u_tmp2, u_tmp1, hlen);
data/krb5-1.18.3/src/lib/crypto/builtin/pbkdf2.c:144:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utmp3[128];             /* XXX length shouldn't be hardcoded! */
data/krb5-1.18.3/src/lib/crypto/builtin/pbkdf2.c:179:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(output->data + (i-1) * hlen, utmp3,
data/krb5-1.18.3/src/lib/crypto/builtin/pbkdf2.c:194:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[128];
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:80:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                               Dflag = atoi(*++argv);
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:142:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char results1[SHS_DIGESTSIZE] = {
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:149:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[SHS_DIGESTSIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:157:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:175:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char results2[SHS_DIGESTSIZE] = {
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:182:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[SHS_DIGESTSIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:192:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:210:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char results3[SHS_DIGESTSIZE] = {
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:217:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[SHS_DIGESTSIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:228:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:280:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char results4[SHS_DIGESTSIZE] = {
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:287:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[SHS_DIGESTSIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:295:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:313:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char results5[SHS_DIGESTSIZE] = {
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:320:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[SHS_DIGESTSIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:329:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:347:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char results6[SHS_DIGESTSIZE] = {
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:360:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[SHS_DIGESTSIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:414:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:453:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:471:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char results7[SHS_DIGESTSIZE] = {
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:491:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[SHS_DIGESTSIZE];
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:549:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/sha1/t_shs3.c:578:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha2.h:52:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char save[64];
data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha2.h:58:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char save[128];
data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha256.c:206:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(m->save + offset, p, l);
data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha256.c:231:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char zeros[72];
data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha512.c:212:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(m->save + offset, p, l);
data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha512.c:237:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char zeros[128 + 16];
data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha512.c:302:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char data[SHA512_DIGEST_LENGTH];
data/krb5-1.18.3/src/lib/crypto/builtin/sha2/sha512.c:304:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(res, data, SHA384_DIGEST_LENGTH);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/aes-test.c:35:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char key[32];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/aes-test.c:36:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char plain[16], cipher[16], zero[16];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/aes-test.c:52:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cipher, plain, 16);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/camellia-test.c:33:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char key[32];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/camellia-test.c:34:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char plain[16], cipher[16], zero[16];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cf2.c:51:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pepper1[1025], pepper2[1025];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cf2.c:57:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char s[1025];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cksums.c:210:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[64];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cmac.c:108:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char resultbuf[16];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cts.c:82:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char input[4*16] =
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cts.c:84:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char aeskey[16] = "chicken teriyaki";
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cts.c:88:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outbuf[64], encivbuf[16], decivbuf[16];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cts.c:119:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(outbuf, input, lengths[i]);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_decrypt.c:555:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_derive.c:351:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[64];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_encrypt.c:167:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_encrypt.c:180:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_encrypt.c:208:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(iov[1].data.data, in.data, in.length);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_hmac.c:79:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[180];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_hmac.c:81:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char data[80];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_hmac.c:89:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[40];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_hmac.c:129:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outbuf[20], *hexdigest;
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_hmac.c:226:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        in = make_data((char *)md5tests[i].data, md5tests[i].data_len);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_kperf.c:69:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    blocksize = atoi(argv[3]);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_kperf.c:70:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    num_blocks = atoi(argv[4]);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mddriver.c:38:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[16];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mddriver.c:156:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[16];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mddriver.c:170:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char block[TEST_BLOCK_LEN], digest[16];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mddriver.c:205:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[16];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mddriver.c:250:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[16];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:52:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char exp[192/8];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:74:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char outbuf[192/8];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:78:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char *p = (unsigned char *) tests[i].input;
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:80:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        krb5int_nfold (8 * strlen ((char *) p), p, tests[i].n, outbuf);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:97:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char cipher_text[300];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:116:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char nfold_192[4][24] = {
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:132:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char cipher_text[64];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:137:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]),
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:140:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        krb5int_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8,
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_pkcs5.c:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char x[100];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_pkcs5.c:54:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const unsigned char expected[24];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_sha2.c:41:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[64];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_str2key.c:487:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[64];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:74:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char outbuf[192/8];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:121:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char key_contents[60];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:124:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[80];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:167:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char key_contents[60];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:170:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[80];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:233:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char keydata[KEYLENGTH];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:235:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char usage[8];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:325:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char drData[KEYBYTES];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:327:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char dkData[KEYLENGTH];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:393:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char x[100];
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:394:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char x2[100];
data/krb5-1.18.3/src/lib/crypto/krb/aead.c:182:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(block + bsz - remain, iov->data.data + cursor->in_pos, nbytes);
data/krb5-1.18.3/src/lib/crypto/krb/aead.c:214:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iov->data.data + cursor->out_pos, block + bsz - remain, nbytes);
data/krb5-1.18.3/src/lib/crypto/krb/cf2.c:64:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&prf_in.data[1], input->data, input->length);
data/krb5-1.18.3/src/lib/crypto/krb/cf2.c:71:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&output->data[i * prflen], prf_out.data,
data/krb5-1.18.3/src/lib/crypto/krb/checksum_dk_cmac.c:39:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char constantdata[K5CLENGTH];
data/krb5-1.18.3/src/lib/crypto/krb/checksum_dk_hmac.c:40:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char constantdata[K5CLENGTH];
data/krb5-1.18.3/src/lib/crypto/krb/checksum_hmac_md5.c:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char t[4];
data/krb5-1.18.3/src/lib/crypto/krb/checksum_hmac_md5.c:76:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
data/krb5-1.18.3/src/lib/crypto/krb/cmac.c:31:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char const_Rb[BLOCK_SIZE] = {
data/krb5-1.18.3/src/lib/crypto/krb/cmac.c:70:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char L[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/krb/cmac.c:71:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/krb/cmac.c:128:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char Y[BLOCK_SIZE], M_last[BLOCK_SIZE], padded[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/krb/cmac.c:129:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char K1[BLOCK_SIZE], K2[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/krb/cmac.c:130:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char input[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/krb/cmac.c:197:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output->data, d.data, d.length);
data/krb5-1.18.3/src/lib/crypto/krb/crypto_int.h:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hash_name[8];
data/krb5-1.18.3/src/lib/crypto/krb/crypto_int.h:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *aliases[MAX_ETYPE_ALIASES];
data/krb5-1.18.3/src/lib/crypto/krb/crypto_int.h:163:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *aliases[2];
data/krb5-1.18.3/src/lib/crypto/krb/decrypt.c:63:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(iov[0].data.data, input->ciphertext.data, header_len);
data/krb5-1.18.3/src/lib/crypto/krb/decrypt.c:67:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(iov[1].data.data, input->ciphertext.data + header_len, plain_len);
data/krb5-1.18.3/src/lib/crypto/krb/decrypt.c:75:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(iov[3].data.data, input->ciphertext.data + header_len + plain_len,
data/krb5-1.18.3/src/lib/crypto/krb/derive.c:104:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(block.data, in_constant->data, blocksize);
data/krb5-1.18.3/src/lib/crypto/krb/derive.c:119:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(outrnd->data + n, block.data, (keybytes - n));
data/krb5-1.18.3/src/lib/crypto/krb/derive.c:123:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(outrnd->data + n, block.data, blocksize);
data/krb5-1.18.3/src/lib/crypto/krb/derive.c:151:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ibuf[4], Lbuf[4];
data/krb5-1.18.3/src/lib/crypto/krb/derive.c:195:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(outrnd->data + n, prf.data, keybytes - n);
data/krb5-1.18.3/src/lib/crypto/krb/derive.c:198:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(outrnd->data + n, prf.data, blocksize);
data/krb5-1.18.3/src/lib/crypto/krb/derive.c:224:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ibuf[4], lbuf[4];
data/krb5-1.18.3/src/lib/crypto/krb/derive.c:254:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(outrnd->data, prf.data, outrnd->length);
data/krb5-1.18.3/src/lib/crypto/krb/enc_dk_cmac.c:58:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[K5CLENGTH];
data/krb5-1.18.3/src/lib/crypto/krb/enc_dk_hmac.c:76:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char constantdata[K5CLENGTH];
data/krb5-1.18.3/src/lib/crypto/krb/enc_dk_hmac.c:168:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(trailer->data.data, cksum, hmacsize);
data/krb5-1.18.3/src/lib/crypto/krb/enc_dk_hmac.c:186:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char constantdata[K5CLENGTH];
data/krb5-1.18.3/src/lib/crypto/krb/enc_etm.c:120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(iovs + 1, data, num_data * sizeof(*iovs));
data/krb5-1.18.3/src/lib/crypto/krb/enc_etm.c:168:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivcopy.data, ivec->data, ivec->length);
data/krb5-1.18.3/src/lib/crypto/krb/enc_etm.c:194:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(trailer->data.data, cksum.data, trailer_len);
data/krb5-1.18.3/src/lib/crypto/krb/enc_etm.c:199:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, ivcopy.data, ivcopy.length);
data/krb5-1.18.3/src/lib/crypto/krb/enc_rc4.c:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char salt_buf[14];
data/krb5-1.18.3/src/lib/crypto/krb/enc_rc4.c:53:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(salt_buf, l40, 10);
data/krb5-1.18.3/src/lib/crypto/krb/encrypt.c:64:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iov[1].data.data, input->data, input->length);
data/krb5-1.18.3/src/lib/crypto/krb/keyblocks.c:104:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(to->contents, from->contents, to->length);
data/krb5-1.18.3/src/lib/crypto/krb/make_checksum_iov.c:68:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(checksum->data.data, cksum_data.data, ctp->output_size);
data/krb5-1.18.3/src/lib/crypto/krb/old_api_glue.c:263:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(outcksum->contents, cksum.contents, cksum.length);
data/krb5-1.18.3/src/lib/crypto/krb/prf_dk.c:64:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out->data, iov.data.data, out->length);
data/krb5-1.18.3/src/lib/crypto/krb/prng.c:77:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(device, O_RDONLY);
data/krb5-1.18.3/src/lib/crypto/krb/prng_device.c:45:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(DEVICE, O_RDWR, 0);
data/krb5-1.18.3/src/lib/crypto/krb/prng_device.c:47:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(DEVICE, O_RDONLY, 0);
data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c:107:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char counter[AES256_BLOCKSIZE];
data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c:108:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[AES256_KEYSIZE];
data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c:128:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char zero[SHA256_BLOCKSIZE];
data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c:219:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char result[AES256_BLOCKSIZE];
data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c:226:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dst, result, n);
data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c:249:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash_result[SHA256_HASHSIZE];
data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c:282:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char lenbuf[2];
data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c:328:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(last, &tv, sizeof(tv));
data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c:357:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char osbuf[64];
data/krb5-1.18.3/src/lib/crypto/krb/prng_fortuna.c:420:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pidbuf[4];
data/krb5-1.18.3/src/lib/crypto/krb/random_to_key.c:71:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(keyblock->contents, randombits->data, randombits->length);
data/krb5-1.18.3/src/lib/crypto/krb/random_to_key.c:93:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(keyblock->contents, randombits->data, randombits->length);
data/krb5-1.18.3/src/lib/crypto/krb/random_to_key.c:113:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&keyblock->contents[i * 8], &randombits->data[i * 7], 7);
data/krb5-1.18.3/src/lib/crypto/krb/s2k_pbkdf2.c:65:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(concat, string->data, string->length);
data/krb5-1.18.3/src/lib/crypto/krb/s2k_pbkdf2.c:67:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(concat + string->length, salt->data, salt->length);
data/krb5-1.18.3/src/lib/crypto/krb/s2k_pbkdf2.c:154:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(sandp.data, pepper->data, pepper->length);
data/krb5-1.18.3/src/lib/crypto/krb/s2k_pbkdf2.c:157:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&sandp.data[pepper->length + 1], salt->data, salt->length);
data/krb5-1.18.3/src/lib/crypto/krb/t_fortuna.c:86:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char buffer[1024 * 1024];
data/krb5-1.18.3/src/lib/crypto/krb/t_fortuna.c:120:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char buf[2 * 1024 * 1024];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/aes.c:67:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char   iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/aes.c:101:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char    iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/aes.c:136:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char          iv_cts[IV_CTS_BUF_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/aes.c:144:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv_cts, ivec->data,ivec->length);
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/aes.c:171:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, iv_cts, sizeof(iv_cts));
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/aes.c:189:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char          iv_cts[IV_CTS_BUF_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/aes.c:197:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv_cts, ivec->data,ivec->length);
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/aes.c:224:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, iv_cts, sizeof(iv_cts));
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:91:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char   iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:125:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char    iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:160:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char          iv_cts[IV_CTS_BUF_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:168:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv_cts, ivec->data,ivec->length);
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:195:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, iv_cts, sizeof(iv_cts));
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:213:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char          iv_cts[IV_CTS_BUF_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:221:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(iv_cts, ivec->data,ivec->length);
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:248:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, iv_cts, sizeof(iv_cts));
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:304:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char blockY[CAMELLIA_BLOCK_SIZE], blockB[CAMELLIA_BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:314:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(blockY, iv->data, CAMELLIA_BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/camellia.c:325:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output->data, blockY, CAMELLIA_BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/des3.c:82:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/des3.c:114:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, oblock, DES3_BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/des3.c:131:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iblock[DES3_BLOCK_SIZE], oblock[DES3_BLOCK_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/enc_provider/des3.c:164:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ivec->data, iblock, DES3_BLOCK_SIZE);
data/krb5-1.18.3/src/lib/crypto/openssl/hmac.c:121:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char md[EVP_MAX_MD_SIZE];
data/krb5-1.18.3/src/lib/crypto/openssl/hmac.c:152:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(output->data, md, output->length);
data/krb5-1.18.3/src/lib/gssapi/generic/gssapiP_generic.h:78:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((ptr), (str), (len));                 \
data/krb5-1.18.3/src/lib/gssapi/generic/gssapiP_generic.h:286:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(output_buffer->value, input_k5buf->data,
data/krb5-1.18.3/src/lib/gssapi/generic/gssapi_alloc.h:67:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, "gssalloc", 8);
data/krb5-1.18.3/src/lib/gssapi/generic/gssapi_alloc.h:125:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(copy, str, size);
data/krb5-1.18.3/src/lib/gssapi/generic/gssapi_ext.h:622:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char auth_scheme[16]);
data/krb5-1.18.3/src/lib/gssapi/generic/oid_ops.c:129:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p->elements, oid->elements, p->length);
data/krb5-1.18.3/src/lib/gssapi/generic/oid_ops.c:176:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((*oid_set)->elements,
data/krb5-1.18.3/src/lib/gssapi/generic/oid_ops.c:185:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(lastel->elements, member_oid->elements,
data/krb5-1.18.3/src/lib/gssapi/generic/oid_ops.c:437:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(oid->elements, prefix, prefix_len);
data/krb5-1.18.3/src/lib/gssapi/generic/oid_ops.c:542:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        (void) memcpy(out->elements, in->elements, in->length);
data/krb5-1.18.3/src/lib/gssapi/generic/util_buffer_set.c:89:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p->value, member_buffer->value, member_buffer->length);
data/krb5-1.18.3/src/lib/gssapi/generic/util_errmap.c:86:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest->mech.elements, src.mech.elements, src.mech.length);
data/krb5-1.18.3/src/lib/gssapi/generic/util_errmap.c:179:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen("/dev/pts/9", "w+");
data/krb5-1.18.3/src/lib/gssapi/generic/util_seqstate.c:140:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*buf, state, sizeof(*state));
data/krb5-1.18.3/src/lib/gssapi/generic/util_seqstate.c:158:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(state, *buf, sizeof(*state));
data/krb5-1.18.3/src/lib/gssapi/krb5/acquire_cred.c:271:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ccname[256] = "";
data/krb5-1.18.3/src/lib/gssapi/krb5/acquire_cred.c:329:30:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        cred->refresh_time = atol(data0.data);
data/krb5-1.18.3/src/lib/gssapi/krb5/acquire_cred.c:545:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/krb5-1.18.3/src/lib/gssapi/krb5/export_cred.c:114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[1024];
data/krb5-1.18.3/src/lib/gssapi/krb5/export_name.c:79:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cp, gss_mech_krb5->elements, gss_mech_krb5->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/export_name.c:83:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cp, str, length);
data/krb5-1.18.3/src/lib/gssapi/krb5/gssapiP_krb5.h:212:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char seed[16];
data/krb5-1.18.3/src/lib/gssapi/krb5/gssapiP_krb5.h:1264:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(output_buffer->value, input_k5data->data, output_buffer->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/gssapi_krb5.c:758:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lname[BUFSIZ];
data/krb5-1.18.3/src/lib/gssapi/krb5/iakerb.c:155:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p + ctx->conv.length, token->value, token->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/iakerb.c:283:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(data->data + data->length, request->data, request->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/iakerb.c:305:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(q, data->data, data->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/import_name.c:102:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(service, str, servicelen);
data/krb5-1.18.3/src/lib/gssapi/krb5/import_name.c:113:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(host, at + 1, hostlen);
data/krb5-1.18.3/src/lib/gssapi/krb5/import_name.c:195:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char pwbuf[BUFSIZ];
data/krb5-1.18.3/src/lib/gssapi/krb5/import_name.c:223:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            uid = atoi(tmp);
data/krb5-1.18.3/src/lib/gssapi/krb5/inq_context.c:203:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char oid_buf[GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH + 6];
data/krb5-1.18.3/src/lib/gssapi/krb5/k5seal.c:175:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(plain+conflen, text->value, text->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5seal.c:186:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(data_ptr, ptr-2, 8);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5seal.c:187:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(data_ptr+8, plain, msglen);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5seal.c:207:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (ptr+14, md5cksum.contents, md5cksum.length);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5seal.c:210:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (ptr+14, md5cksum.contents, cksum_size);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5seal.c:229:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char bigend_seqnum[4];
data/krb5-1.18.3/src/lib/gssapi/krb5/k5seal.c:268:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ptr+14+cksum_size, plain, tmsglen);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealiov.c:183:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr + 14, md5cksum.contents, md5cksum.length);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealiov.c:186:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealiov.c:198:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char bigend_seqnum[4];
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:51:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tbuf, ptr, rc);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:53:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *)ptr + bufsiz - rc, tbuf, rc);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:158:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(plain.data, message->value, message->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:161:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(plain.data + message->length + ec, outbuf, 16);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:234:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(plain.data, message->value, message->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:235:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(plain.data + message->length, outbuf, 16);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:240:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(outbuf + 16, message2->value, message2->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:256:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(outbuf + 16 + message2->length, sum.contents, cksumsize);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:467:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(message_buffer->value, plain.data, message_buffer->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:487:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(plain.data, message_buffer->value, message_buffer->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3.c:488:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(plain.data + message_buffer->length, ptr, 16);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5sealv3iov.c:164:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tbuf + ec, header->buffer.value, 16);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5unseal.c:179:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char bigend_seqnum[4];
data/krb5-1.18.3/src/lib/gssapi/krb5/k5unseal.c:237:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(token.value, plain+conflen, token.length);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5unseal.c:291:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        (void) memcpy(data_ptr, ptr-2, 8);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5unseal.c:293:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        (void) memcpy(data_ptr+8, plain, plainlen);
data/krb5-1.18.3/src/lib/gssapi/krb5/k5unsealiov.c:139:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char bigend_seqnum[4];
data/krb5-1.18.3/src/lib/gssapi/krb5/k5unsealiov.c:563:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tdata->buffer.value,
data/krb5-1.18.3/src/lib/gssapi/krb5/krb5_gss_glue.c:159:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char oid_buf[GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH + 6];
data/krb5-1.18.3/src/lib/gssapi/krb5/krb5_gss_glue.c:344:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6];
data/krb5-1.18.3/src/lib/gssapi/krb5/lucid_context.c:254:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(lkey->data, k5key->contents, k5key->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/naming_exts.c:643:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cp, gss_mech_krb5->elements, gss_mech_krb5->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/naming_exts.c:648:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cp, princstr, princlen);
data/krb5-1.18.3/src/lib/gssapi/krb5/naming_exts.c:655:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(cp, attrs->data, attrs->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/prf.c:114:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ns.data + 4, prf_in->value, prf_in->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/prf.c:124:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, t.data, MIN(t.length, desired_output_len));
data/krb5-1.18.3/src/lib/gssapi/krb5/util_cksum.c:100:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(temp, cksum->contents, cksum->length);
data/krb5-1.18.3/src/lib/gssapi/krb5/util_cksum.c:170:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        kiov[i].data.data = (char *)iov[j].buffer.value;
data/krb5-1.18.3/src/lib/gssapi/krb5/util_cksum.c:177:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        checksum->contents = (unsigned char *)kiov[0].data.data;
data/krb5-1.18.3/src/lib/gssapi/krb5/util_cksum.c:238:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        kiov[i].data.data = (char *)iov[j].buffer.value;
data/krb5-1.18.3/src/lib/gssapi/krb5/util_crypt.c:189:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data->data, iv, blocksize);
data/krb5-1.18.3/src/lib/gssapi/krb5/util_crypt.c:271:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output_buf, input_buf, input_len);
data/krb5-1.18.3/src/lib/gssapi/krb5/util_crypt.c:327:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        kiov[i].data.data = (char *)iov[j].buffer.value;
data/krb5-1.18.3/src/lib/gssapi/krb5/util_crypt.c:424:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        kiov[i].data.data = (char *)iov[j].buffer.value;
data/krb5-1.18.3/src/lib/gssapi/krb5/util_seed.c:29:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char zeros[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0};
data/krb5-1.18.3/src/lib/gssapi/krb5/util_seqnum.c:41:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char plain[8];
data/krb5-1.18.3/src/lib/gssapi/krb5/util_seqnum.c:71:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char plain[8];
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c:457:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(new_mechs_array, union_cred->mechs_array,
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_acquire_cred_imp_name.c:459:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(new_cred_array, union_cred->cred_array,
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:451:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(new_mechs_array, union_cred->mechs_array,
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:453:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(new_cred_array, union_cred->cred_array,
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_decapsulate_token.c:62:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output_token->value, buf_in, body_size);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_dsp_name.c:109:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(output_name_buffer->value,
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_dsp_name_ext.c:127:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(output_name_buffer->value,
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_encapsulate_token.c:61:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, input_token->value, input_token->length);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_exp_sec_context.c:130:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf+4, ctx->mech_type->elements, (size_t) ctx->mech_type->length);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_exp_sec_context.c:131:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf+4+ctx->mech_type->length, token.value, token.length);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_glue.c:500:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(buf, tokId, tokIdLen);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_glue.c:521:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(buf, mech_type->elements, mech_type->length);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_glue.c:529:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(buf, dispName.value, dispName.length);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_glue.c:751:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(aBuf->value, srcBuf->value, srcBuf->length);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_imp_cred.c:162:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(elemcopy, selected_mech->elements, selected_mech->length);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_initialize.c:913:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(o->elements, pre->elements, pre->length);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_initialize.c:914:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *)o->elements + pre->length, real->elements,
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_initialize.c:1264:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[BUFSIZ], *oidStr;
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_initialize.c:1267:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((confFile = fopen(fileName, "r")) == NULL) {
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_initialize.c:1350:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subKeyName[256];
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_initialize.c:1487:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sharedPath[sizeof (MECH_LIB_PREFIX) + BUFSIZ];
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_negoex.c:211:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char auth_scheme[16])
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_saslname.c:36:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char sasl_name[OID_SASL_NAME_LENGTH + 1])
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_saslname.c:38:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char derBuf[2];
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_saslname.c:40:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char cksumBuf[20], *q = cksumBuf;
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_saslname.c:66:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, "GS2-", 4);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_saslname.c:195:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char mappedName[OID_SASL_NAME_LENGTH + 1];
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_wrap_aead.c:149:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(iov[i].buffer.value, input_payload_buffer->value, iov[i].buffer.length);
data/krb5-1.18.3/src/lib/gssapi/mechglue/gssd_pname_to_uid.c:198:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pwbuf[BUFSIZ];
data/krb5-1.18.3/src/lib/gssapi/mechglue/gssd_pname_to_uid.c:211:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(localuser, localname.value, localname.length);
data/krb5-1.18.3/src/lib/gssapi/mechglue/mglueP.h:19:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((o1)->elements, (o2)->elements, (o2)->length);	\
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_ctx.c:602:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output_token->value,
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_trace.c:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char trace_msg[128];
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_trace.c:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szAuthScheme[37];
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_trace.c:91:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char trace_msg[128];
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_trace.c:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char conv_str[37];
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:153:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:277:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(msg->scheme, p, GUID_LENGTH);
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:303:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(msg->scheme, p, GUID_LENGTH);
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:342:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(msg->scheme, p, GUID_LENGTH);
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:407:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ctx->negoex_conv_id, conv_id, GUID_LENGTH);
data/krb5-1.18.3/src/lib/gssapi/spnego/negoex_util.c:746:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mech->scheme, scheme, GUID_LENGTH);
data/krb5-1.18.3/src/lib/gssapi/spnego/spnego_mech.c:1257:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ptr, hintname, hintname_len);
data/krb5-1.18.3/src/lib/gssapi/spnego/spnego_mech.c:3373:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*buf_out, mech->elements, mech->length);
data/krb5-1.18.3/src/lib/gssapi/spnego/spnego_mech.c:3405:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(input_token->value, *buff_in, input_token->length);
data/krb5-1.18.3/src/lib/gssapi/spnego/spnego_mech.c:3615:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(der_mechSet->value, tmpbuf.value, tmpbuf.length);
data/krb5-1.18.3/src/lib/gssapi/spnego/spnego_mech.c:3958:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	(void) memcpy(ptr, spnego_ctx->DER_mechTypes.value,
data/krb5-1.18.3/src/lib/kadm5/alt_prof.c:48:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple));
data/krb5-1.18.3/src/lib/kadm5/alt_prof.c:476:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *port = atoi(portstr);
data/krb5-1.18.3/src/lib/kadm5/alt_prof.c:515:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *hierarchy[4];
data/krb5-1.18.3/src/lib/kadm5/chpass_util.c:63:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[255];
data/krb5-1.18.3/src/lib/kadm5/clnt/client_init.c:375:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char svcname[BUFSIZ];
data/krb5-1.18.3/src/lib/kadm5/clnt/client_init.c:533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char portbuf[32];
data/krb5-1.18.3/src/lib/kadm5/clnt/client_principal.c:43:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
data/krb5-1.18.3/src/lib/kadm5/clnt/client_principal.c:85:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
data/krb5-1.18.3/src/lib/kadm5/clnt/client_principal.c:137:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
data/krb5-1.18.3/src/lib/kadm5/clnt/client_principal.c:176:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ent, &r.rec, sizeof(r.rec));
data/krb5-1.18.3/src/lib/kadm5/clnt/clnt_policy.c:31:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&arg.rec, policy, sizeof(kadm5_policy_ent_rec));
data/krb5-1.18.3/src/lib/kadm5/clnt/clnt_policy.c:73:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&arg.rec, policy, sizeof(kadm5_policy_ent_rec));
data/krb5-1.18.3/src/lib/kadm5/clnt/clnt_policy.c:100:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ent, &r.rec, sizeof(r.rec));
data/krb5-1.18.3/src/lib/kadm5/logger.c:154:33:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define DEVICE_OPEN(d, m)       fopen(d, m)
data/krb5-1.18.3/src/lib/kadm5/logger.c:155:33:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define CONSOLE_OPEN(m)         fopen("/dev/console", m)
data/krb5-1.18.3/src/lib/kadm5/logger.c:233:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char  *logging_profent[3];
data/krb5-1.18.3/src/lib/kadm5/logger.c:234:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char  *logging_defent[3];
data/krb5-1.18.3/src/lib/kadm5/logger.c:312:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                        fd = open(&cp[5], O_CREAT | O_WRONLY | append,
data/krb5-1.18.3/src/lib/kadm5/logger.c:634:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE];
data/krb5-1.18.3/src/lib/kadm5/logger.c:779:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            f = fopen(log_control.log_entries[lindex].lfu_fname, "a+");
data/krb5-1.18.3/src/lib/kadm5/srv/pwqual.c:76:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (handle->vt.open != NULL) {
data/krb5-1.18.3/src/lib/kadm5/srv/pwqual.c:77:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            ret = handle->vt.open(context, dict_file, &handle->data);
data/krb5-1.18.3/src/lib/kadm5/srv/pwqual_dict.c:110:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(dict_file, O_RDONLY)) == -1) {
data/krb5-1.18.3/src/lib/kadm5/srv/pwqual_hesiod.c:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *cp, *ncp, *tcp, revbuf[80];
data/krb5-1.18.3/src/lib/kadm5/srv/svr_policy.c:236:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tl_new->tl_data_contents, tl->tl_data_contents,
data/krb5-1.18.3/src/lib/kadm5/srv/svr_principal.c:55:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(to->key_data_contents[i], from->key_data_contents[i],
data/krb5-1.18.3/src/lib/kadm5/srv/svr_principal.c:74:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(n->tl_data_contents, tl->tl_data_contents, tl->tl_data_length);
data/krb5-1.18.3/src/lib/kadm5/srv/svr_principal.c:171:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_ks_tuple, ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple));
data/krb5-1.18.3/src/lib/kadm5/srv/svr_principal.c:1466:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (pstring, princ->data, princ->length);
data/krb5-1.18.3/src/lib/kadm5/srv/svr_principal.c:1838:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_key_data + n_new_key_data, kdb->key_data,
data/krb5-1.18.3/src/lib/kadm5/unit-test/setkey-test.c:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pw[16];
data/krb5-1.18.3/src/lib/kdb/decrypt_key.c:127:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(keysalt->data.data, key_data->key_data_contents[1],
data/krb5-1.18.3/src/lib/kdb/encrypt_key.c:126:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(key_data->key_data_contents[1], keysalt->data.data,
data/krb5-1.18.3/src/lib/kdb/kdb5.c:414:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *filebases[2];
data/krb5-1.18.3/src/lib/kdb/kdb5.c:443:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(path, profpath, ndx * sizeof(profpath[0]));
data/krb5-1.18.3/src/lib/kdb/kdb5.c:444:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(path + ndx, db_dl_location, db_dl_n_locations * sizeof(char *));
data/krb5-1.18.3/src/lib/kdb/kdb5.c:1183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    password[BUFSIZ];
data/krb5-1.18.3/src/lib/kdb/kdb5.c:1579:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(nextloc + 4, unparse_mod_princ, unparse_mod_princ_size);
data/krb5-1.18.3/src/lib/kdb/kdb5.c:1749:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(new_data->latest_mkey.key_data_contents[0], curloc,
data/krb5-1.18.3/src/lib/kdb/kdb5.c:1838:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(nextloc, aux_data_entry->latest_mkey.key_data_contents[0],
data/krb5-1.18.3/src/lib/kdb/kdb5.c:2284:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp, new_tl_data->tl_data_contents, tl_data->tl_data_length);
data/krb5-1.18.3/src/lib/kdb/kdb5.h:20:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[KDB_MAX_DB_NAME];
data/krb5-1.18.3/src/lib/kdb/kdb_convert.c:156:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(u->utf8str_t_val, d.data, d.length);
data/krb5-1.18.3/src/lib/kdb/kdb_convert.c:458:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        (void) memcpy(ULOG_ENTRY_KEYVAL(update, final, j).k_contents.k_contents_val[cnt].utf8str_t_val, entry->key_data[j].key_data_contents[cnt], entry->key_data[j].key_data_length[cnt]);
data/krb5-1.18.3/src/lib/kdb/kdb_convert.c:520:28:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    (void) memcpy(ULOG_ENTRY(update, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val, newtl->tl_data_contents, newtl->tl_data_length);
data/krb5-1.18.3/src/lib/kdb/kdb_convert.c:694:28:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    (void) memcpy(kp->key_data_contents[cnt],
data/krb5-1.18.3/src/lib/kdb/kdb_cpw.c:218:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char rndbuf[8];
data/krb5-1.18.3/src/lib/kdb/kdb_default.c:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char defkeyfile[MAXPATHLEN+1];
data/krb5-1.18.3/src/lib/kdb/kdb_default.c:226:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(kf = fopen(keyfile, "rb")))
data/krb5-1.18.3/src/lib/kdb/kdb_default.c:363:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keyfile[MAXPATHLEN+1];
data/krb5-1.18.3/src/lib/kdb/kdb_log.c:154:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char zero[512];
data/krb5-1.18.3/src/lib/kdb/kdb_log.c:483:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        log_ctx->ulogfd = open(logname, O_RDWR | O_CREAT, 0600);
data/krb5-1.18.3/src/lib/kdb/kdb_log.c:494:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        log_ctx->ulogfd = open(logname, O_RDWR, 0600);
data/krb5-1.18.3/src/lib/krad/attr.c:39:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
(*attribute_transform_fn)(krb5_context ctx, const char *secret,
data/krb5-1.18.3/src/lib/krad/attr.c:40:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          const unsigned char *auth, const krb5_data *in,
data/krb5-1.18.3/src/lib/krad/attr.c:41:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
data/krb5-1.18.3/src/lib/krad/attr.c:52:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
user_password_encode(krb5_context ctx, const char *secret,
data/krb5-1.18.3/src/lib/krad/attr.c:53:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char *auth, const krb5_data *in,
data/krb5-1.18.3/src/lib/krad/attr.c:54:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
data/krb5-1.18.3/src/lib/krad/attr.c:57:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
user_password_decode(krb5_context ctx, const char *secret,
data/krb5-1.18.3/src/lib/krad/attr.c:58:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char *auth, const krb5_data *in,
data/krb5-1.18.3/src/lib/krad/attr.c:59:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
data/krb5-1.18.3/src/lib/krad/attr.c:129:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
user_password_encode(krb5_context ctx, const char *secret,
data/krb5-1.18.3/src/lib/krad/attr.c:130:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char *auth, const krb5_data *in,
data/krb5-1.18.3/src/lib/krad/attr.c:131:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
data/krb5-1.18.3/src/lib/krad/attr.c:145:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(outbuf, in->data, in->length);
data/krb5-1.18.3/src/lib/krad/attr.c:153:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp.data, secret, seclen);
data/krb5-1.18.3/src/lib/krad/attr.c:155:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tmp.data + seclen, indx, BLOCKSIZE);
data/krb5-1.18.3/src/lib/krad/attr.c:181:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
user_password_decode(krb5_context ctx, const char *secret,
data/krb5-1.18.3/src/lib/krad/attr.c:182:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char *auth, const krb5_data *in,
data/krb5-1.18.3/src/lib/krad/attr.c:183:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
data/krb5-1.18.3/src/lib/krad/attr.c:203:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp.data, secret, seclen);
data/krb5-1.18.3/src/lib/krad/attr.c:205:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tmp.data + seclen, indx, BLOCKSIZE);
data/krb5-1.18.3/src/lib/krad/attr.c:248:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
kr_attr_encode(krb5_context ctx, const char *secret,
data/krb5-1.18.3/src/lib/krad/attr.c:249:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               const unsigned char *auth, krad_attr type,
data/krb5-1.18.3/src/lib/krad/attr.c:250:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               const krb5_data *in, unsigned char outbuf[MAX_ATTRSIZE],
data/krb5-1.18.3/src/lib/krad/attr.c:264:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(outbuf, in->data, in->length);
data/krb5-1.18.3/src/lib/krad/attr.c:272:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
data/krb5-1.18.3/src/lib/krad/attr.c:272:69:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
data/krb5-1.18.3/src/lib/krad/attr.c:274:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen)
data/krb5-1.18.3/src/lib/krad/attr.c:287:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(outbuf, in->data, in->length);
data/krb5-1.18.3/src/lib/krad/attrset.c:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[MAX_ATTRSIZE];
data/krb5-1.18.3/src/lib/krad/attrset.c:100:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp->attr.data, data->data, data->length);
data/krb5-1.18.3/src/lib/krad/attrset.c:168:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
kr_attrset_encode(const krad_attrset *set, const char *secret,
data/krb5-1.18.3/src/lib/krad/attrset.c:169:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  const unsigned char *auth,
data/krb5-1.18.3/src/lib/krad/attrset.c:170:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen)
data/krb5-1.18.3/src/lib/krad/attrset.c:172:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[MAX_ATTRSIZE];
data/krb5-1.18.3/src/lib/krad/attrset.c:193:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&outbuf[i], buffer, attrlen);
data/krb5-1.18.3/src/lib/krad/attrset.c:205:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[MAX_ATTRSIZE];
data/krb5-1.18.3/src/lib/krad/code.c:34:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *codes[UCHAR_MAX] = {
data/krb5-1.18.3/src/lib/krad/internal.h:58:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth,
data/krb5-1.18.3/src/lib/krad/internal.h:58:69:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
kr_attr_encode(krb5_context ctx, const char *secret, const unsigned char *auth,
data/krb5-1.18.3/src/lib/krad/internal.h:60:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
data/krb5-1.18.3/src/lib/krad/internal.h:64:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
data/krb5-1.18.3/src/lib/krad/internal.h:64:69:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth,
data/krb5-1.18.3/src/lib/krad/internal.h:66:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen);
data/krb5-1.18.3/src/lib/krad/internal.h:70:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
kr_attrset_encode(const krad_attrset *set, const char *secret,
data/krb5-1.18.3/src/lib/krad/internal.h:71:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  const unsigned char *auth,
data/krb5-1.18.3/src/lib/krad/internal.h:72:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen);
data/krb5-1.18.3/src/lib/krad/packet.c:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[KRAD_PACKET_SIZE_MAX];
data/krb5-1.18.3/src/lib/krad/packet.c:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(rauth, &trunctime, sizeof(trunctime));
data/krb5-1.18.3/src/lib/krad/packet.c:185:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data.data, response->pkt.data, response->pkt.length);
data/krb5-1.18.3/src/lib/krad/packet.c:186:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data.data + OFFSET_AUTH, auth, AUTH_FIELD_SIZE);
data/krb5-1.18.3/src/lib/krad/packet.c:187:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data.data + response->pkt.length, secret, strlen(secret));
data/krb5-1.18.3/src/lib/krad/packet.c:196:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(rauth, hash.contents, AUTH_FIELD_SIZE);
data/krb5-1.18.3/src/lib/krad/packet.c:375:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp->pkt.data, buffer->data, len);
data/krb5-1.18.3/src/lib/krad/remote.c:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer_[KRAD_PACKET_SIZE_MAX];
data/krb5-1.18.3/src/lib/krad/t_attr.c:45:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char outbuf[MAX_ATTRSETSIZE];
data/krb5-1.18.3/src/lib/krad/t_attrset.c:45:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[KRAD_PACKET_SIZE_MAX], encoded[MAX_ATTRSETSIZE];
data/krb5-1.18.3/src/lib/krad/t_attrset.c:71:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(encoded + len + 2, username, strlen(username));
data/krb5-1.18.3/src/lib/krad/t_attrset.c:77:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(encoded + len + 2, encpass, sizeof(encpass));
data/krb5-1.18.3/src/lib/krad/t_daemon.h:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1];
data/krb5-1.18.3/src/lib/krad/t_packet.c:106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[KRAD_PACKET_SIZE_MAX];
data/krb5-1.18.3/src/lib/krb5/asn.1/asn1_encode.c:53:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf->ptr - len, bytes, len);
data/krb5-1.18.3/src/lib/krb5/asn.1/asn1_encode.c:116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[16], *sp;
data/krb5-1.18.3/src/lib/krb5/asn.1/asn1_encode.c:235:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(str, asn1, len);
data/krb5-1.18.3/src/lib/krb5/asn.1/asn1_encode.c:297:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(bits, asn1, len);
data/krb5-1.18.3/src/lib/krb5/asn.1/asn1_encode.c:644:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(der, asn1 - t->tag_len, der_len);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_dir.c:150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64], *ret;
data/krb5-1.18.3/src/lib/krb5/ccache/cc_dir.c:156:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(primary_path, "r");
data/krb5-1.18.3/src/lib/krb5/ccache/cc_dir.c:189:10:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    fd = mkstemp(newpath);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:163:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bytes[4];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:180:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bytes[2];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:342:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(filename, flags | O_BINARY | O_CLOEXEC, 0600);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:390:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char i16buf[2];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:459:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(data->filename, flags, 0600);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:553:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char zeros[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:557:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(data->filename, O_RDWR | O_BINARY | O_CLOEXEC, 0);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:823:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fcc_fvno[2];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:827:10:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    fd = mkstemp(template);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:927:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char scratch[sizeof(TKT_ROOT) + 7]; /* Room for XXXXXX and terminator */
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:1055:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(cred->server->realm.data, "X-RMED-CONF:", 12);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:1068:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(data->filename, O_RDWR | O_BINARY | O_CLOEXEC);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_kcm.c:107:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char bytes[4];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_kcm.c:167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char inband_reply[MAX_INBAND_SIZE];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_kcm.c:289:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lenbytes[4];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_kcm.c:329:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lenbytes[4], codebytes[4], *reply;
data/krb5-1.18.3/src/lib/krb5/ccache/cc_kcm.c:474:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(uuids->uuidbytes, req->reply.ptr, req->reply.len);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_keyring.c:547:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(payload + 8, subsidiary_name, len);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_keyring.c:653:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char uniquename[sizeof(KRCC_NAME_PREFIX) + KRCC_NAME_RAND_CHARS];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_keyring.c:660:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(uniquename, KRCC_NAME_PREFIX, sizeof(KRCC_NAME_PREFIX));
data/krb5-1.18.3/src/lib/krb5/ccache/cc_keyring.c:1430:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char payload[8];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_memory.c:508:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char uniquename[8];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:181:5:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    MultiByteToWideChar(CP_ACP, 0, lpInputString, -1,
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:207:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aname[512];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:232:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aname[512];
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:321:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ticket, newdata, sizeof(krb5_data));
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:506:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buffer, Source1.Buffer, Source1.Length);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:507:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:823:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(((CHAR *)pSubmitRequest)+sizeof(KERB_SUBMIT_TKT_REQUEST),
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:826:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(((CHAR *)pSubmitRequest)+sizeof(KERB_SUBMIT_TKT_REQUEST)+krb_cred->length,
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:1328:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pTicketRequest->TargetName.Buffer,tktinfo->ServerName.Buffer, tktinfo->ServerName.Length);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:1393:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pTicketRequest->TargetName.Buffer,tktinfo->ServerName.Buffer, tktinfo->ServerName.Length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:77:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (addresses[i]->contents,
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:127:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (authdata[i]->contents,
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:175:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (cc_array[i]->data, in_addresses[i]->contents, in_addresses[i]->length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:223:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (cc_array[i]->data, in_authdata[i]->contents, in_authdata[i]->length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:316:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (keyblock_contents, cv5->keyblock.data, cv5->keyblock.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:333:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ticket_data, cv5->ticket.data, cv5->ticket.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:341:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(second_ticket_data, cv5->second_ticket.data, cv5->second_ticket.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:447:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(keyblock_data, in_creds->keyblock.contents, in_creds->keyblock.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:462:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (ticket_data, in_creds->ticket.data, in_creds->ticket.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:469:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (second_ticket_data, in_creds->second_ticket.data, in_creds->second_ticket.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:725:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest->keyblock.contents, src->keyblock.data, dest->keyblock.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:745:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest->ticket.data, src->ticket.data, src->ticket.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:748:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest->second_ticket.data, src->second_ticket.data, src->second_ticket.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:795:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(c->keyblock.data, creds->keyblock.contents, creds->keyblock.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:817:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(c->ticket.data, creds->ticket.data, creds->ticket.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc_util.c:825:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(c->second_ticket.data, creds->second_ticket.data, creds->second_ticket.length);
data/krb5-1.18.3/src/lib/krb5/ccache/ccdefault.c:85:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ccname[256]="";
data/krb5-1.18.3/src/lib/krb5/ccache/ccmarshal.c:337:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char n[2];
data/krb5-1.18.3/src/lib/krb5/ccache/ccmarshal.c:351:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char n[4];
data/krb5-1.18.3/src/lib/krb5/ccache/ccselect_k5identity.c:134:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pwbuf[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/ccache/ccselect_k5identity.c:158:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/krb5-1.18.3/src/lib/krb5/ccache/ccselect_k5identity.c:171:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(filename, "r");
data/krb5-1.18.3/src/lib/krb5/ccache/kcmrpc_types.h:36:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char k5_kcm_inband_msg[2048];
data/krb5-1.18.3/src/lib/krb5/ccache/scc.h:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stdio_buffer[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/ccache/t_cc.c:147:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&test_creds2, &test_creds, sizeof(test_creds));
data/krb5-1.18.3/src/lib/krb5/ccache/t_cc.c:256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newcache[300];
data/krb5-1.18.3/src/lib/krb5/ccache/t_cc.c:450:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[300];
data/krb5-1.18.3/src/lib/krb5/ccache/t_cc.c:478:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[300];
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:54:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const unsigned char header[256];
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:56:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const unsigned char princ[256];
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:58:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const unsigned char cred1[256];
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:60:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const unsigned char cred2[256];
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *ccname, filebuf[256];
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:339:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(filename, O_RDONLY);
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:361:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(filename, O_CREAT|O_TRUNC|O_RDWR, 0700);
data/krb5-1.18.3/src/lib/krb5/keytab/kt_file.c:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char iobuf[BUFSIZ];         /* so we can zap it later */
data/krb5-1.18.3/src/lib/krb5/keytab/kt_file.c:738:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    KTFILEP(id) = fopen(KTFILENAME(id),
data/krb5-1.18.3/src/lib/krb5/keytab/kt_file.c:745:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            KTFILEP(id) = fopen(KTFILENAME(id), "rb+");
data/krb5-1.18.3/src/lib/krb5/keytab/kt_file.c:840:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        iobuf[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/keytab/ktbase.c:215:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/keytab/ktdefault.c:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char defname[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/keytab/ktfns.c:107:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[1024];
data/krb5-1.18.3/src/lib/krb5/keytab/read_servi.c:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keytabname[MAX_KEYTAB_NAME_LEN + 1]; /* + 1 for NULL termination */
data/krb5-1.18.3/src/lib/krb5/keytab/t_keytab.c:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char defname[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/keytab/t_keytab.c:93:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/krb/appdefault.c:42:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *names[5];
data/krb5-1.18.3/src/lib/krb5/krb/authdata.c:571:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(list + count, elements, n_elements * sizeof(*list));
data/krb5-1.18.3/src/lib/krb5/krb/authdata.c:744:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&d[*len], src, i * sizeof(krb5_data));
data/krb5-1.18.3/src/lib/krb5/krb/authdata.c:1270:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmpad->contents, inad->contents, inad->length);
data/krb5-1.18.3/src/lib/krb5/krb/authdata_dec.c:288:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ai_list + count, strdata, scount * sizeof(*strdata));
data/krb5-1.18.3/src/lib/krb5/krb/authdata_exp.c:78:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&authdata[len], authdata2, j * sizeof(krb5_authdata *));
data/krb5-1.18.3/src/lib/krb5/krb/chk_trans.c:148:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (buf->data, last->data, last->length);
data/krb5-1.18.3/src/lib/krb5/krb/chk_trans.c:158:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (buf->data + buf->length, last->data, last->length);
data/krb5-1.18.3/src/lib/krb5/krb/chk_trans.c:174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[MAXLEN], last[MAXLEN];
data/krb5-1.18.3/src/lib/krb5/krb/chk_trans.c:236:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (last, buf, sizeof (buf));
data/krb5-1.18.3/src/lib/krb5/krb/chk_trans.c:246:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy (last, crealm->data, crealm->length);
data/krb5-1.18.3/src/lib/krb5/krb/chpw.c:62:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, ap_req->data, ap_req->length);
data/krb5-1.18.3/src/lib/krb5/krb/chpw.c:67:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, cipherpw.data, cipherpw.length);
data/krb5-1.18.3/src/lib/krb5/krb/chpw.c:337:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, ap_req->data, ap_req->length);
data/krb5-1.18.3/src/lib/krb5/krb/chpw.c:342:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, cipherpw.data, cipherpw.length);
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:184:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(inst, compo->data, (size_t) (c - compo->data));
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:198:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(inst, compo->data, compo->length);
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:209:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(name, compo->data, compo->length);
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:260:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];             /* V4 instances are limited to 40 characters */
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:264:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *names[5], *names2[2];
data/krb5-1.18.3/src/lib/krb5/krb/copy_addrs.c:41:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmpad->contents, inad->contents, inad->length);
data/krb5-1.18.3/src/lib/krb5/krb/copy_cksum.c:42:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tempto->contents, ckfrom->contents, ckfrom->length);
data/krb5-1.18.3/src/lib/krb5/krb/copy_data.c:73:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(outdata->data, indata->data, outdata->length);
data/krb5-1.18.3/src/lib/krb5/krb/copy_data.c:93:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(outdata->data, indata->data, outdata->length);
data/krb5-1.18.3/src/lib/krb5/krb/deltat.c:922:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/krb5-1.18.3/src/lib/krb5/krb/deltat.c:1114:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/krb5-1.18.3/src/lib/krb5/krb/etype_list.c:58:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(list, old_list, sizeof(krb5_enctype) * (count + 1));
data/krb5-1.18.3/src/lib/krb5/krb/gic_pwd.c:24:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char promptstr[1024], pwbuf[1024];
data/krb5-1.18.3/src/lib/krb5/krb/gic_pwd.c:63:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(gp->storage.data, rpass, strlen(rpass));
data/krb5-1.18.3/src/lib/krb5/krb/gic_pwd.c:186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ts[256], banner[1024];
data/krb5-1.18.3/src/lib/krb5/krb/gic_pwd.c:299:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char banner[1024], pw0array[1024], pw1array[1024];
data/krb5-1.18.3/src/lib/krb5/krb/libdef_parse.c:71:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *names[5];
data/krb5-1.18.3/src/lib/krb5/krb/libdef_parse.c:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char realmstr[1024];
data/krb5-1.18.3/src/lib/krb5/krb/pac.c:94:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pac->data.data + pac->pac->Buffers[i].Offset, data->data, data->length);
data/krb5-1.18.3/src/lib/krb5/krb/pac.c:363:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pac->data.data, ptr, len);
data/krb5-1.18.3/src/lib/krb5/krb/pac_sign.c:90:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, princ_name_utf16, princ_name_utf16_len);
data/krb5-1.18.3/src/lib/krb5/krb/plugin.c:194:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *path[4];
data/krb5-1.18.3/src/lib/krb5/krb/pr_to_salt.c:59:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ret->data, pr->realm.data, offset);
data/krb5-1.18.3/src/lib/krb5/krb/pr_to_salt.c:64:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&ret->data[offset], pr->data[i].data, pr->data[i].length);
data/krb5-1.18.3/src/lib/krb5/krb/preauth_otp.c:579:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char otppin[1024];
data/krb5-1.18.3/src/lib/krb5/krb/preauth_otp.c:738:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char otpvalue[1024];
data/krb5-1.18.3/src/lib/krb5/krb/preauth_sam2.c:94:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[100], banner[100], prompt[100], response[100];
data/krb5-1.18.3/src/lib/krb5/krb/rd_req_dec.c:851:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char enctype_name[30];
data/krb5-1.18.3/src/lib/krb5/krb/s4u_authdata.c:119:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    enc_sp.data = (char *)authdata[0]->contents;
data/krb5-1.18.3/src/lib/krb5/krb/s4u_creds.c:118:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(p, req->user->data[i].data, req->user->data[i].length);
data/krb5-1.18.3/src/lib/krb5/krb/s4u_creds.c:123:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, req->user->realm.data, req->user->realm.length);
data/krb5-1.18.3/src/lib/krb5/krb/s4u_creds.c:127:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, req->auth_package.data, req->auth_package.length);
data/krb5-1.18.3/src/lib/krb5/krb/send_tgs.c:36:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char random_buf[4];
data/krb5-1.18.3/src/lib/krb5/krb/serialize.c:70:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*bufp, ostring, osize);
data/krb5-1.18.3/src/lib/krb5/krb/serialize.c:118:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(istring, *bufp, isize);
data/krb5-1.18.3/src/lib/krb5/krb/str_conv.c:291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char d_t_fmt[15];
data/krb5-1.18.3/src/lib/krb5/krb/str_conv.c:292:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char t_fmt_ampm[12];
data/krb5-1.18.3/src/lib/krb5/krb/str_conv.c:293:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char t_fmt[9];
data/krb5-1.18.3/src/lib/krb5/krb/str_conv.c:294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char d_fmt[9];
data/krb5-1.18.3/src/lib/krb5/krb/str_conv.c:295:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char day[7][10];
data/krb5-1.18.3/src/lib/krb5/krb/str_conv.c:296:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char abday[7][4];
data/krb5-1.18.3/src/lib/krb5/krb/str_conv.c:297:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mon[12][10];
data/krb5-1.18.3/src/lib/krb5/krb/str_conv.c:298:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char abmon[12][4];
data/krb5-1.18.3/src/lib/krb5/krb/str_conv.c:299:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char am_pm[2][3];
data/krb5-1.18.3/src/lib/krb5/krb/t_expire_warn.c:68:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    use_cb = atoi(argv[3]);
data/krb5-1.18.3/src/lib/krb5/krb/t_get_etype_info.c:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128], *hex;
data/krb5-1.18.3/src/lib/krb5/krb/t_kerb.c:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aname[ANAME_SZ+1], inst[INST_SZ+1], realm[REALM_SZ+1];
data/krb5-1.18.3/src/lib/krb5/krb/t_ser.c:229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                clname[128];
data/krb5-1.18.3/src/lib/krb5/krb/t_ser.c:312:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                pname[1024];
data/krb5-1.18.3/src/lib/krb5/krb/unparse.c:94:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest, src->data, src->length);
data/krb5-1.18.3/src/lib/krb5/krb/walk_rtree.c:307:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *key[4];
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newkey[256];
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:219:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/krb5-1.18.3/src/lib/krb5/os/dnsglue.c:281:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char host[MAXDNAME];
data/krb5-1.18.3/src/lib/krb5/os/dnsglue.c:325:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char host[MAXDNAME];
data/krb5-1.18.3/src/lib/krb5/os/expand_path.c:57:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR tpath[MAX_PATH];
data/krb5-1.18.3/src/lib/krb5/os/expand_path.c:91:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR path[MAX_PATH];
data/krb5-1.18.3/src/lib/krb5/os/expand_path.c:239:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR path[MAX_PATH];
data/krb5-1.18.3/src/lib/krb5/os/expand_path.c:313:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pwbuf[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/os/full_ipadr.c:59:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(marshal, &temptype, sizeof(temptype));
data/krb5-1.18.3/src/lib/krb5/os/full_ipadr.c:63:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(marshal, &templength, sizeof(templength));
data/krb5-1.18.3/src/lib/krb5/os/full_ipadr.c:66:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(marshal, &smushaddr, sizeof(smushaddr));
data/krb5-1.18.3/src/lib/krb5/os/full_ipadr.c:70:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(marshal, &temptype, sizeof(temptype));
data/krb5-1.18.3/src/lib/krb5/os/full_ipadr.c:74:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(marshal, &templength, sizeof(templength));
data/krb5-1.18.3/src/lib/krb5/os/full_ipadr.c:77:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(marshal, &smushport, sizeof(smushport));
data/krb5-1.18.3/src/lib/krb5/os/hostrealm.c:260:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[MAXHOSTNAMELEN];
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:172:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPath[MAX_PATH];
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:357:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newfiles + 1, *pfiles, (count-1) * sizeof(*newfiles));
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:164:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[NI_MAXHOST];
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:372:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen("/proc/net/if_inet6", "r");
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:374:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ifname[21];
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:1067:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hostbuf[NI_MAXHOST];
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:1157:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (data, contents, length);
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:1368:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char namebuf[NI_MAXHOST];
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:1395:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (addrp, addr[0][j]->contents, addr[0][j]->length);
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:1424:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *           ip_ptrs[2];
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:1466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char host[64];                              /* Name of local machine */
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:1513:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        paddr[i]->contents = (unsigned char *)malloc(paddr[i]->length);
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:1518:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(paddr[i]->contents,
data/krb5-1.18.3/src/lib/krb5/os/localauth.c:307:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *hierarchy[4];
data/krb5-1.18.3/src/lib/krb5/os/localauth_an2ln.c:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char kuser[MAX_USERNAME];
data/krb5-1.18.3/src/lib/krb5/os/localauth_k5login.c:89:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *newline, linebuf[BUFSIZ], pwbuf[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/os/localauth_k5login.c:119:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(filename, "r");
data/krb5-1.18.3/src/lib/krb5/os/localauth_names.c:44:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *hierarchy[5];
data/krb5-1.18.3/src/lib/krb5/os/locate_kdc.c:154:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&entry->addr, addr, addrlen);
data/krb5-1.18.3/src/lib/krb5/os/locate_kdc.c:231:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *realm_srv_names[4];
data/krb5-1.18.3/src/lib/krb5/os/mk_faddr.c:65:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(marshal, kaddr->contents, kaddr->length);
data/krb5-1.18.3/src/lib/krb5/os/mk_faddr.c:78:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(marshal, kport->contents, kport->length);
data/krb5-1.18.3/src/lib/krb5/os/sendto_kdc.c:108:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char bufsizebytes[4];
data/krb5-1.18.3/src/lib/krb5/os/sendto_kdc.c:116:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char msg_len_buf[4];
data/krb5-1.18.3/src/lib/krb5/os/sendto_kdc.c:142:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char port[PORT_LENGTH];
data/krb5-1.18.3/src/lib/krb5/os/sendto_kdc.c:612:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pm.kerb_message.data + 4, message->data, message->length);
data/krb5-1.18.3/src/lib/krb5/os/sendto_kdc.c:698:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&state->addr.saddr, ai->ai_addr, ai->ai_addrlen);
data/krb5-1.18.3/src/lib/krb5/os/sendto_kdc.c:800:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char portbuf[PORT_LENGTH];
data/krb5-1.18.3/src/lib/krb5/os/sendto_kdc.c:1212:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *names[4];
data/krb5-1.18.3/src/lib/krb5/os/sendto_kdc.c:1359:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(in->buf, pm->kerb_message.data + 4, pm->kerb_message.length - 4);
data/krb5-1.18.3/src/lib/krb5/os/sn2princ.c:93:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[NI_MAXHOST], *qualified = NULL, *copy, *p;
data/krb5-1.18.3/src/lib/krb5/os/sn2princ.c:190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localname[MAXHOSTNAMELEN];
data/krb5-1.18.3/src/lib/krb5/os/t_an_to_ln.c:14:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                sbuf[1024];
data/krb5-1.18.3/src/lib/krb5/os/t_gifconf.c:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[2048];
data/krb5-1.18.3/src/lib/krb5/os/t_locate_kdc.c:33:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[20];
data/krb5-1.18.3/src/lib/krb5/os/t_locate_kdc.c:58:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char hostbuf[NI_MAXHOST], srvbuf[NI_MAXSERV];
data/krb5-1.18.3/src/lib/krb5/os/t_trace.c:221:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&principal_data2, &principal_data, sizeof(principal_data));
data/krb5-1.18.3/src/lib/krb5/os/trace.c:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text[5];
data/krb5-1.18.3/src/lib/krb5/os/trace.c:181:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addrbuf[NI_MAXHOST], portbuf[NI_MAXSERV], tmpbuf[200], *str;
data/krb5-1.18.3/src/lib/krb5/os/trace.c:206:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tmpbuf, fmt, len);
data/krb5-1.18.3/src/lib/krb5/os/trace.c:461:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    *fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
data/krb5-1.18.3/src/lib/krb5/rcache/rc_dfl.c:70:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    *fd_out = open(O_CREAT | O_RDWR | O_BINARY, 0600);
data/krb5-1.18.3/src/lib/krb5/rcache/rc_dfl.c:103:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(fname, O_CREAT | O_RDWR | O_NOFOLLOW, 0600);
data/krb5-1.18.3/src/lib/krb5/rcache/rc_file2.c:91:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tag1_out, buf, TAG_LEN);
data/krb5-1.18.3/src/lib/krb5/rcache/rc_file2.c:96:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tag2_out, buf + RECORD_LEN, TAG_LEN);
data/krb5-1.18.3/src/lib/krb5/rcache/rc_file2.c:111:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(record, tag, TAG_LEN);
data/krb5-1.18.3/src/lib/krb5/rcache/rc_file2.c:215:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tagbuf, tag_data->data, tag_data->length);
data/krb5-1.18.3/src/lib/krb5/rcache/rc_file2.c:248:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(filename, O_CREAT | O_RDWR | O_BINARY, 0600);
data/krb5-1.18.3/src/lib/krb5/rcache/t_rcfile2.c:196:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        expiry_test(filename, atoi(argv[0]));
data/krb5-1.18.3/src/lib/krb5/rcache/t_rcfile2.c:199:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        concurrency_test(filename, atoi(argv[0]), atoi(argv[1]));
data/krb5-1.18.3/src/lib/krb5/rcache/t_rcfile2.c:199:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        concurrency_test(filename, atoi(argv[0]), atoi(argv[1]));
data/krb5-1.18.3/src/lib/krb5/rcache/t_rcfile2.c:202:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        race_test(filename, atoi(argv[0]), atoi(argv[1]));
data/krb5-1.18.3/src/lib/krb5/rcache/t_rcfile2.c:202:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        race_test(filename, atoi(argv[0]), atoi(argv[1]));
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucdata.c:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fp, *dp, *pp, path[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucdata.c:109:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((f = fopen(path, mode)) != 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucdata.c:211:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    fread((char *) _ucprop_ranges, sizeof(krb5_ui_4),
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucdata.c:961:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(*out + l + 1, *out + l, (i - l) * sizeof(**out));
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucdata.c:991:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(*out + l + 1, *out + l, (i - l) * sizeof(**out));
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:488:18:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          (void) memcpy((char *) &(*pdecomps)[j], (char *) &(*pdecomps)[j - 1],
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:502:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              realloc((char *) (*pdecomps)[i].decomp,
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:512:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy((char *) (*pdecomps)[i].decomp, (char *) dectmp,
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:512:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    (void) memcpy((char *) (*pdecomps)[i].decomp, (char *) dectmp,
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:552:18:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          (void) memcpy((char *) &title[j], (char *) &title[j - 1],
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:599:18:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          (void) memcpy((char *) &upper[j], (char *) &upper[j - 1],
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:646:18:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          (void) memcpy((char *) &lower[j], (char *) &lower[j - 1],
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:815:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[512], *s, *e;
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1204:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[512], *s;
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1285:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[BUFSIZ];
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1299:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((out = fopen(path, "w")) == 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1306:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((out = fopen(path, "wb")) == 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1391:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          fwrite((char *) proptbl[i].ranges, sizeof(krb5_ui_4),
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1439:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((out = fopen(path, "wb")) == 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1516:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((out = fopen(path, "wb")) == 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1592:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((out = fopen(path, "wb")) == 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1628:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          fwrite((char *) decomps[i].decomp, sizeof(krb5_ui_4),
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1685:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((out = fopen(path, "wb")) == 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1721:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          fwrite((char *) kdecomps[i].decomp, sizeof(krb5_ui_4),
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1765:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((out = fopen(path, "wb")) == 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1839:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((out = fopen(path, "wb")) == 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1911:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                if ((in = fopen(argv[0], "r")) == 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucdata/ucgendat.c:1927:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((in = fopen(argv[0], "r")) == 0)
data/krb5-1.18.3/src/lib/krb5/unicode/ucstr.c:175:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(out, s, outpos);
data/krb5-1.18.3/src/lib/krb5/unicode/ure/ure.c:1127:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy((char *) &b->symtab[symbol.id], (char *) &symbol,
data/krb5-1.18.3/src/lib/krb5/unicode/ure/ure.c:1361:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        (void) memcpy((char *) sp->st.slist, (char *) states,
data/krb5-1.18.3/src/lib/rpc/auth_gss.c:284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char			 tmp[MAX_AUTH_BYTES];
data/krb5-1.18.3/src/lib/rpc/auth_gss.c:364:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
data/krb5-1.18.3/src/lib/rpc/auth_gssapi.c:70:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     unsigned char cred_buf[MAX_AUTH_BYTES];
data/krb5-1.18.3/src/lib/rpc/auth_none.c:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	marshalled_client[MAX_MARSHEL_SIZE];
data/krb5-1.18.3/src/lib/rpc/auth_unix.c:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char			au_marshed[MAX_AUTH_BYTES];
data/krb5-1.18.3/src/lib/rpc/auth_unix.c:106:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mymem[MAX_AUTH_BYTES];
data/krb5-1.18.3/src/lib/rpc/auth_unix.c:179:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char machname[MAX_MACHINE_NAME + 1];
data/krb5-1.18.3/src/lib/rpc/clnt_raw.c:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	_raw_buf[UDPMSGSIZE];
data/krb5-1.18.3/src/lib/rpc/clnt_raw.c:60:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char	            mashl_callmsg[MCALL_MSG_SIZE];
data/krb5-1.18.3/src/lib/rpc/clnt_tcp.c:98:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char		ct_mcall[MCALL_MSG_SIZE];	/* marshalled callmsg */
data/krb5-1.18.3/src/lib/rpc/clnt_udp.c:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		   cu_inbuf[1];
data/krb5-1.18.3/src/lib/rpc/dyn.c:101:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
     memcpy(obj1->array, obj->array,
data/krb5-1.18.3/src/lib/rpc/get_myaddress.c:87:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256 * sizeof (struct ifreq)];
data/krb5-1.18.3/src/lib/rpc/getrpcent.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*rpc_aliases[MAXALIASES];
data/krb5-1.18.3/src/lib/rpc/getrpcent.c:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	line[BUFSIZ+1];
data/krb5-1.18.3/src/lib/rpc/getrpcent.c:84:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char adrstr[16], *val = NULL;
data/krb5-1.18.3/src/lib/rpc/getrpcent.c:124:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		d->rpcf = fopen(RPCDB, "r");
data/krb5-1.18.3/src/lib/rpc/getrpcent.c:163:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((d->rpcf = fopen(RPCDB, "r")) == NULL)
data/krb5-1.18.3/src/lib/rpc/getrpcent.c:206:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	d->rpc.r_number = atoi(cp);
data/krb5-1.18.3/src/lib/rpc/pmap_rmt.c:263:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outbuf[MAX_BROADCAST_SIZE];
data/krb5-1.18.3/src/lib/rpc/pmap_rmt.c:267:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char inbuf[MAX (UDPMSGSIZE, GIFCONF_BUFSIZE)];
data/krb5-1.18.3/src/lib/rpc/svc_auth_gss.c:326:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((caddr_t)buf, oa->oa_base, oa->oa_length);
data/krb5-1.18.3/src/lib/rpc/svc_auth_gss.c:624:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pname, gd->cname.value, gd->cname.length);
data/krb5-1.18.3/src/lib/rpc/svc_auth_gssapi.c:60:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    f = fopen("/dev/pts/4", "a");
data/krb5-1.18.3/src/lib/rpc/svc_auth_gssapi.c:786:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
     memcpy(&handle, client_handle->value, 4);
data/krb5-1.18.3/src/lib/rpc/svc_auth_unix.c:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char area_machname[MAX_MACHINE_NAME+1];
data/krb5-1.18.3/src/lib/rpc/svc_raw.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	_raw_buf[UDPMSGSIZE];
data/krb5-1.18.3/src/lib/rpc/svc_raw.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	verf_body[MAX_AUTH_BYTES];
data/krb5-1.18.3/src/lib/rpc/svc_simple.c:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char xdrbuf[UDPMSGSIZE];
data/krb5-1.18.3/src/lib/rpc/svc_tcp.c:114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char verf_body[MAX_AUTH_BYTES];
data/krb5-1.18.3/src/lib/rpc/svc_udp.c:91:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	su_verfbody[MAX_AUTH_BYTES];	/* verifier body */
data/krb5-1.18.3/src/lib/rpc/unit-test/client.c:57:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     char        *host, *port, *target, *echo_arg, **echo_resp, buf[BIG_BUF];
data/krb5-1.18.3/src/lib/rpc/unit-test/client.c:82:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	       auth_debug_gssapi = atoi(optarg);
data/krb5-1.18.3/src/lib/rpc/unit-test/client.c:85:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	       misc_debug_gssapi = atoi(optarg);
data/krb5-1.18.3/src/lib/rpc/unit-test/client.c:91:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	       svc_debug_gssapi = atoi(optarg);
data/krb5-1.18.3/src/lib/rpc/unit-test/client.c:112:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  count = atoi(argv[3]);
data/krb5-1.18.3/src/lib/rpc/unit-test/client.c:134:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
     sin.sin_port = ntohs(atoi(port));
data/krb5-1.18.3/src/lib/rpc/unit-test/server.c:96:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  misc_debug_gssapi = atoi(argv[1]);
data/krb5-1.18.3/src/lib/rpc/unit-test/server.c:98:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  svc_debug_gssapi = atoi(argv[0]);
data/krb5-1.18.3/src/lib/rpc/xdr.c:69:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char xdr_zero[BYTES_PER_XDR_UNIT] = { 0, 0, 0, 0 };
data/krb5-1.18.3/src/lib/win_glue.c:71:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char CallerFilename[_MAX_PATH];
data/krb5-1.18.3/src/lib/win_glue.c:79:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char szVerQ[90];
data/krb5-1.18.3/src/lib/win_glue.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char locAppIni[_MAX_PATH];
data/krb5-1.18.3/src/lib/win_glue.c:132:2:  [2] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
	lstrcpy(cp, "ProductName");
data/krb5-1.18.3/src/lib/win_glue.c:143:2:  [2] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
	lstrcpy(cp, "ProductVersion");
data/krb5-1.18.3/src/lib/win_glue.c:238:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/krb5-1.18.3/src/lib/win_glue.c:295:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char AppTitle[APPVERINFO_SIZE];
data/krb5-1.18.3/src/lib/win_glue.c:296:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char AppVer[APPVERINFO_SIZE];
data/krb5-1.18.3/src/lib/win_glue.c:297:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char AppIni[APPVERINFO_SIZE];
data/krb5-1.18.3/src/plugins/audit/test/au_test.c:57:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    au_fd = fopen("au.log", "a+");
data/krb5-1.18.3/src/plugins/authdata/greet_client/greet.c:125:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    data.data = (char *)authdata[0]->contents;
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:62:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        hops = (envstr != NULL) ? atoi(envstr) : 1;
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:74:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (envstr != NULL && atoi(envstr) == mech_last_octet)
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:125:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (envstr != NULL && atoi(envstr) == mech_last_octet) {
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:149:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(output_token->value, &ctx->hops, 1);
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:241:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (envstr != NULL && atoi(envstr) == mech_last_octet)
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:244:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (envstr != NULL && atoi(envstr) == mech_last_octet)
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:265:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (envstr != NULL && atoi(envstr) == mech_last_octet)
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:274:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char auth_scheme[16])
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:279:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(auth_scheme, mech_oid->elements, mech_oid->length);
data/krb5-1.18.3/src/plugins/kadm5_auth/test/main.c:257:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    snprintf(buf, sizeof(buf), "%d", atoi(val) + 1);
data/krb5-1.18.3/src/plugins/kdb/db2/adb_openclose.c:155:41:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
data/krb5-1.18.3/src/plugins/kdb/db2/adb_openclose.c:160:45:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r"))
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_db2.c:146:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*opt, input, pos - input);
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_db2.c:496:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((dbc->db_lf_file = open(dbc->db_lf_name, O_RDWR, 0666)) < 0) {
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_db2.c:497:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((dbc->db_lf_file = open(dbc->db_lf_name, O_RDONLY, 0666)) < 0) {
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_db2.c:624:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ], zbuf[BUFSIZ];
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_db2.c:626:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(filename, O_RDWR, 0);
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_db2.c:697:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC,
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_db2.c:1032:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(curs->keycopy.data, curs->key.data, curs->key.size);
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_xdr.c:170:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(nextloc, entry->e_data, entry->e_length);
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_xdr.c:182:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    (void) memcpy(nextloc, unparse_princ, unparse_princ_size);
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_xdr.c:192:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(nextloc, tl_data->tl_data_contents, tl_data->tl_data_length);
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_xdr.c:213:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(nextloc, entry->key_data[i].key_data_contents[j],length);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_debug.c:68:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((tracefp = fopen("/tmp/__bt_debug", "w")) != NULL)
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:206:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((t->bt_fd = open(fname, flags | O_BINARY, mode)) < 0)
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:405:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[MAXPATHLEN];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:426:12:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	if ((fd = mkstemp(path)) != -1)
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_put.c:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *dest, db[NOVFLSIZE], kb[NOVFLSIZE];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/btree.h:126:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bytes[1];		/* data */
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/btree.h:176:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bytes[1];		/* data */
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/btree.h:208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	bytes[1];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/dbm.c:167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[MAXPATHLEN];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash.c:132:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((hashp->fp = open(file, flags|O_BINARY, mode)) == -1)
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c:390:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(hashp->bigkey_buf + len,
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c:421:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hashp->bigkey_buf + len, BIGKEY(pagep), BIGKEYLEN(pagep));
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c:457:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(hashp->bigdata_buf + totlen - BIGDATALEN(pagep),
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c:476:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hashp->bigdata_buf + totlen - BIGDATALEN(pagep),
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_debug.c:96:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&var, key.data, sizeof(int));
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c:459:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp_pagep, old_pagep, hashp->hdr.bsize);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:163:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char _tmp[4];							\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:164:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	_tmp[0] = ((char *)a)[0];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:165:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	_tmp[1] = ((char *)a)[1];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:166:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	_tmp[2] = ((char *)a)[2];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:167:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	_tmp[3] = ((char *)a)[3];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:168:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[0] = _tmp[3];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:169:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[1] = _tmp[2];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:170:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[2] = _tmp[1];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:171:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[3] = _tmp[0];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:192:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char _tmp[2];							\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:193:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	_tmp[0] = ((char *)a)[0];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:194:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	_tmp[1] = ((char *)a)[1];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:195:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[0] = _tmp[1];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/include/db-int.h:196:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)a)[1] = _tmp[0];					\
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_open.c:71:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:203:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *dest, db[NOVFLSIZE];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:216:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(db, &pg, sizeof(pg));
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c:18:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fopen(), *fin;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c:21:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fin = fopen("data","r")) == NULL) {
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:208:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			b.cachesize = atoi(optarg);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:220:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			b.psize = atoi(optarg);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:261:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *lbuf, *argv[4], buf[512];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:263:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((ifp = fopen("/dev/tty", "r")) == NULL) {
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:310:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			nlong = atoi(argv[1]);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:669:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(argv[1], "w")) == NULL) {
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:692:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(argv[1], "w")) == NULL) {
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:719:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *lp, buf[16 * 1024];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:722:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(argv[1], "r")) == NULL) {
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:866:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	pg = atoi(argv[1]);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:954:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	pg = atoi(argv[1]);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *fname, *infoarg, *p, *t, buf[8 * 1024];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:153:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if ((ofd = open(optarg,
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:314:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				recno = atoi(p + 1);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:702:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ib.flags = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:706:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ib.cachesize = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:710:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ib.maxkeypage = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:714:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ib.minkeypage = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:718:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ib.lorder = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:722:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ib.psize = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:728:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ih.bsize = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:732:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ih.ffactor = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:736:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ih.nelem = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:740:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ih.cachesize = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:744:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			ih.lorder = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:750:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			rh.flags = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:754:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			rh.cachesize = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:758:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			rh.lorder = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:762:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			rh.reclen = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:766:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			rh.bval = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:770:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			rh.psize = atoi(eq);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:792:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(name, O_RDONLY, 0)) < 0 ||
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	keybuf[2049];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	contentbuf[2049];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[256];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c:55:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp1[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c:56:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp2[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c:70:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ctl.bsize = atoi(*argv++);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c:71:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ctl.ffactor = atoi(*argv++);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c:72:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ctl.nelem = atoi(*argv++);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c:56:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp1[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c:57:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp2[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c:72:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ctl.bsize = atoi(*argv++);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c:73:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ctl.ffactor = atoi(*argv++);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c:106:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen ( argv[0], "r");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c:57:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp1[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c:58:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp2[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c:73:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ctl.bsize = atoi(*argv++);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c:74:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ctl.ffactor = atoi(*argv++);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c:75:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ctl.nelem = atoi(*argv++);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c:76:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ctl.cachesize = atoi(*argv++);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c:109:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen ( argv[0], "r");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tread2.c:59:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp1[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tread2.c:60:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp2[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tread2.c:75:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ctl.cachesize = atoi(*argv++);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c:56:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c:57:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	cp[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c:79:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	      memcpy ( wp, res.data, res.size );
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c:81:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	      memcpy ( cp, item.data, item.size );
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tverify.c:59:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp1[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tverify.c:60:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	wp2[8192];
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:22:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    keys = fopen("yp.keys", "rt");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:23:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    vals = fopen("yp.total", "rt");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:64:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    keys = fopen("yp.keys", "rt");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:65:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    vals = fopen("yp.total", "rt");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:123:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    keys = fopen("yp.keys", "rt");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:124:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    vals = fopen("yp.total", "rt");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:151:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    keys = fopen("yp.keys", "rt");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:152:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    vals = fopen("yp.total", "rt");
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c:8:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *pass[8], r;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c:10:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	n = atoi(argv[1]);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:186:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dlist, slist, (sizeof(char *) * copycount));
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:250:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dlist, slist, (sizeof(int) * copycount));
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:328:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5] = {0};
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:848:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char out[50];
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:411:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pw_str[1024];
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:486:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                rparams->search_scope = atoi(argv[i]);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:553:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char krb_location[MAX_KRB_CONTAINER_LEN];
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:812:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                rparams->search_scope = atoi(argv[i]);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:913:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char out[50];
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1170:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp, new_tl_data->tl_data_contents, tl_data->tl_data_length);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1207:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(nextloc+4, unparse_mod_princ, unparse_mod_princ_size);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1451:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5] = {0};
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[MAX_SERVICE_PASSWD_LEN];
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAX_LEN];
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:155:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char prompt1[256], prompt2[256];
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:193:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    pfile = fopen(file_name, "a+");
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:245:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        newfile = fopen(tmp_file, "w");
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:308:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            global_params.kvno = (krb5_kvno) atoi(koptarg);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:129:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *attrs[2], **values = NULL;
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c:76:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp, new_tl_data->tl_data_contents, tl_data->tl_data_length);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:238:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            ctx->max_server_conns = atoi(val) ? atoi(val) :
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:238:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            ctx->max_server_conns = atoi(val) ? atoi(val) :
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:280:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            ctx->ldap_debug = atoi(val);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:628:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr + 3, str, len);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:935:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *val_out = atoi(values[0]);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1085:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[3 * sizeof(val) + 2];
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1157:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *refcntattr[2];
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1607:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            tl->tl_data_contents = (unsigned char *)strdup(a2d2[i]);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:96:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((*out)->tl_data_contents, in->bv_val + 2, (*out)->tl_data_length);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:467:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(key_data, key_data_in, n_key_data * sizeof(*key_data));
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:614:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((*out)->bv_val + 2, in->tl_data_contents, in->tl_data_length);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:628:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *strval[10] = { 0 };
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:771:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                        *strval[10]={NULL}, errbuf[1024];
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1659:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tmp, keysets[i].key_data,
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *strval[2] = { NULL };
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                        *strval[2]={NULL}, *policy_dn=NULL;
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:472:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                        *strval[2]={NULL}, **rdns=NULL;
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:580:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                        *strval[4]={NULL};
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:581:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                        *contref[2]={NULL};
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:815:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            rlparams->search_scope=atoi(values[0]);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:824:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            rlparams->max_life = atoi(values[0]);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:830:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            rlparams->max_renewable_life = atoi(values[0]);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:836:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            rlparams->tktflags = atoi(values[0]);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[RECORDLEN], *end;
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:75:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(filename, "r");
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                        *strval[3]={NULL}, *policy_dn = NULL;
data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c:435:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(filename, O_RDWR | O_CLOEXEC, 0);
data/krb5-1.18.3/src/plugins/kdb/test/kdb_test.c:98:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *names[6];
data/krb5-1.18.3/src/plugins/kdb/test/kdb_test.c:213:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(rndin.data + pos, cksum.contents, n);
data/krb5-1.18.3/src/plugins/kdb/test/kdb_test.c:564:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(key_out->contents, kd->key_data_contents[0], key_out->length);
data/krb5-1.18.3/src/plugins/kdb/test/kdb_test.c:584:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(kd_out->key_data_contents[0], key->contents, key->length);
data/krb5-1.18.3/src/plugins/preauth/otp/otp_state.c:85:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[MAX_SECRET_LEN];
data/krb5-1.18.3/src/plugins/preauth/otp/otp_state.c:99:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename, "r");
data/krb5-1.18.3/src/plugins/preauth/otp/otp_state.c:182:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *keys[4];
data/krb5-1.18.3/src/plugins/preauth/otp/otp_state.c:300:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *hier[2] = { "otp", NULL };
data/krb5-1.18.3/src/plugins/preauth/otp/otp_state.c:566:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hostname[HOST_NAME_MAX + 1];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:196:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char manufacturer_id[32];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:198:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char library_description[32];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:213:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char slot_description[64];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:214:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char manufacturer_id[32];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:229:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char label[32];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:230:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char manufacturer_id[32];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:231:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char model[16];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:232:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char serial_number[16];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:246:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char utc_time[16];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:467:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char year[4];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:468:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char month[2];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkcs11.h:469:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char day[2];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:482:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *str, buf[128];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1136:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char md_data[EVP_MAX_MD_SIZE], md_data2[EVP_MAX_MD_SIZE];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1179:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[DN_BUF_LEN];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1450:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[DN_BUF_LEN];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1493:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(d, ASN1_STRING_get0_data(*octets), *data_len);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1751:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(*authz_data, authz->data, authz->length);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:1963:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[DN_BUF_LEN];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2161:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[DN_BUF_LEN];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2237:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char md[SHA_DIGEST_LENGTH];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2259:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf + offset, md, dh_key_len - offset);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2261:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf + offset, md, sizeof(md));
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3216:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(algId[0]->parameters.data, buf2, buf2_len);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3226:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(algId[1]->parameters.data, buf3, buf3_len);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3236:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(algId[2]->parameters.data, buf1, buf1_len);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3251:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(algId[0]->parameters.data, buf2, buf2_len);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3261:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(algId[1]->parameters.data, buf3, buf3_len);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3276:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(algId[0]->parameters.data, buf3, buf3_len);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3452:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[DN_BUF_LEN];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3513:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, data, data_len);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3545:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*outdata, p, tlen);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4169:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(idopts->cert_filename, "rb");
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4192:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char prompt_reply[128];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4390:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char certname[1024];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4391:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keyname[1024];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[1024];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5378:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[DN_BUF_LEN];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5601:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[DN_BUF_LEN];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5612:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            p = (unsigned char *)krb5_trusted_certifiers[i]->subjectName.data;
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5626:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            p = (unsigned char *)
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5643:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            p = (unsigned char *)
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5792:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char uc[32];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_kdf_test.c:47:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char twenty_as[10];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_kdf_test.c:48:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char eighteen_bs[9];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_lib.c:279:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst->data, src->data, src->length);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_lib.c:306:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((f = fopen(filename, "w")) == NULL)
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_matching.c:263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char err_buf[128];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_matching.c:337:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(value, *rule, len);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_profile.c:94:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *names[5];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_profile.c:226:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *names[5];
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_profile.c:229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char realmstr[1024];
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/grail.c:162:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tval_string[256], prompt[256];
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passcode[LENPRNST+1];
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:67:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char PIN_message[64];            /* Max length should be 50 chars */
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:292:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passcode[LENPRNST+1];
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:381:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(passcode, esre2->sam_sad.data, esre2->sam_sad.length);
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:315:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(s_copy, s, 32);
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:924:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  signed char e[64];
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:1669:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(wreduced, wbytes, 32);
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:1691:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(priv_out, private, 32);
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:1713:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(wreduced, wbytes, 32);
data/krb5-1.18.3/src/plugins/preauth/spake/spake_kdc.c:161:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *keys[4];
data/krb5-1.18.3/src/plugins/preauth/spake/util.c:126:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(prf_input.data, prefix, prefix_len);
data/krb5-1.18.3/src/plugins/pwqual/test/main.c:62:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(dict_file, O_RDONLY);
data/krb5-1.18.3/src/plugins/tls/k5tls/openssl.c:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/krb5-1.18.3/src/plugins/tls/k5tls/openssl.c:173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/krb5-1.18.3/src/plugins/tls/k5tls/openssl.c:232:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/krb5-1.18.3/src/plugins/tls/k5tls/openssl.c:351:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(path, "r");
data/krb5-1.18.3/src/plugins/tls/k5tls/openssl.c:372:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[1024];
data/krb5-1.18.3/src/tests/adata.c:146:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ad->ad_type = atoi(typestr);
data/krb5-1.18.3/src/tests/asn.1/ktest.c:60:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cs->contents,"1234",4);
data/krb5-1.18.3/src/tests/asn.1/ktest.c:70:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(kb->contents,"12345678",8);
data/krb5-1.18.3/src/tests/asn.1/ktest.c:162:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ad->contents, "foobar", 6);
data/krb5-1.18.3/src/tests/asn.1/ktest.c:238:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pad->contents, "pa-data", 7);
data/krb5-1.18.3/src/tests/asn.1/ktest.c:919:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ad->contents, str, ad->length);
data/krb5-1.18.3/src/tests/asn.1/ktest.c:941:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(vmac->checksum.contents, cksumstr, vmac->checksum.length);
data/krb5-1.18.3/src/tests/asn.1/make-vectors.c:46:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char buf[8192];
data/krb5-1.18.3/src/tests/asn.1/make-vectors.c:206:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf + buf_pos, data, size);
data/krb5-1.18.3/src/tests/asn.1/t_trval.c:96:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((fp = fopen(*argv,"r")) == NULL) {
data/krb5-1.18.3/src/tests/asn.1/utility.c:95:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(d->data, s, d->length);
data/krb5-1.18.3/src/tests/asn.1/utility.c:105:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2];
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[4096], tmp2[BUFSIZ], *str_newprinc;
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:98:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char principal_string[BUFSIZ];
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:117:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            depth = atoi(optarg);       /* how deep to go */
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:130:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            num_to_create = atoi(optarg);
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:139:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            master_keyblock.enctype = atoi(optarg);
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:219:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                  princ_name[4096];
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:326:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *args[2];
data/krb5-1.18.3/src/tests/dejagnu/t_inetd.c:87:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if(atoi(argv[1]) == 0) usage();
data/krb5-1.18.3/src/tests/dejagnu/t_inetd.c:89:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    port = htons(atoi(argv[1]));
data/krb5-1.18.3/src/tests/etinfo.c:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char etname[256];
data/krb5-1.18.3/src/tests/etinfo.c:139:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pa_type = atoi(argv[3]);
data/krb5-1.18.3/src/tests/gss-threads/gss-client.c:304:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(file_name, O_RDONLY, 0);
data/krb5-1.18.3/src/tests/gss-threads/gss-client.c:748:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            port = atoi(*argv);
data/krb5-1.18.3/src/tests/gss-threads/gss-client.c:760:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            max_threads = atoi(*argv);
data/krb5-1.18.3/src/tests/gss-threads/gss-client.c:778:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            ccount = atoi(*argv);
data/krb5-1.18.3/src/tests/gss-threads/gss-client.c:786:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            mcount = atoi(*argv);
data/krb5-1.18.3/src/tests/gss-threads/gss-misc.c:165:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char lenbuf[4];
data/krb5-1.18.3/src/tests/gss-threads/gss-misc.c:233:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char lenbuf[4];
data/krb5-1.18.3/src/tests/gss-threads/gss-server.c:370:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(copied_token.value, context_token.value, copied_token.length);
data/krb5-1.18.3/src/tests/gss-threads/gss-server.c:708:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            port = atoi(*argv);
data/krb5-1.18.3/src/tests/gss-threads/gss-server.c:714:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            max_threads = atoi(*argv);
data/krb5-1.18.3/src/tests/gss-threads/gss-server.c:736:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                logfile = fopen(*argv, "a");
data/krb5-1.18.3/src/tests/gssapi/t_enctypes.c:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ename[128];
data/krb5-1.18.3/src/tests/gssapi/t_invalid.c:216:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(wrapped + 4, mech_krb5.elements, 9);
data/krb5-1.18.3/src/tests/gssapi/t_invalid.c:217:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(wrapped + 13, token, len);
data/krb5-1.18.3/src/tests/gssapi/t_invalid.c:228:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tokbuf[128];
data/krb5-1.18.3/src/tests/gssapi/t_invalid.c:258:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tokbuf[128];
data/krb5-1.18.3/src/tests/gssapi/t_invalid.c:293:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tokbuf[128];
data/krb5-1.18.3/src/tests/gssapi/t_invalid.c:341:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tokbuf[128];
data/krb5-1.18.3/src/tests/gssapi/t_invalid.c:358:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tokbuf, test->token + 13, 24);
data/krb5-1.18.3/src/tests/gssapi/t_invalid.c:369:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tokbuf, test->token + 13, 24);
data/krb5-1.18.3/src/tests/gssapi/t_invalid.c:405:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(in.value, value, len);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:60:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf + len, iov[i].buffer.value, iov[i].buffer.length);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:117:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[1024], *fulltoken;
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:123:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, string1, strlen(string1) + 1);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:137:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, string2, strlen(string2) + 1);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:154:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, string3, strlen(string3) + 1);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:168:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    offset = (char *)stiov[1].buffer.value - fulltoken;
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:238:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, wrap, strlen(wrap));
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:269:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[1024], *fulltoken;
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:319:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    offset = (char *)stiov[2].buffer.value - fulltoken;
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:406:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char concat[1024], data[1024];
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:450:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[1024];
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:453:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, wrap, strlen(wrap) + 1);
data/krb5-1.18.3/src/tests/gssapi/t_pcontok.c:67:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char *token, *ptr, iv[8];
data/krb5-1.18.3/src/tests/gssapi/t_pcontok.c:103:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, mech_krb5.elements, mech_krb5.length);
data/krb5-1.18.3/src/tests/gssapi/t_pcontok.c:120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr + 8, cksum.contents, cksize);
data/krb5-1.18.3/src/tests/gssapi/t_pcontok.c:126:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(iv, ptr + 8, 8);
data/krb5-1.18.3/src/tests/gssapi/t_prf.c:111:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, bytes, len);
data/krb5-1.18.3/src/tests/gssapi/t_prf.c:126:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char k1buf[32], k2buf[32], outbuf[44];
data/krb5-1.18.3/src/tests/gssapi/t_spnego.c:56:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newtok, prefix, plen);
data/krb5-1.18.3/src/tests/gssapi/t_spnego.c:57:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newtok + plen, *tok, *len);
data/krb5-1.18.3/src/tests/gssapi/t_spnego.c:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lenbuf[3];
data/krb5-1.18.3/src/tests/gssapi/t_spnego.c:89:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(wrapped + 1, lenbuf, llen);
data/krb5-1.18.3/src/tests/gssapi/t_spnego.c:90:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(wrapped + 1 + llen, *tok, *len);
data/krb5-1.18.3/src/tests/gssapi/t_spnego.c:120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tok, ktok->value, len);
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefix[BUFSIZ], client[4096], server[4096];
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ctmp[4096], ctmp2[BUFSIZ], stmp[4096], stmp2[BUFSIZ];
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:146:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    repeat_count = atoi(optarg); /* how many times? */
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:152:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    depth = atoi(optarg);       /* how deep to go */
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:159:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    num_to_check = atoi(optarg);
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:162:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    patypedata[0] = atoi(optarg);
data/krb5-1.18.3/src/tests/icred.c:79:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            ptypes[nptypes++] = atoi(optarg);
data/krb5-1.18.3/src/tests/localauth.c:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/krb5-1.18.3/src/tests/misc/test_getpw.c:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pwbuf[BUFSIZ];
data/krb5-1.18.3/src/tests/misc/test_nfold.c:42:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    instr = (unsigned char *) argv[1];
data/krb5-1.18.3/src/tests/misc/test_nfold.c:44:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    outlen = atoi(argv[2]);
data/krb5-1.18.3/src/tests/resolve/addrinfo-test.c:49:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[30];
data/krb5-1.18.3/src/tests/resolve/addrinfo-test.c:75:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[30];
data/krb5-1.18.3/src/tests/resolve/addrinfo-test.c:121:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[30];
data/krb5-1.18.3/src/tests/resolve/addrinfo-test.c:266:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
data/krb5-1.18.3/src/tests/resolve/resolve.c:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myname[MAXHOSTNAMELEN + 1], namebuf[NI_MAXHOST], abuf[256];
data/krb5-1.18.3/src/tests/responder.c:294:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                n = atoi(key);
data/krb5-1.18.3/src/tests/s4u2proxy.c:94:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        req_authdata = make_request_authdata(atoi(argv[3]), argv[4]);
data/krb5-1.18.3/src/tests/s4u2self.c:89:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        req_authdata = make_request_authdata(atoi(argv[4]), argv[5]);
data/krb5-1.18.3/src/tests/shlib/t_loader.c:132:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char pbuf[3*sizeof(libhandle)+4];
data/krb5-1.18.3/src/tests/softpkcs11/main.c:410:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(o->attrs[i].attribute.pValue, pValue, ulValueLen);
data/krb5-1.18.3/src/tests/softpkcs11/main.c:499:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        f = fopen(cert_file, "r");
data/krb5-1.18.3/src/tests/softpkcs11/main.c:667:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        f = fopen(private_key_file, "r");
data/krb5-1.18.3/src/tests/softpkcs11/main.c:775:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024], *cert, *key, *id, *label, *s, *p;
data/krb5-1.18.3/src/tests/softpkcs11/main.c:779:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fn, "r");
data/krb5-1.18.3/src/tests/softpkcs11/main.c:894:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    soft_token.logfile = fopen("/tmp/log-pkcs11.txt", "a");
data/krb5-1.18.3/src/tests/softpkcs11/main.c:1210:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        f = fopen(o->u.private_key.file, "r");
data/krb5-1.18.3/src/tests/softpkcs11/main.c:1294:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(pTemplate[i].pValue, obj->attrs[j].attribute.pValue,
data/krb5-1.18.3/src/tests/softpkcs11/main.c:1341:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(state->find.attributes[i].pValue,
data/krb5-1.18.3/src/tests/softpkcs11/main.c:1451:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, pMechanism, sizeof(*p));
data/krb5-1.18.3/src/tests/softpkcs11/main.c:1571:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pEncryptedData, buffer, len);
data/krb5-1.18.3/src/tests/softpkcs11/main.c:1723:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pData, buffer, len);
data/krb5-1.18.3/src/tests/softpkcs11/main.c:1881:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pSignature, buffer, len);
data/krb5-1.18.3/src/tests/test1.c:29:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char key_one[8] = { 0x10, 0x23, 0x32, 0x45, 0x54, 0x67, 0x76, 0x89 };
data/krb5-1.18.3/src/tests/test1.c:30:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char key_two[8] = { 0xea, 0x89, 0x57, 0x76, 0x5b, 0xcd, 0x0d, 0x34 };
data/krb5-1.18.3/src/tests/threads/t_rcache.c:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100], buf2[100], tag[8];
data/krb5-1.18.3/src/tests/threads/t_rcache.c:158:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            n_threads = atoi (optarg);
data/krb5-1.18.3/src/tests/threads/t_rcache.c:163:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            interval = atoi (optarg);
data/krb5-1.18.3/src/tests/unlockiter.c:221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *db_args[2] = { NULL, NULL };
data/krb5-1.18.3/src/tests/unlockiter.c:234:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            cb_arg.timeout = atoi(optarg);
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:87:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[4096], tmp2[BUFSIZ], *str_princ;
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:94:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char principal_string[BUFSIZ];
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:113:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            depth = atoi(optarg);       /* how deep to go */
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:126:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            num_to_check = atoi(optarg);
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:135:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            master_keyblock.enctype = atoi(optarg);
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:234:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char princ_name[4096];
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:353:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *args[2];
data/krb5-1.18.3/src/util/et/com_err.c:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errbuf[1024] = "";
data/krb5-1.18.3/src/util/et/et_name.c:54:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[6];
data/krb5-1.18.3/src/util/et/t_com_err.c:17:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffy[1024];
data/krb5-1.18.3/src/util/profile/argv_parse.c:150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    buf[256];
data/krb5-1.18.3/src/util/profile/prof_file.c:96:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(filespec, "r+");
data/krb5-1.18.3/src/util/profile/prof_file.c:120:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(filespec, "r");
data/krb5-1.18.3/src/util/profile/prof_file.c:190:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char pwbuf[BUFSIZ];
data/krb5-1.18.3/src/util/profile/prof_file.c:326:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        f = fopen(data->filespec, "r");
data/krb5-1.18.3/src/util/profile/prof_file.c:394:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(new_file, "w");
data/krb5-1.18.3/src/util/profile/prof_get.c:259:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char      *names[4];
data/krb5-1.18.3/src/util/profile/prof_get.c:315:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char      *names[4];
data/krb5-1.18.3/src/util/profile/prof_get.c:378:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char      *names[4];
data/krb5-1.18.3/src/util/profile/prof_init.c:77:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(path, modspec, p - modspec);
data/krb5-1.18.3/src/util/profile/prof_init.c:573:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(bp, pfp->data->filespec, (size_t) slen);
data/krb5-1.18.3/src/util/profile/prof_init.c:637:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(flist[i], bp, (size_t) tmp);
data/krb5-1.18.3/src/util/profile/prof_int.h:59:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char	filespec[sizeof("/etc/krb5.conf")];
data/krb5-1.18.3/src/util/profile/prof_parse.c:216:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(filename, "r");
data/krb5-1.18.3/src/util/profile/prof_parse.c:468:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2];
data/krb5-1.18.3/src/util/profile/prof_parse.c:607:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(b->base + b->cur, d, len);
data/krb5-1.18.3/src/util/profile/prof_tree.c:79:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, s, sz);
data/krb5-1.18.3/src/util/profile/profile_tcl.c:616:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1158:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1166:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[1024];
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1195:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[SWIG_BUFFER_SIZE];
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1594:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[32];
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1595:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(temp,"%d", argno+1);
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1880:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *newArgv[2];
data/krb5-1.18.3/src/util/profile/profile_tcl.c:3354:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    Tcl_CreateObjCommand(interp, (char *) swig_commands[i].name, (swig_wrapper_func) swig_commands[i].wrapper,
data/krb5-1.18.3/src/util/profile/profile_tcl.c:3358:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    Tcl_SetVar(interp, (char *) swig_variables[i].name, (char *) "", TCL_GLOBAL_ONLY);
data/krb5-1.18.3/src/util/profile/profile_tcl.c:3359:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    Tcl_TraceVar(interp, (char *) swig_variables[i].name, TCL_TRACE_READS | TCL_GLOBAL_ONLY,
data/krb5-1.18.3/src/util/profile/profile_tcl.c:3361:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    Tcl_TraceVar(interp, (char *) swig_variables[i].name, TCL_TRACE_WRITES | TCL_GLOBAL_ONLY,
data/krb5-1.18.3/src/util/profile/test_parse.c:28:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(argv[1], "r");
data/krb5-1.18.3/src/util/profile/test_profile.c:28:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            buf[256];
data/krb5-1.18.3/src/util/ss/help.c:24:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[MAXPATHLEN];
data/krb5-1.18.3/src/util/ss/help.c:63:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((fd = open(&buffer[0], O_RDONLY)) >= 0) goto got_it;
data/krb5-1.18.3/src/util/ss/help.c:65:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(&buffer[0], O_RDONLY)) < 0) {
data/krb5-1.18.3/src/util/ss/help.c:66:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[MAXPATHLEN];
data/krb5-1.18.3/src/util/ss/list_rqs.c:19:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char const twentyfive_spaces[26] =
data/krb5-1.18.3/src/util/ss/list_rqs.c:21:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char const NL[2] = "\n";
data/krb5-1.18.3/src/util/ss/list_rqs.c:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BUFSIZ];
data/krb5-1.18.3/src/util/ss/listen.c:34:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char input[BUFSIZ];
data/krb5-1.18.3/src/util/ss/listen.c:95:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(old_jmpb, listen_jmpb, sizeof(jmp_buf));
data/krb5-1.18.3/src/util/ss/listen.c:164:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(listen_jmpb, old_jmpb, sizeof(jmp_buf));
data/krb5-1.18.3/src/util/ss/mk_cmds.c:33:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c_file[MAXPATHLEN];
data/krb5-1.18.3/src/util/ss/mk_cmds.c:53:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(path, ".ct");
data/krb5-1.18.3/src/util/ss/mk_cmds.c:54:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    yyin = fopen(path, "r");
data/krb5-1.18.3/src/util/ss/mk_cmds.c:68:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    output_file = fopen(c_file, "w+");
data/krb5-1.18.3/src/util/ss/pager.c:62:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open("/dev/tty", O_WRONLY, 0);
data/krb5-1.18.3/src/util/ss/pager.c:104:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[80];
data/krb5-1.18.3/src/util/ss/test_ss.c:15:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char def_subsystem_name[5] = "test";
data/krb5-1.18.3/src/util/ss/test_ss.c:16:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char version [4] = "1.0";
data/krb5-1.18.3/src/util/support/errors.c:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:210:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8192];
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8192];
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:270:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8192];
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:298:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8192];
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:412:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[30];
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:444:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:947:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char tmpbuf[20];
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:981:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char numbuf[10];
data/krb5-1.18.3/src/util/support/hashtab.c:97:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(last, end, len % 8);
data/krb5-1.18.3/src/util/support/ipc_stream.c:183:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (io_data, io_stream->data, in_size);
data/krb5-1.18.3/src/util/support/ipc_stream.c:220:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (&io_stream->data[io_stream->size], in_data, in_size);
data/krb5-1.18.3/src/util/support/json.c:504:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(s, data, len);
data/krb5-1.18.3/src/util/support/k5buf.c:92:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_data, buf->data, buf->len);
data/krb5-1.18.3/src/util/support/k5buf.c:159:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(endptr(buf), data, len);
data/krb5-1.18.3/src/util/support/k5buf.c:218:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(endptr(buf), tmp, r + 1);
data/krb5-1.18.3/src/util/support/mkstemp.c:67:5:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
int mkstemp(path)
data/krb5-1.18.3/src/util/support/mkstemp.c:114:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			    open(path, O_CREAT|O_EXCL|O_RDWR|O_BINARY, 0600)) >= 0)
data/krb5-1.18.3/src/util/support/path.c:102:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(parent, path, pend - path);
data/krb5-1.18.3/src/util/support/plugins.c:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char d_name[_MAX_FNAME+1];  /* filename (null terminated) */
data/krb5-1.18.3/src/util/support/plugins.c:133:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(filespec, "/*");
data/krb5-1.18.3/src/util/support/plugins.c:219:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char executablepath[MAXPATHLEN];
data/krb5-1.18.3/src/util/support/t_hashtab.c:130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char zeros[100] = { 0 };
data/krb5-1.18.3/src/util/support/t_k5buf.c:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char storage[1024];
data/krb5-1.18.3/src/util/support/t_k5buf.c:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[1024];
data/krb5-1.18.3/src/util/support/t_k5buf.c:139:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char storage[10];
data/krb5-1.18.3/src/util/support/t_k5buf.c:160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char storage[1];
data/krb5-1.18.3/src/util/support/t_k5buf.c:212:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char storage[10], data[1024];
data/krb5-1.18.3/src/util/support/t_unal.c:14:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char b[9];
data/krb5-1.18.3/src/util/support/t_unal.c:16:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char buf[9] = { 0, 1, 2, 3, 4, 5, 6, 7, 8 };
data/krb5-1.18.3/src/util/support/t_utf8.c:157:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[7];
data/krb5-1.18.3/src/util/support/threads.c:44:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char destructors_set[K5_KEY_MAX];
data/krb5-1.18.3/src/util/support/threads.c:59:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char destructors_set[K5_KEY_MAX];
data/krb5-1.18.3/src/util/support/threads.c:97:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char destructors_set[K5_KEY_MAX];
data/krb5-1.18.3/src/util/verto/ev.c:466:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pad[128 - sizeof (uint32_t)];
data/krb5-1.18.3/src/util/verto/ev.c:1352:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 4);
data/krb5-1.18.3/src/util/verto/ev.c:1392:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 4);
data/krb5-1.18.3/src/util/verto/ev.c:1422:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 8);
data/krb5-1.18.3/src/util/verto/ev.c:1462:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 8);
data/krb5-1.18.3/src/util/verto/ev.c:2499:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char dummy[4];
data/krb5-1.18.3/src/util/verto/ev.c:2869:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        flags = atoi (getenv ("LIBEV_FLAGS"));
data/krb5-1.18.3/src/util/verto/ev.c:4261:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char path [4096];
data/krb5-1.18.3/src/util/verto/ev.c:4341:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf [EV_INOTIFY_BUFSIZE];
data/krb5-1.18.3/src/util/verto/ev.c:5027:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            cb (EV_A_ EV_STAT, ((char *)ANHE_w (timers [i])) - offsetof (struct ev_stat, timer));
data/krb5-1.18.3/src/util/verto/ev_select.c:155:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (vec_ro, vec_ri, fd_setsize);
data/krb5-1.18.3/src/util/verto/ev_select.c:156:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (vec_wo, vec_wi, fd_setsize);
data/krb5-1.18.3/src/util/verto/ev_select.c:164:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (vec_eo, vec_wi, fd_setsize);
data/krb5-1.18.3/src/util/windows/libecho.c:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filepath[256];
data/krb5-1.18.3/src/wconfig.c:62:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char wflags[1024];
data/krb5-1.18.3/src/wconfig.c:85:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&wflags[wlen], *argv, alen);
data/krb5-1.18.3/src/wconfig.c:110:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(tmp, *argv + ignore_len, alen - ignore_len);
data/krb5-1.18.3/src/wconfig.c:111:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(tmp + alen - ignore_len, "##", 3);
data/krb5-1.18.3/src/wconfig.c:150:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *ignore_list[64] = {
data/krb5-1.18.3/src/wconfig.c:179:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/krb5-1.18.3/src/wconfig.c:192:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(buf, path, plen);
data/krb5-1.18.3/src/wconfig.c:198:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(buf + plen + 1, fname, flen);
data/krb5-1.18.3/src/wconfig.c:200:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    fin = fopen (buf, "r");                     /* File to read */
data/krb5-1.18.3/src/windows/include/leashwin.h:48:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char username[LEASH_USERNAME_SZ];
data/krb5-1.18.3/src/windows/include/leashwin.h:49:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char realm[LEASH_REALM_SZ];
data/krb5-1.18.3/src/windows/include/leashwin.h:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ccache[LEASH_CCACHE_NAME_SZ];
data/krb5-1.18.3/src/windows/include/leashwin.h:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char title[LEASH_TITLE_SZ];
data/krb5-1.18.3/src/windows/include/leashwin.h:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char username[LEASH_USERNAME_SZ];
data/krb5-1.18.3/src/windows/include/leashwin.h:56:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char realm[LEASH_REALM_SZ];
data/krb5-1.18.3/src/windows/include/leashwin.h:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ccache[LEASH_CCACHE_NAME_SZ];
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:143:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR tchVersionString[1024];
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:144:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR tchVersionKey[2048];
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:481:21:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    TCHAR buf[256];
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:738:5:  [2] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
    lstrcpy(target,_T(","));
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:740:5:  [2] (buffer) lstrcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant string.
    lstrcat(target,_T(","));
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:742:5:  [2] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
    lstrcpy(charset,_T(","));
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:744:5:  [2] (buffer) lstrcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant string.
    lstrcat(charset,_T(","));
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:760:8:  [2] (buffer) lstrcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant string.
       lstrcat(str, _T(","));
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:319:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    HANDLE h; char *ptbuf[1];
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:334:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    HANDLE h; char *ptbuf[1],buf[MAXBUF_+1];
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:361:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char mutexName[MAX_PATH];
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:364:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(mutexName, "AFS KFW Init pid=%d", getpid());
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:571:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:577:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(addrs[i]->contents,local_addrs[i]->contents,
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:590:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:595:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(addrs[i]->contents,&netIPAddr,4);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:956:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cachename[MAX_PATH + 8] = "FILE:";
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:1015:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cachename[MAX_PATH + 8] = "FILE:";
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:1091:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cachename[MAX_PATH + 8] = "FILE:";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:162:24:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    dwLogonScriptLen = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, lpTemp, -1, NULL, 0);
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:167:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	if (MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, lpTemp, -1, lpScript, 2 * dwLogonScriptLen))
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char uname[MAX_USERNAME_LENGTH+1]="";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char password[MAX_PASSWORD_LENGTH+1]="";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:192:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char logonDomain[MAX_DOMAIN_LENGTH+1]="";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:227:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char station[64]="station";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[64];
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:285:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[MAX_PATH+1] = "";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:286:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char acctname[MAX_USERNAME_LENGTH+MAX_DOMAIN_LENGTH+3]="";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:378:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msg[128];
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:380:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *ptbuf[1];
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  szUserA[128] = "";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:462:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPath[MAX_PATH] = "";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:463:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLogonId[128] = "";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:465:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[MAX_PATH] = "";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newfilename[MAX_PATH] = "";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:467:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char commandline[MAX_PATH+256] = "";
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:577:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char commandline[MAX_PATH+256] = "";
data/krb5-1.18.3/src/windows/leash/KrbListTickets.cpp:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message[256];
data/krb5-1.18.3/src/windows/leash/KrbListTickets.cpp:79:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[100];
data/krb5-1.18.3/src/windows/leash/KrbListTickets.cpp:113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Buffer[256];
data/krb5-1.18.3/src/windows/leash/Leash.cpp:158:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char modulePath[MAX_PATH];
data/krb5-1.18.3/src/windows/leash/Leash.cpp:199:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char username[64]="";
data/krb5-1.18.3/src/windows/leash/Leash.cpp:200:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char realm[192]="";
data/krb5-1.18.3/src/windows/leash/Leash.cpp:419:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char ms_realm[128] = "", *def_realm = 0, *r;
data/krb5-1.18.3/src/windows/leash/Leash.cpp:806:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char confname[257];
data/krb5-1.18.3/src/windows/leash/Leash.cpp:807:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char realm[256]="";
data/krb5-1.18.3/src/windows/leash/Leash.cpp:817:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const char *filenames[2];
data/krb5-1.18.3/src/windows/leash/Leash.cpp:824:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				FILE * f = fopen(confname,"w");
data/krb5-1.18.3/src/windows/leash/Leash.cpp:852:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char domain[256]="";
data/krb5-1.18.3/src/windows/leash/Leash.cpp:875:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char realmkey[256]="SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Domains\\";
data/krb5-1.18.3/src/windows/leash/Leash.cpp:903:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char subkey[256];
data/krb5-1.18.3/src/windows/leash/Leash.cpp:975:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(realm, krb5_princ_realm(ctx,me)->data,
data/krb5-1.18.3/src/windows/leash/Leash.cpp:1069:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   password[PROBE_PASSWORD_LEN+1];
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szModNames[1024];
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char checkName[1024];
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:127:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szModName[2048];
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:173:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR filename[1024];
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:183:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR szVerQ[(sizeof("\\StringFileInfo\\12345678\\") +
data/krb5-1.18.3/src/windows/leash/LeashAboutBox.cpp:224:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR version[100];
data/krb5-1.18.3/src/windows/leash/LeashDebugWindow.cpp:164:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(pDebugText, "\r\n");
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:226:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR timeFormat[80]; // 80 is max required for LOCALE_STIMEFORMAT
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:285:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR minutesStr[MAX_DURATION_STR+1];
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:286:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR hoursStr[MAX_DURATION_STR+1];
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:579:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char username[64];
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:580:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char realm[192];
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:928:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char defname[20];
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:1039:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR tempStr[MAX_DURATION_STR+1];
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:1195:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char *filenames[2];
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:1495:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(debugFilePath, "\\LshDebug.log");
data/krb5-1.18.3/src/windows/leash/MainFrm.cpp:216:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        rect.left = atoi((const char*) strText);
data/krb5-1.18.3/src/windows/leash/MainFrm.cpp:217:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        rect.top = atoi((const char*) strText + 5);
data/krb5-1.18.3/src/windows/leash/MainFrm.cpp:218:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        rect.right = atoi((const char*) strText + 10);
data/krb5-1.18.3/src/windows/leash/MainFrm.cpp:219:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        rect.bottom = atoi((const char*) strText + 15);
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:35:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static char buf[32];
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:278:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:284:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(addrs[i]->contents,local_addrs[i]->contents,
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:297:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:302:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(addrs[i]->contents,&netIPAddr,4);
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:328:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char defname[20];
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:458:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message[256];
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:664:13:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    nchar = MultiByteToWideChar (CP_ACP, 0, "", -1, lpwsz, 128);
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:668:13:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    nchar = MultiByteToWideChar (CP_ACP, 0, "MS Shell Dlg",
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:690:13:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    nchar = MultiByteToWideChar (CP_ACP, 0, "OK", -1, lpwsz, 50);
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:712:13:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    nchar = MultiByteToWideChar (CP_ACP, 0, "Cancel", -1, lpwsz, 50);
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:736:17:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
        nchar = MultiByteToWideChar (CP_ACP, 0, ptext[i],
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:767:17:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
        nchar = MultiByteToWideChar (CP_ACP, 0, tb[i].label ? tb[i].label : "",
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:790:17:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
        nchar = MultiByteToWideChar (CP_ACP, 0, tb[i].def ? tb[i].def : "",
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:809:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[256];
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:810:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf,"DialogBoxIndirect() failed: %d",GetLastError());
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:827:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * plines[16], *p = preface ? preface : "";
data/krb5-1.18.3/src/windows/leashdll/leash-int.h:27:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char KRB_HelpFile[_MAX_PATH];
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char desiredPrincipal[512];
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mapname[256];
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:116:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(mapname,"Local\\NetIDMgr_DlgInfo_%lu",tid);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:146:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:150:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char mytitle[NETID_TITLE_SZ];
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:152:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:156:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:161:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:165:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:195:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mapname[256];
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:197:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(mapname,"Local\\NetIDMgr_DlgInfo_%lu",tid);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:248:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:252:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char mytitle[NETID_TITLE_SZ];
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:254:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:258:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:263:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:267:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:271:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:518:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char principal[255], oldpassword[255], newpassword[255],
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:520:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *strings[STATE_NEWPWD2 + 1] = {
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gbuf[200];                 /* global buffer for random stuff. */
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:816:4:  [2] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
			lstrcpy(cp, "(This may be because your CAPS LOCK key is down.)");
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:886:25:  [2] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
                        lstrcpy(cp, "(This may be because your CAPS LOCK key is down.)");
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1069:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[64]="";
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1079:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(p,"%d day(s) ",value / (60 * 24));
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1085:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(p,"%d hour(s) ",value / 60);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1089:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(p,"%d minute(s) ",value);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1242:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char principal[256]="";
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1243:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char password[256]="";
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1570:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char gbuf[256];
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1602:4:  [2] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
			lstrcpy(cp, "(This may be because your CAPS LOCK key is down.)");
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1670:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char password[256]="";
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1671:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char password2[256]="";
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1672:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char password3[256]="";
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1676:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char principal[256];
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1837:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char gbuf[256];
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1863:4:  [2] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
			lstrcpy(cp, "(This may be because your CAPS LOCK key is down.)");
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:17:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char KRB_HelpFile[_MAX_PATH] =	HELPFILE;
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message[2048];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:83:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[1024];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:460:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    aname[ANAME_SZ];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    inst[INST_SZ];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:462:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    realm[REALM_SZ];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:463:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    first_part[256];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    second_part[256];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:465:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    temp[1024];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:757:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpHelpFile[256];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:955:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char env[32];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:961:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(env);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:977:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const char *filenames[2];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1009:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char buf[256];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1044:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char lifetime[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1049:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(lifetime);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1110:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char env[32];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1115:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(env);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1129:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const char *filenames[2];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1161:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char buf[256];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1195:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char renew_till[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1200:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(renew_till);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1262:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char env[32];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1267:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(env);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1281:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const char *filenames[2];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1302:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char forwardable[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1307:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(forwardable);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1368:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char env[32];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1373:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(env);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1387:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const char *filenames[2];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1408:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char renewable[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1413:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(renewable);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1474:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char env[32];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1486:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const char *filenames[2];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1509:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(env);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1521:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char noaddresses[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1586:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char env[32];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1591:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(env);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1605:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const char *filenames[2];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1626:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char proxiable[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1631:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(proxiable);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1692:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char env[32];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1697:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(env);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1709:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char publicip[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1714:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(publicip);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1786:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char hide_kinit_options[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1791:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(hide_kinit_options);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1865:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char life_min[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1870:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(life_min);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1942:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char life_max[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1947:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(life_max);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2019:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char renew_min[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2024:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(renew_min);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2096:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char renew_max[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2101:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(renew_max);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2173:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char uppercaserealm[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2178:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(uppercaserealm);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2250:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char mslsa_import[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2255:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(mslsa_import);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2328:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char preserve_kinit_settings[80];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2333:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(preserve_kinit_settings);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2500:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mapname[256];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2503:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(mapname,"Local\\NetIDMgr_DlgInfo_%lu",tid);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2528:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2532:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char mytitle[NETID_TITLE_SZ];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2534:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2538:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2543:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2547:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2551:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	    MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2686:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ccachename[272]="";
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2687:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loginenv[16];
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2729:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ms_realm[128] = "", *def_realm = NULL, *r;
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2796:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char 		ccachename[272]="";
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2797:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char 		loginenv[16];
data/krb5-1.18.3/src/windows/leashdll/lshutil.cpp:113:32:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
            DWORD nLengthW = ::MultiByteToWideChar(CP_ACP,
data/krb5-1.18.3/src/windows/leashdll/lshutil.cpp:118:23:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
                if (::MultiByteToWideChar(CP_ACP,
data/krb5-1.18.3/src/windows/leashdll/timesync.c:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        hostname[128];
data/krb5-1.18.3/src/windows/leashdll/timesync.c:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        value[80];
data/krb5-1.18.3/src/windows/leashdll/timesync.c:141:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(hostname, "time");
data/krb5-1.18.3/src/windows/leashdll/timesync.c:153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                tmpstr[2048];
data/krb5-1.18.3/src/windows/leashdll/timesync.c:154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                hostname[128];
data/krb5-1.18.3/src/windows/leashdll/timesync.c:160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                name[80];
data/krb5-1.18.3/src/windows/leashdll/timesync.c:192:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(tmpstr, "Unable to syncronize time!\n\n");
data/krb5-1.18.3/src/windows/leashdll/timesync.c:195:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char                tmpstr1[2048];
data/krb5-1.18.3/src/windows/leashdll/timesync.c:217:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                buffer[512];
data/krb5-1.18.3/src/windows/leashdll/timesync.c:234:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((struct sockaddr *)&sin.sin_addr, host->h_addr, host->h_length);
data/krb5-1.18.3/src/windows/leashdll/timesync.c:287:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(tmpstr, "To be able to use the Kerberos server, it was necessary to \nset the system time to:  ") ;
data/krb5-1.18.3/doc/doxy_examples/cc_set_config.c:14:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   config_data.length = strlen(config_data.data);
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:209:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            send_tok.length = strlen(username);
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:224:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pwbuf.length = strlen(password);
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:264:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send_tok.length = strlen(service_name);
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:394:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    count = read(fd, in_buf->value, in_buf->length);
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:564:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        in_buf.length = strlen((char *)in_buf.value);
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:662:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t i, mechlen = strlen(mechanism);
data/krb5-1.18.3/src/appl/gss-sample/gss-client.c:680:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tok.length = strlen(tok.value);
data/krb5-1.18.3/src/appl/gss-sample/gss-server.c:126:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name_buf.length = strlen(name_buf.value) + 1;
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:163:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
            strncpy(abuf, "[error, cannot print address?]",
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:165:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
            strncpy(pbuf, "[?]", sizeof(pbuf)-1);
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:168:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(mbuf, "error contacting ", sizeof(mbuf)-1);
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:169:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1);
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:169:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1);
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:170:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
        strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1);
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:170:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1);
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:171:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1);
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:171:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1);
data/krb5-1.18.3/src/appl/sample/sclient/sclient.c:191:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cksum_data.length = strlen(argv[1]);
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:216:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(repbuf, "You are <unparse error>\n", sizeof(repbuf) - 1);
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:218:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(repbuf, "You are ", sizeof(repbuf) - 1);
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:219:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf));
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:219:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf));
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:220:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
        strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf));
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:220:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf));
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:223:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    xmitlen = htons(strlen(repbuf));
data/krb5-1.18.3/src/appl/sample/sserver/sserver.c:224:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    recv_data.length = strlen(repbuf);
data/krb5-1.18.3/src/appl/simple/client/sim_client.c:197:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    inbuf.length = strlen(hostname);
data/krb5-1.18.3/src/appl/simple/client/sim_client.c:270:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    inbuf.length = strlen(message);
data/krb5-1.18.3/src/appl/user_user/client.c:181:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(princ) + 1;
data/krb5-1.18.3/src/ccapi/common/cci_cred_union.c:844:22:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        *out_equal = equal;
data/krb5-1.18.3/src/ccapi/common/win/OldCC/ccutils.c:73:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    event_name = malloc(strlen(uuid_string) + strlen(suffix) + 3);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/ccutils.c:73:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    event_name = malloc(strlen(uuid_string) + strlen(suffix) + 3);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/ccutils.c:78:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(event_name, "_");
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:218:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    DWORD len = (sizeof(prefix) - 1) + 1 + strlen(postfix) + 1;
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:268:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = (sizeof(prefix) - 1) + 1 + strlen(lid) + 1 + strlen(postfix) + 1;
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:268:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = (sizeof(prefix) - 1) + 1 + strlen(lid) + 1 + strlen(postfix) + 1;
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:461:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char* p = name + strlen(name);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:483:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t name_size = strlen(name);
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:484:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t size = name_size + 1 + strlen(file) + 1;
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:505:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t  size    = strlen(prog) + strlen(arg1) + strlen(arg2) + 4;
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:505:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t  size    = strlen(prog) + strlen(arg1) + strlen(arg2) + 4;
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:505:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t  size    = strlen(prog) + strlen(arg1) + strlen(arg2) + 4;
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:512:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(result, " ");
data/krb5-1.18.3/src/ccapi/common/win/OldCC/util.cxx:514:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(result, " ");
data/krb5-1.18.3/src/ccapi/common/win/cci_os_identifier.c:45:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *out_uuid_string = malloc(1+strlen(uuidStringTemp));
data/krb5-1.18.3/src/ccapi/common/win/tls.c:33:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(p->_uuid, uuidString, UUID_SIZE-1);
data/krb5-1.18.3/src/ccapi/common/win/win-utils.c:49:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* _clientEndpoint   = (char*)malloc(strlen(UUID) + strlen(clientPrefix) + 2);
data/krb5-1.18.3/src/ccapi/common/win/win-utils.c:49:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* _clientEndpoint   = (char*)malloc(strlen(UUID) + strlen(clientPrefix) + 2);
data/krb5-1.18.3/src/ccapi/common/win/win-utils.c:57:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* _serverEndpoint   = (char*)malloc(strlen(user) + strlen(serverPrefix) + 2);
data/krb5-1.18.3/src/ccapi/common/win/win-utils.c:57:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* _serverEndpoint   = (char*)malloc(strlen(user) + strlen(serverPrefix) + 2);
data/krb5-1.18.3/src/ccapi/lib/ccapi_context.c:806:77:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        err = cci_identifier_compare (context->identifier, new_identifier, &equal);
data/krb5-1.18.3/src/ccapi/lib/ccapi_context.c:808:22:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        if (!err && !equal) {
data/krb5-1.18.3/src/ccapi/lib/win/ccapi_os_ipc.cxx:242:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            lenUUID = 1 + strlen(uuid);     /* 1+ includes terminating \0. */
data/krb5-1.18.3/src/ccapi/server/ccs_cache_collection.c:249:62:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            err = ccs_ccache_compare_name (ccache, in_name, &equal);
data/krb5-1.18.3/src/ccapi/server/ccs_cache_collection.c:251:25:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            if (!err && equal) {
data/krb5-1.18.3/src/ccapi/server/ccs_cache_collection.c:533:68:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	err = ccs_ccache_compare_identifier (old_default, in_identifier, &equal);
data/krb5-1.18.3/src/ccapi/server/ccs_cache_collection.c:537:18:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    if (!err && !equal) {
data/krb5-1.18.3/src/ccapi/server/ccs_list_internal.c:212:79:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            err = in_list->object_compare_identifier (object, in_identifier, &equal);
data/krb5-1.18.3/src/ccapi/server/ccs_list_internal.c:214:25:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            if (!err && equal) {
data/krb5-1.18.3/src/ccapi/server/ccs_list_internal.c:272:81:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            err = cci_identifier_compare (iterator->identifier, in_identifier, &equal);
data/krb5-1.18.3/src/ccapi/server/ccs_list_internal.c:274:25:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            if (!err && equal) {
data/krb5-1.18.3/src/ccapi/server/win/ccs_os_server.cpp:671:9:  [1] (buffer) lstrcpyn:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        lstrcpyn(pszClientName, (LPCTSTR)pszClientNetAddr, iMaxLen);
data/krb5-1.18.3/src/ccapi/server/win/ccs_win_pipe.c:53:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        uuidCopy = (char*)malloc(1+strlen(uuid));
data/krb5-1.18.3/src/ccapi/test/pingtest.c:83:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				       1+strlen(message));
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1570:52:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	check_once_cc_ccache_compare(ccache_a, ccache_a, &equal, ccNoError, "compare ccache with same pointer");
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1572:52:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	check_once_cc_ccache_compare(ccache_a, ccache_b, &equal, ccNoError, "compare different handles to same ccache");
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1582:52:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	check_once_cc_ccache_compare(ccache_a, ccache_b, &equal, ccNoError, "compare different ccaches");
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1583:48:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	check_once_cc_ccache_compare(ccache_a, NULL, &equal, ccErrBadParam, "NULL compare_to ccache");
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1599:94:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
cc_int32 check_once_cc_ccache_compare(cc_ccache_t ccache, cc_ccache_t compare_to, cc_uint32 *equal, cc_int32 expected_err, const char *description) {
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1616:6:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (equal) {
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1617:21:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
		actually_equal = *equal;
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1620:46:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	err = cc_ccache_compare(ccache, compare_to, equal);
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1622:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	if (!err && equal) {
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1624:32:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			check_if(actually_equal != *equal, "equal ccaches not considered equal");
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.c:1627:32:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			check_if(actually_equal != *equal, "non-equal ccaches considered equal");
data/krb5-1.18.3/src/ccapi/test/test_ccapi_ccache.h:38:94:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
cc_int32 check_once_cc_ccache_compare(cc_ccache_t ccache, cc_ccache_t compare_to, cc_uint32 *equal, cc_int32 expected_err, const char *description);
data/krb5-1.18.3/src/ccapi/test/test_ccapi_context.c:946:55:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	check_once_cc_context_compare(context_a, context_a, &equal, ccNoError, "valid params, same contexts");
data/krb5-1.18.3/src/ccapi/test/test_ccapi_context.c:947:55:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	check_once_cc_context_compare(context_a, context_b, &equal, ccNoError, "valid params, different contexts");
data/krb5-1.18.3/src/ccapi/test/test_ccapi_context.c:948:50:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	check_once_cc_context_compare(context_a, NULL, &equal, ccErrBadParam, "NULL compare_to context");
data/krb5-1.18.3/src/ccapi/test/test_ccapi_context.c:959:98:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
cc_int32 check_once_cc_context_compare(cc_context_t context, cc_context_t compare_to, cc_uint32 *equal, cc_int32 expected_err, const char *description) {
data/krb5-1.18.3/src/ccapi/test/test_ccapi_context.c:975:48:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	err = cc_context_compare(context, compare_to, equal);
data/krb5-1.18.3/src/ccapi/test/test_ccapi_context.h:30:98:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
cc_int32 check_once_cc_context_compare(cc_context_t context, cc_context_t compare_to, cc_uint32 *equal, cc_int32 expected_err, const char *description);
data/krb5-1.18.3/src/ccapi/test/test_ccapi_v2.c:1518:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        check_if(strncmp(info[actual_count]->name, expected_name_prefix, strlen(expected_name_prefix)), "got incorrect ccache name");
data/krb5-1.18.3/src/clients/kinit/kinit.c:488:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       strlen(defrealm), defrealm,
data/krb5-1.18.3/src/clients/kinit/kinit.c:489:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       strlen(KRB5_WELLKNOWN_NAMESTR),
data/krb5-1.18.3/src/clients/kinit/kinit.c:491:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       strlen(KRB5_ANONYMOUS_PRINCSTR),
data/krb5-1.18.3/src/clients/klist/klist.c:233:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        timestamp_width = (int)strlen(tmp);
data/krb5-1.18.3/src/clients/ksu/authorization.c:158:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char * kuser =  (char *) xcalloc (strlen(princname), sizeof(char));
data/krb5-1.18.3/src/clients/ksu/authorization.c:160:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      strlen(princname), kuser))
data/krb5-1.18.3/src/clients/ksu/authorization.c:599:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((r == NULL) && (strlen(line) == 0)) {
data/krb5-1.18.3/src/clients/ksu/authorization.c:631:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(lptr) == 0) return NULL;
data/krb5-1.18.3/src/clients/ksu/authorization.c:664:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(lptr) == 0) return NULL;
data/krb5-1.18.3/src/clients/ksu/authorization.c:699:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sep = ((strlen(pw_dir) == 1) && (*pw_dir == '/')) ? "" : "/";
data/krb5-1.18.3/src/clients/ksu/ccache.c:412:31:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            while (((gobble = getc(fp)) != EOF) && gobble != '\n');
data/krb5-1.18.3/src/clients/ksu/main.c:148:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen (prog_name) > 50) {
data/krb5-1.18.3/src/clients/ksu/main.c:197:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen (optarg) >= 14)
data/krb5-1.18.3/src/clients/ksu/main.c:238:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen (optarg) >= 14)
data/krb5-1.18.3/src/clients/ksu/setenv.c:70:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l_value = strlen(value);
data/krb5-1.18.3/src/clients/ksu/setenv.c:74:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(C) >= l_value) {     /* old larger; copy over */
data/krb5-1.18.3/src/clients/ksu/xmalloc.c:62:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen (src) + 1;
data/krb5-1.18.3/src/clients/kvno/kvno.c:195:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    end = buf + strlen(buf);
data/krb5-1.18.3/src/clients/kvno/kvno.c:233:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncmp(line, begin_line, strlen(begin_line)) == 0)
data/krb5-1.18.3/src/clients/kvno/kvno.c:246:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncmp(line, end_line, strlen(end_line)) == 0)
data/krb5-1.18.3/src/include/CredentialsCache.h:1422:57:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
#define         cc_context_compare(context, compare_to, equal)          \
data/krb5-1.18.3/src/include/CredentialsCache.h:1423:62:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    ((context) -> functions -> compare (context, compare_to, equal))
data/krb5-1.18.3/src/include/CredentialsCache.h:1474:55:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
#define         cc_ccache_compare(ccache, compare_to, equal)            \
data/krb5-1.18.3/src/include/CredentialsCache.h:1475:60:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    ((ccache) -> functions -> compare (ccache, compare_to, equal))
data/krb5-1.18.3/src/include/CredentialsCache.h:1497:65:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
#define         cc_credentials_compare(credentials, compare_to, equal)  \
data/krb5-1.18.3/src/include/CredentialsCache.h:1498:70:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    ((credentials) -> functions -> compare (credentials, compare_to, equal))
data/krb5-1.18.3/src/include/k5-int.h:676:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        zap(str, strlen((char *)str));
data/krb5-1.18.3/src/include/k5-int.h:2253:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return (d.length == strlen(s) && (d.length == 0 ||
data/krb5-1.18.3/src/include/k5-int.h:2277:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return make_data(str, strlen(str));
data/krb5-1.18.3/src/include/k5-tls.h:100:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    k5_tls_read_fn read;
data/krb5-1.18.3/src/include/port-sockets.h:221:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define SOCKET_READ             read
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1021:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        KRB5_TL_DB_ARGS, strlen(argv[i]) + 1,
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1187:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = strlen(buf); i < sz - 1; i++)
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1593:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        } else if (strlen(argv[i]) == 11 &&
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1600:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        } else if (strlen(argv[i]) == 21 &&
data/krb5-1.18.3/src/kadmin/cli/kadmin.c:1610:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        } else if (strlen(argv[i]) == 16 &&
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:268:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (rmatch.rm_so == 0 && (size_t)rmatch.rm_eo == strlen(name))
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:282:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (loc1 == name && loc2 == &name[strlen(name)])
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:381:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (unsigned long)strlen(name), counter, (int)entry->n_key_data,
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:527:13:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        c = fgetc(f);
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:558:15:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((ch = fgetc(f)) != ';' || (ch = fgetc(f)) != '\n') {
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:558:41:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((ch = fgetc(f)) != ';' || (ch = fgetc(f)) != '\n') {
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:563:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            ch = fgetc(f);
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:838:13:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    nread = fscanf(filep, "%1023s\t%u\t%u\t%u\t%u\t%u\t%u", rec.name,
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:875:13:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    nread = fscanf(filep, "%1023s\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u",
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:921:13:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    nread = fscanf(filep, "%1023s\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u",
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:934:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    c = getc(filep);
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:994:13:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    nread = fscanf(filep, "%99s\t", rectype);
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:1105:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    nread = sscanf(buf, "%127s %u %u %u %u", head, &u[0], &u[1], &u[2], &u[3]);
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:1364:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (dump->header[strlen(dump->header)-1] != '\n')
data/krb5-1.18.3/src/kadmin/dbutil/dump.c:1491:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncmp(buf, load->header, strlen(load->header)) != 0) {
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_create.c:199:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    krb5_princ_set_realm_length(util_context, &db_create_princ, strlen(global_params.realm));
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_create.c:201:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    krb5_princ_set_realm_length(util_context, &tgt_princ, strlen(global_params.realm));
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_create.c:203:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    krb5_princ_component(util_context, &tgt_princ,1)->length = strlen(global_params.realm);
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_create.c:232:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pwd.length = strlen(mkey_password);
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_create.c:369:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pwd.length = strlen(mkey_password);
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:277:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pwd.length = strlen(new_mkey_password);
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:692:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (glob[strlen(glob)-1] == '\\')
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_mkey.c:699:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0));
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_util.c:327:12:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    (void) umask(077);
data/krb5-1.18.3/src/kadmin/dbutil/kdb5_util.c:411:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pwd.length = strlen(mkey_password);
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:140:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:144:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:149:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:153:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) {
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:157:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) {
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:161:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-s", 2)) {
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:165:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-f", 2))
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:213:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) {
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:217:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
data/krb5-1.18.3/src/kadmin/ktutil/ktutil.c:221:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
data/krb5-1.18.3/src/kadmin/ktutil/ktutil_funcs.c:228:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf[strlen(buf) - 1] = strlen(buf) % 2 ? '\0' : '0';
data/krb5-1.18.3/src/kadmin/ktutil/ktutil_funcs.c:228:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf[strlen(buf) - 1] = strlen(buf) % 2 ? '\0' : '0';
data/krb5-1.18.3/src/kadmin/ktutil/ktutil_funcs.c:229:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(buf) == 0) {
data/krb5-1.18.3/src/kadmin/server/auth_acl.c:133:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k5_buf_truncate(&buf, old_len + strlen(p));
data/krb5-1.18.3/src/kadmin/server/auth_acl.c:343:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    end = copy + strlen(copy);
data/krb5-1.18.3/src/kadmin/server/kadm_rpc_svc.c:359:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
     strncat(str, gss_str->value, gss_str->length);
data/krb5-1.18.3/src/kadmin/server/misc.c:102:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(errstr) + strlen(time_string) < msg_len) {
data/krb5-1.18.3/src/kadmin/server/misc.c:102:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(errstr) + strlen(time_string) < msg_len) {
data/krb5-1.18.3/src/kadmin/server/misc.c:103:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
data/krb5-1.18.3/src/kadmin/server/misc.c:146:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                  strlen(server_handle->params.realm),
data/krb5-1.18.3/src/kadmin/server/ovsec_kadmd.c:494:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    in_buf.length = strlen(names[1].name) + 1;
data/krb5-1.18.3/src/kadmin/server/schpw.c:121:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ret = krb5_build_principal(context, &changepw, strlen(realm), realm,
data/krb5-1.18.3/src/kadmin/server/schpw.c:222:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    clen = strlen(clientstr);
data/krb5-1.18.3/src/kadmin/server/schpw.c:268:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            tlen = strlen(targetstr);
data/krb5-1.18.3/src/kadmin/server/schpw.c:308:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ret = alloc_data(&clear, 2 + strlen(strresult));
data/krb5-1.18.3/src/kadmin/server/schpw.c:317:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(ptr, strresult, strlen(strresult));
data/krb5-1.18.3/src/kadmin/server/schpw.c:369:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   strlen(realm), realm,
data/krb5-1.18.3/src/kadmin/server/server_stubs.c:43:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    int equal;
data/krb5-1.18.3/src/kadmin/server/server_stubs.c:45:52:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    if (GSS_ERROR(gss_compare_name(&emin, n1, n2, &equal)))
data/krb5-1.18.3/src/kadmin/server/server_stubs.c:48:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    return(equal);
data/krb5-1.18.3/src/kadmin/server/server_stubs.c:385:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tlen = strlen(target);
data/krb5-1.18.3/src/kadmin/server/server_stubs.c:416:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tlen = strlen(target);
data/krb5-1.18.3/src/kadmin/server/server_stubs.c:648:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tlen1 = strlen(prime_arg1);
data/krb5-1.18.3/src/kadmin/server/server_stubs.c:650:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tlen2 = strlen(prime_arg2);
data/krb5-1.18.3/src/kadmin/testing/util/tcl_kadm5.c:944:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (tl->tl_data_length != strlen(argv1[2])) {
data/krb5-1.18.3/src/kdc/do_tgs_req.c:883:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    errpkt.text.length = strlen(status);
data/krb5-1.18.3/src/kdc/do_tgs_req.c:1083:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(item);
data/krb5-1.18.3/src/kdc/kdc_transit.c:62:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l1 = strlen(r1);
data/krb5-1.18.3/src/kdc/kdc_transit.c:63:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l2 = strlen(r2);
data/krb5-1.18.3/src/kdc/kdc_transit.c:181:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bufsize = strlen(realm) + strlen(otrans) + 3;
data/krb5-1.18.3/src/kdc/kdc_transit.c:181:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bufsize = strlen(realm) + strlen(otrans) + 3;
data/krb5-1.18.3/src/kdc/kdc_transit.c:220:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    added = (krb5_princ_realm(kdc_context, client)->length == strlen(realm) &&
data/krb5-1.18.3/src/kdc/kdc_transit.c:221:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             !strncmp(krb5_princ_realm(kdc_context, client)->data, realm, strlen(realm))) ||
data/krb5-1.18.3/src/kdc/kdc_transit.c:222:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (krb5_princ_realm(kdc_context, server)->length == strlen(realm) &&
data/krb5-1.18.3/src/kdc/kdc_transit.c:223:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         !strncmp(krb5_princ_realm(kdc_context, server)->data, realm, strlen(realm)));
data/krb5-1.18.3/src/kdc/kdc_transit.c:229:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        clst = strlen(current) - 1;
data/krb5-1.18.3/src/kdc/kdc_transit.c:231:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(exp, current+1, sizeof(exp) - 1);
data/krb5-1.18.3/src/kdc/kdc_transit.c:235:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(exp, prev, sizeof(exp) - 1);
data/krb5-1.18.3/src/kdc/kdc_transit.c:237:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(exp) + strlen(current) + 1 >= MAX_REALM_LN) {
data/krb5-1.18.3/src/kdc/kdc_transit.c:237:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(exp) + strlen(current) + 1 >= MAX_REALM_LN) {
data/krb5-1.18.3/src/kdc/kdc_transit.c:241:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
            strncat(exp, current, sizeof(exp) - 1 - strlen(exp));
data/krb5-1.18.3/src/kdc/kdc_transit.c:241:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncat(exp, current, sizeof(exp) - 1 - strlen(exp));
data/krb5-1.18.3/src/kdc/kdc_transit.c:244:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(exp, current, sizeof(exp) - 1);
data/krb5-1.18.3/src/kdc/kdc_transit.c:246:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(exp) + strlen(prev) + 1 >= MAX_REALM_LN) {
data/krb5-1.18.3/src/kdc/kdc_transit.c:246:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(exp) + strlen(prev) + 1 >= MAX_REALM_LN) {
data/krb5-1.18.3/src/kdc/kdc_transit.c:250:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
            strncat(exp, prev, sizeof(exp) - 1 - strlen(exp));
data/krb5-1.18.3/src/kdc/kdc_transit.c:250:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncat(exp, prev, sizeof(exp) - 1 - strlen(exp));
data/krb5-1.18.3/src/kdc/kdc_transit.c:253:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(exp, current, sizeof(exp) - 1);
data/krb5-1.18.3/src/kdc/kdc_transit.c:302:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(current) + (pl>0?pl:-pl) + 2 >= MAX_REALM_LN) {
data/krb5-1.18.3/src/kdc/kdc_transit.c:306:17:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
                strncat(current, ",", sizeof(current) - 1 - strlen(current));
data/krb5-1.18.3/src/kdc/kdc_transit.c:306:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strncat(current, ",", sizeof(current) - 1 - strlen(current));
data/krb5-1.18.3/src/kdc/kdc_transit.c:308:21:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                    strncat(current, realm, (unsigned) pl);
data/krb5-1.18.3/src/kdc/kdc_transit.c:311:21:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                    strncat(current, realm+strlen(realm)+pl, (unsigned) (-pl));
data/krb5-1.18.3/src/kdc/kdc_transit.c:311:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strncat(current, realm+strlen(realm)+pl, (unsigned) (-pl));
data/krb5-1.18.3/src/kdc/kdc_transit.c:329:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (strlen(current) + (pl1>0?pl1:-pl1) + 1 >= MAX_REALM_LN) {
data/krb5-1.18.3/src/kdc/kdc_transit.c:334:25:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                        strncat(current, realm, (unsigned) pl1);
data/krb5-1.18.3/src/kdc/kdc_transit.c:337:25:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                        strncat(current, realm+strlen(realm)+pl1, (unsigned) (-pl1));
data/krb5-1.18.3/src/kdc/kdc_transit.c:337:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strncat(current, realm+strlen(realm)+pl1, (unsigned) (-pl1));
data/krb5-1.18.3/src/kdc/kdc_transit.c:342:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        if (strlen(current) + 2 >= MAX_REALM_LN) {
data/krb5-1.18.3/src/kdc/kdc_transit.c:346:25:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
                        strncat(current, " ", sizeof(current) - 1 - strlen(current));
data/krb5-1.18.3/src/kdc/kdc_transit.c:346:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strncat(current, " ", sizeof(current) - 1 - strlen(current));
data/krb5-1.18.3/src/kdc/kdc_transit.c:349:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (strlen(current) + strlen(realm) + 1 >= MAX_REALM_LN) {
data/krb5-1.18.3/src/kdc/kdc_transit.c:349:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (strlen(current) + strlen(realm) + 1 >= MAX_REALM_LN) {
data/krb5-1.18.3/src/kdc/kdc_transit.c:353:21:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                    strncat(current, realm, sizeof(current) - 1 - strlen(current));
data/krb5-1.18.3/src/kdc/kdc_transit.c:353:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strncat(current, realm, sizeof(current) - 1 - strlen(current));
data/krb5-1.18.3/src/kdc/kdc_transit.c:356:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(current) + (pl>0?pl:-pl) + 2 >= MAX_REALM_LN) {
data/krb5-1.18.3/src/kdc/kdc_transit.c:360:17:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
                strncat(current,",", sizeof(current) - 1 - strlen(current));
data/krb5-1.18.3/src/kdc/kdc_transit.c:360:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strncat(current,",", sizeof(current) - 1 - strlen(current));
data/krb5-1.18.3/src/kdc/kdc_transit.c:363:21:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                    strncat(current, exp, (unsigned) pl);
data/krb5-1.18.3/src/kdc/kdc_transit.c:366:21:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                    strncat(current, exp+strlen(exp)+pl, (unsigned)(-pl));
data/krb5-1.18.3/src/kdc/kdc_transit.c:366:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strncat(current, exp+strlen(exp)+pl, (unsigned)(-pl));
data/krb5-1.18.3/src/kdc/kdc_transit.c:381:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        new_trans->length = strlen(trans);
data/krb5-1.18.3/src/kdc/kdc_transit.c:383:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(prev, exp, sizeof(prev) - 1);
data/krb5-1.18.3/src/kdc/kdc_transit.c:385:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(current, next, sizeof(current) - 1);
data/krb5-1.18.3/src/kdc/kdc_transit.c:406:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        new_trans->length = strlen(trans);
data/krb5-1.18.3/src/kdc/kdc_util.c:1060:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(name) < NAME_LENGTH_LIMIT)
data/krb5-1.18.3/src/kdc/main.c:112:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((rsize == strlen(kdc_realmlist[i]->realm_name)) &&
data/krb5-1.18.3/src/kdc/main.c:405:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     strlen(realm), realm, KRB5_TGS_NAME,
data/krb5-1.18.3/src/kdc/main.c:720:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (!find_realm_data(&shandle, optarg, (krb5_ui_4) strlen(optarg))) {
data/krb5-1.18.3/src/kdc/rtest.c:47:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(!(dat = (char *) malloc(strlen(str)))) {
data/krb5-1.18.3/src/kdc/rtest.c:51:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(dat, str, strlen(str));
data/krb5-1.18.3/src/kdc/rtest.c:53:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    krb5_princ_set_realm_length(ctx, ret, strlen(str));
data/krb5-1.18.3/src/kdc/rtest.c:83:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    otrans.length = strlen(argv[1]);
data/krb5-1.18.3/src/kprop/kprop.c:458:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((n = read(database_fd, buf, sizeof(buf)))) {
data/krb5-1.18.3/src/kprop/kprop.c:563:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    error.text.length = strlen(text) + 1;
data/krb5-1.18.3/src/kprop/kprop_util.c:96:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ret = krb5_build_principal(context, princ_out, strlen(realm), realm, sname,
data/krb5-1.18.3/src/kprop/kpropd.c:215:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    write(STDERR_FILENO, timeout_msg, strlen(timeout_msg));
data/krb5-1.18.3/src/kprop/kpropd.c:545:13:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    omask = umask(077);
data/krb5-1.18.3/src/kprop/kpropd.c:547:11:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    (void)umask(omask);
data/krb5-1.18.3/src/kprop/kpropd.c:1309:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        end = strlen(buf) - 1;
data/krb5-1.18.3/src/kprop/kpropd.c:1312:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!strncmp(name, buf, strlen(name))) {
data/krb5-1.18.3/src/kprop/kpropd.c:1313:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ptr = buf + strlen(name);
data/krb5-1.18.3/src/kprop/kpropd.c:1481:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    error.text.length = strlen(text) + 1;
data/krb5-1.18.3/src/kprop/kproplog.c:373:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(dbprinc, upd.kdb_princ_name.utf8str_t_val,
data/krb5-1.18.3/src/lib/apputils/net-server.c:107:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        unsigned int len = sizeof(buf) - strlen(buf);
data/krb5-1.18.3/src/lib/apputils/net-server.c:108:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char *p = buf + strlen(buf);
data/krb5-1.18.3/src/lib/apputils/net-server.c:109:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (len > 2+strlen(portbuf)) {
data/krb5-1.18.3/src/lib/apputils/net-server.c:112:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(p, portbuf, len);
data/krb5-1.18.3/src/lib/apputils/net-server.c:1177:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p += strlen(p);
data/krb5-1.18.3/src/lib/apputils/net-server.c:1178:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((size_t)(end - p) > 2 + strlen(tmpbuf)) {
data/krb5-1.18.3/src/lib/apputils/net-server.c:1487:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            p += strlen(p);
data/krb5-1.18.3/src/lib/apputils/net-server.c:1488:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((size_t)(end - p) > 2 + strlen(tmpbuf)) {
data/krb5-1.18.3/src/lib/crypto/builtin/des/destest.c:83:12:  [1] (buffer) scanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    while (scanf("%16s %16s %16s", block1, block2, block3) == 3) {
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:278:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    in_length =  strlen((char *)input);
data/krb5-1.18.3/src/lib/crypto/builtin/des/t_verify.c:320:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    mit_des_cbc_cksum(input,cipher_text, strlen((char *)input),
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cf2.c:61:13:  [1] (buffer) scanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        if (scanf("%1024s", &s[0]) == EOF)
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cf2.c:66:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        s2k.length = strlen(s);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cf2.c:69:13:  [1] (buffer) scanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        if (scanf("%1024s", &s[0]) == EOF)
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cf2.c:74:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        s2k.length = strlen(s);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cf2.c:77:13:  [1] (buffer) scanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        if (scanf("%1024s %1024s", pepper1, pepper2) == EOF)
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_cksums.c:174:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            printf("\n%*s", (int)strlen(head), "");
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_decrypt.c:518:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            printf("\n%*s", (int)strlen(head), "");
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_derive.c:278:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            printf("\n%*s", (int)strlen(head), "");
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_encrypt.c:106:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    in.length = strlen (in.data);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_encrypt.c:108:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    in2.length = strlen (in2.data);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_encrypt.c:189:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            signdata.length = strlen(signdata.data);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mdcksum.c:110:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pwdata.length = strlen(pwd);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mdcksum.c:135:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   strlen(argv[msgindex]),
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mdcksum.c:145:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen(argv[msgindex]),
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mdcksum.c:156:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen(argv[msgindex]),
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mdcksum.c:166:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen(argv[msgindex]),
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mdcksum.c:178:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     strlen(argv[msgindex]),
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mdcksum.c:189:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     strlen(argv[msgindex]),
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mddriver.c:158:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MDHash (string, strlen(string), 1, digest);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_mddriver.c:209:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        unsigned int len = strlen (entry->string);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:43:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printhex (strlen ((const char *) p), p);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:80:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        krb5int_nfold (8 * strlen ((char *) p), p, tests[i].n, outbuf);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:137:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]),
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_nfold.c:140:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        krb5int_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8,
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_pkcs5.c:77:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pass.length = strlen(pass.data);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_pkcs5.c:79:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        salt.length = strlen(salt.data);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/t_str2key.c:450:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            printf("\n%*s", (int)strlen(head), "");
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:53:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
static void printstringhex (const char *p) { printhex (strlen (p), p); }
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:83:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        krb5int_nfold (8 * strlen (p), p, tests[i].n, outbuf);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:128:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pd.length = strlen (p);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:130:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sd.length = strlen (s);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:133:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        assert (strlen (s) + 4 < sizeof (buf));
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:136:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        printhex (strlen(s), s);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:139:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        printhex (strlen(p), p);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:172:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pd.length = strlen (p);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:174:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sd.length = strlen (s);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:178:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        assert (strlen (s) + 4 < sizeof (buf));
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:181:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        printhex (strlen(s), s);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:184:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        printhex (strlen(p), p);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:422:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pass.length = strlen(pass.data);
data/krb5-1.18.3/src/lib/crypto/crypto_tests/vectors.c:424:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        salt.length = strlen(salt.data);
data/krb5-1.18.3/src/lib/crypto/krb/enctype_util.c:153:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(ktp->aliases[i]) < strlen(name))
data/krb5-1.18.3/src/lib/crypto/krb/enctype_util.c:153:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(ktp->aliases[i]) < strlen(name))
data/krb5-1.18.3/src/lib/crypto/krb/prng.c:85:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        count = read(fd, bp, left);
data/krb5-1.18.3/src/lib/crypto/krb/prng_device.c:84:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        count = read(fd, buf, len);
data/krb5-1.18.3/src/lib/gssapi/generic/disp_major_status.c:119:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buffer->length = strlen(str);
data/krb5-1.18.3/src/lib/gssapi/generic/gssapi_alloc.h:122:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t size = strlen(str)+1;
data/krb5-1.18.3/src/lib/gssapi/generic/util_buffer.c:40:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buffer->length = strlen(str);
data/krb5-1.18.3/src/lib/gssapi/krb5/export_name.c:62:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(str);
data/krb5-1.18.3/src/lib/gssapi/krb5/gssapi_krb5.c:779:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    localname->length = strlen(lname);
data/krb5-1.18.3/src/lib/gssapi/krb5/import_name.c:275:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(tmp2, (char *)cp, length);
data/krb5-1.18.3/src/lib/gssapi/krb5/inq_cred.c:286:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    rep.length = strlen(impersonator);
data/krb5-1.18.3/src/lib/gssapi/krb5/krb5_gss_glue.c:290:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    req_buffer.length = (keytab == NULL) ? 0 : strlen(keytab);
data/krb5-1.18.3/src/lib/gssapi/krb5/naming_exts.c:610:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    princlen = strlen(princstr);
data/krb5-1.18.3/src/lib/gssapi/krb5/rel_cred.c:81:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        zapfree(cred->password, strlen(cred->password));
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_authorize_localname.c:215:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	userBuf.length = strlen(user);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_dsp_status.c:93:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	status_string->length = strlen(status_string->value);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_dsp_status.c:355:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	outStr->length = strlen(errStr);
data/krb5-1.18.3/src/lib/gssapi/mechglue/g_initialize.c:1504:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	oidBuf.length = strlen(oid);
data/krb5-1.18.3/src/lib/gssapi/spnego/spnego_mech.c:1228:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const size_t hintname_len = strlen(hintname);
data/krb5-1.18.3/src/lib/gssapi/spnego/spnego_mech.c:3829:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buffer.length = strlen(name)+1;
data/krb5-1.18.3/src/lib/kadm5/alt_prof.c:287:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_size = strlen(values[0]) + 3;
data/krb5-1.18.3/src/lib/kadm5/alt_prof.c:289:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf_size += strlen(values[idx]) + 3;
data/krb5-1.18.3/src/lib/kadm5/alt_prof.c:870:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(canonhost) + sizeof("kadmin/") > maxlen) {
data/krb5-1.18.3/src/lib/kadm5/chpass_util.c:93:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH),
data/krb5-1.18.3/src/lib/kadm5/chpass_util.c:110:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(msg_ret, string_text(CHPASS_UTIL_NO_PASSWORD_READ), msg_len - 1);
data/krb5-1.18.3/src/lib/kadm5/chpass_util.c:127:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_CHANGED), msg_len - 1);
data/krb5-1.18.3/src/lib/kadm5/chpass_util.c:146:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_REUSE), msg_len - 1);
data/krb5-1.18.3/src/lib/kadm5/chpass_util.c:152:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_IN_DICTIONARY),
data/krb5-1.18.3/src/lib/kadm5/chpass_util.c:222:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
data/krb5-1.18.3/src/lib/kadm5/clnt/client_init.c:387:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(svcname, svcname_in, sizeof(svcname));
data/krb5-1.18.3/src/lib/kadm5/kadm_rpc_xdr.c:50:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       size = strlen(*objp) + 1;
data/krb5-1.18.3/src/lib/kadm5/logger.c:299:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                for (cp2 = &logging_specs[i][strlen(logging_specs[i])-1];
data/krb5-1.18.3/src/lib/kadm5/logger.c:675:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    syslogp = &outbuf[strlen(outbuf)];
data/krb5-1.18.3/src/lib/kadm5/srv/pwqual_dict.c:126:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(fd, dict->word_block, sb.st_size) != sb.st_size)
data/krb5-1.18.3/src/lib/kadm5/srv/pwqual_dict.c:144:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p += strlen(p) + 1;
data/krb5-1.18.3/src/lib/kadm5/srv/pwqual_hesiod.c:46:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(str);
data/krb5-1.18.3/src/lib/kadm5/srv/server_misc.c:82:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(password) < (size_t)pol->pw_min_length)
data/krb5-1.18.3/src/lib/kadm5/srv/svr_iters.c:80:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (glob[strlen(glob)-1] == '\\')
data/krb5-1.18.3/src/lib/kadm5/srv/svr_iters.c:87:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0));
data/krb5-1.18.3/src/lib/kadm5/srv/svr_policy.c:72:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(entry->policy) == 0)
data/krb5-1.18.3/src/lib/kadm5/srv/svr_policy.c:187:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(name) == 0)
data/krb5-1.18.3/src/lib/kadm5/srv/svr_policy.c:259:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(entry->policy) == 0)
data/krb5-1.18.3/src/lib/kadm5/srv/svr_policy.c:373:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(name) == 0)
data/krb5-1.18.3/src/lib/kadm5/srv/svr_principal.c:1292:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (krb5_net_write (context, data_pipe[1], buffer, strlen (buffer)) < 0
data/krb5-1.18.3/src/lib/kadm5/unit-test/lock-test.c:88:13:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            getchar();
data/krb5-1.18.3/src/lib/kdb/kdb5.c:965:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        upd->kdb_princ_name.utf8str_t_len = strlen(princ_name);
data/krb5-1.18.3/src/lib/kdb/kdb5.c:1012:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    upd.kdb_princ_name.utf8str_t_len = strlen(princ_name);
data/krb5-1.18.3/src/lib/kdb/kdb5.c:1563:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
data/krb5-1.18.3/src/lib/kdb/kdb5.c:2167:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                k5_buf_add_len(&buf, mapkey, strlen(mapkey) + 1);
data/krb5-1.18.3/src/lib/kdb/kdb5.c:2168:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                k5_buf_add_len(&buf, value, strlen(value) + 1);
data/krb5-1.18.3/src/lib/kdb/kdb5.c:2172:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            k5_buf_add_len(&buf, mapkey, strlen(mapkey) + 1);
data/krb5-1.18.3/src/lib/kdb/kdb5.c:2173:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            k5_buf_add_len(&buf, mapval, strlen(mapval) + 1);
data/krb5-1.18.3/src/lib/kdb/kdb5.c:2179:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k5_buf_add_len(&buf, key, strlen(key) + 1);
data/krb5-1.18.3/src/lib/kdb/kdb5.c:2180:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k5_buf_add_len(&buf, value, strlen(value) + 1);
data/krb5-1.18.3/src/lib/kdb/kdb_convert.c:240:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(d->data, u.utf8str_t_val, d->length);
data/krb5-1.18.3/src/lib/kdb/kdb_convert.c:579:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(dbprincstr, (char *)update->kdb_princ_name.utf8str_t_val,
data/krb5-1.18.3/src/lib/kdb/kdb_default.c:369:16:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        (void) strncpy(keyfile, db_args, sizeof(keyfile));
data/krb5-1.18.3/src/lib/krad/attr.c:148:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    seclen = strlen(secret);
data/krb5-1.18.3/src/lib/krad/attr.c:198:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    seclen = strlen(secret);
data/krb5-1.18.3/src/lib/krad/packet.c:179:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    retval = alloc_data(&data, response->pkt.length + strlen(secret));
data/krb5-1.18.3/src/lib/krad/packet.c:187:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(data.data + response->pkt.length, secret, strlen(secret));
data/krb5-1.18.3/src/lib/krad/t_attr.c:69:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    insist(len == strlen(decoded));
data/krb5-1.18.3/src/lib/krad/t_attrset.c:70:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    encoded[len + 1] = strlen(username) + 2;
data/krb5-1.18.3/src/lib/krad/t_attrset.c:71:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(encoded + len + 2, username, strlen(username));
data/krb5-1.18.3/src/lib/krad/t_daemon.h:77:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(fds[0], buf, 1) != 1 || *buf != '~')
data/krb5-1.18.3/src/lib/krb5/ccache/cc_dir.c:163:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(buf);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_file.c:1089:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    rwret = read(fd, on_disk, expected.len);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_kcm.c:120:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k5_buf_add_len(&req->reqbuf, name, strlen(name) + 1);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_kcm.c:902:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(defname) > 4)
data/krb5-1.18.3/src/lib/krb5/ccache/cc_kcm.c:946:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    k5_buf_add_len(&req.reqbuf, name, strlen(name) + 1);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_keyring.c:437:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return alen == legacy_len && clen == strlen(sname) &&
data/krb5-1.18.3/src/lib/krb5/ccache/cc_keyring.c:539:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    uint32_t len = strlen(subsidiary_name), plen = 8 + len;
data/krb5-1.18.3/src/lib/krb5/ccache/cc_keyring.c:1602:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    keytypelen = strlen(keytype);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_memory.c:243:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (k5_hashtab_remove(mcc_hashtab, d->name, strlen(d->name)))
data/krb5-1.18.3/src/lib/krb5/ccache/cc_memory.c:294:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    d = k5_hashtab_get(mcc_hashtab, residual, strlen(residual));
data/krb5-1.18.3/src/lib/krb5/ccache/cc_memory.c:479:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (k5_hashtab_add(mcc_hashtab, d->name, strlen(d->name), d) != 0) {
data/krb5-1.18.3/src/lib/krb5/ccache/cc_memory.c:532:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(uniquename)) == NULL)
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:192:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        msprinc->Length = strlen(aname) * sizeof(WCHAR);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:211:5:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    wcsncpy(realmbuf, realm->Buffer, realm->Length / sizeof(WCHAR));
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:215:5:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    wcsncpy(princbuf, service->Buffer, service->Length/sizeof(WCHAR));
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:217:5:  [1] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant
  character.
    wcscat(princbuf, L"@");
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:236:9:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        wcsncpy(tmpbuf, msprinc->Names[i].Buffer,
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:240:13:  [1] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant
  character.
            wcscat(princbuf, L"/");
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:243:5:  [1] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant
  character.
    wcscat(princbuf, L"@");
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:335:5:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    wcsncpy(wrealm, ClientRealm.Buffer, ClientRealm.Length/sizeof(WCHAR));
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:341:5:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    wcsncpy(wrealm, msticket->DomainName.Buffer,
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:412:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    Name.Length = strlen(Name.Buffer);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:581:27:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    TargetPrefix.Length = wcslen(TargetPrefix.Buffer) * sizeof(WCHAR);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:692:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pPurgeRequest->TicketTemplate.ClientName.Length = strlen(cname)*sizeof(WCHAR);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:698:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pPurgeRequest->TicketTemplate.ClientRealm.Length = strlen(crealm)*sizeof(WCHAR);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:704:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pPurgeRequest->TicketTemplate.ServerName.Length = strlen(sname)*sizeof(WCHAR);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:710:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pPurgeRequest->TicketTemplate.ServerRealm.Length = strlen(srealm)*sizeof(WCHAR);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:994:30:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            wrapper.Length = wcslen(UnicodeUserDnsDomain) * sizeof(WCHAR);
data/krb5-1.18.3/src/lib/krb5/ccache/cc_mslsa.c:1561:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    data->cc_name = (char *)malloc(strlen(residual)+1);
data/krb5-1.18.3/src/lib/krb5/ccache/ccapi/stdcc.c:410:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((residual == NULL) || (strlen(residual) == 0)) {
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:342:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read(fd, filebuf, t->headerlen) != (ssize_t)t->headerlen)
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:345:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read(fd, filebuf, t->princlen) != (ssize_t)t->princlen)
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:348:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read(fd, filebuf, t->cred1len) != (ssize_t)t->cred1len)
data/krb5-1.18.3/src/lib/krb5/ccache/t_marshal.c:351:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read(fd, filebuf, t->cred2len) != (ssize_t)t->cred2len)
data/krb5-1.18.3/src/lib/krb5/keytab/ktfns.c:70:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        princ_data.realm.length = strlen(realm);
data/krb5-1.18.3/src/lib/krb5/keytab/read_servi.c:65:16:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        (void) strncpy(keytabname, (char *)keyprocarg,
data/krb5-1.18.3/src/lib/krb5/keytab/t_keytab.c:77:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name = malloc(strlen(defname));
data/krb5-1.18.3/src/lib/krb5/keytab/t_keytab.c:82:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    kret = krb5_kt_default_name(context, name, strlen(defname));
data/krb5-1.18.3/src/lib/krb5/keytab/t_keytab.c:117:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = malloc(strlen(buf));
data/krb5-1.18.3/src/lib/krb5/keytab/t_keytab.c:122:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    kret = krb5_kt_get_name(context, kt, p, strlen(buf));
data/krb5-1.18.3/src/lib/krb5/krb/authdata.c:180:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size = sizeof(krb5_int32) /* namelen */ + strlen(module->name);
data/krb5-1.18.3/src/lib/krb5/krb/authdata.c:239:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        namelen = strlen(module->name);
data/krb5-1.18.3/src/lib/krb5/krb/authdata.c:981:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name = make_data((char *)module_name, strlen(module_name));
data/krb5-1.18.3/src/lib/krb5/krb/authdata.c:1008:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name = make_data((char *)module_name, strlen(module_name));
data/krb5-1.18.3/src/lib/krb5/krb/bld_princ.c:60:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            data[count].length = strlen(component);
data/krb5-1.18.3/src/lib/krb5/krb/chk_trans.c:393:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    crealm.length = strlen(argv[1]);
data/krb5-1.18.3/src/lib/krb5/krb/chk_trans.c:395:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    srealm.length = strlen(argv[2]);
data/krb5-1.18.3/src/lib/krb5/krb/chk_trans.c:397:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    transit.length = strlen(argv[3]);
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:222:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(tmp_prealm, compo->data, compo->length);
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:238:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(realm, compo->data, compo->length);
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:241:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            tmp_realm_len =  strlen(tmp_realm);
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:246:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(realm, tmp_realm, tmp_realm_len);
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:333:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(buf, instance, sizeof(buf));
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:342:21:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
                    strncat(buf, ".", sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:342:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strncat(buf, ".", sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:343:21:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                    strncat(buf, domain, sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:343:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strncat(buf, domain, sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/krb5/krb/conv_princ.c:352:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    retval = krb5_build_principal(context, princ, strlen(realm), realm, name,
data/krb5-1.18.3/src/lib/krb5/krb/deltat.c:822:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/krb5-1.18.3/src/lib/krb5/krb/get_in_tkt.c:1035:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen(KRB5_WELLKNOWN_NAMESTR),
data/krb5-1.18.3/src/lib/krb5/krb/get_in_tkt.c:1037:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen(KRB5_ANONYMOUS_PRINCSTR),
data/krb5-1.18.3/src/lib/krb5/krb/get_in_tkt.c:1677:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            config_data.length = strlen(config_data.data);
data/krb5-1.18.3/src/lib/krb5/krb/gic_pwd.c:60:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ret = alloc_data(&gp->storage, strlen(rpass));
data/krb5-1.18.3/src/lib/krb5/krb/gic_pwd.c:63:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy(gp->storage.data, rpass, strlen(rpass));
data/krb5-1.18.3/src/lib/krb5/krb/gic_pwd.c:468:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (message != NULL && strlen(message) > (sizeof(banner) - 100))
data/krb5-1.18.3/src/lib/krb5/krb/libdef_parse.c:79:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(realmstr, realm->data, realm->length);
data/krb5-1.18.3/src/lib/krb5/krb/plugin.c:152:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return make_plugin_mapping(context, modname, strlen(modname), dyn_path,
data/krb5-1.18.3/src/lib/krb5/krb/preauth_otp.c:458:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (ti->length >= 0 && strlen(otpvalue) != (size_t)ti->length)
data/krb5-1.18.3/src/lib/krb5/krb/preauth_otp.c:598:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pin = make_data(strdup(otppin), strlen(otppin));
data/krb5-1.18.3/src/lib/krb5/krb/preauth_otp.c:798:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    value = make_data(strdup(otpvalue), strlen(otpvalue));
data/krb5-1.18.3/src/lib/krb5/krb/preauth_sam2.c:38:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          ((((kdata.length)<=(maxsize))?(kdata.length):strlen(str))):   \
data/krb5-1.18.3/src/lib/krb5/krb/preauth_sam2.c:39:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          strlen(str)),                                                 \
data/krb5-1.18.3/src/lib/krb5/krb/princ_comp.c:146:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assert(strlen(KRB5_REFERRAL_REALM)==0);
data/krb5-1.18.3/src/lib/krb5/krb/recvauth.c:80:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        d = make_data((char *)sendauth_version, strlen(sendauth_version) + 1);
data/krb5-1.18.3/src/lib/krb5/krb/recvauth.c:98:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        d = make_data(appl_version, strlen(appl_version) + 1);
data/krb5-1.18.3/src/lib/krb5/krb/recvauth.c:169:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        error.text.length  = strlen(message) + 1;
data/krb5-1.18.3/src/lib/krb5/krb/s4u_authdata.c:320:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    value->length = strlen(value->data);
data/krb5-1.18.3/src/lib/krb5/krb/s4u_authdata.c:329:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        display_value->length = strlen(display_value->data);
data/krb5-1.18.3/src/lib/krb5/krb/sendauth.c:63:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    outbuf[0].length = strlen(sendauth_version) + 1;
data/krb5-1.18.3/src/lib/krb5/krb/sendauth.c:65:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    outbuf[1].length = strlen(appl_version) + 1;
data/krb5-1.18.3/src/lib/krb5/krb/ser_ctx.c:82:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            required += strlen(context->default_realm);
data/krb5-1.18.3/src/lib/krb5/krb/ser_ctx.c:127:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               (krb5_int32) strlen(context->default_realm) : 0,
data/krb5-1.18.3/src/lib/krb5/krb/ser_ctx.c:135:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   strlen(context->default_realm),
data/krb5-1.18.3/src/lib/krb5/krb/ser_princ.c:46:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *sizep += (3*sizeof(krb5_int32)) + strlen(fname);
data/krb5-1.18.3/src/lib/krb5/krb/ser_princ.c:72:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (void) krb5_ser_pack_int32((krb5_int32) strlen(fname),
data/krb5-1.18.3/src/lib/krb5/krb/ser_princ.c:75:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                           strlen(fname), &bp, &remain);
data/krb5-1.18.3/src/lib/krb5/krb/set_realm.c:39:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(realm);
data/krb5-1.18.3/src/lib/krb5/krb/strptime.c:164:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(_ctloc(day[i]));
data/krb5-1.18.3/src/lib/krb5/krb/strptime.c:169:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(_ctloc(abday[i]));
data/krb5-1.18.3/src/lib/krb5/krb/strptime.c:188:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(_ctloc(mon[i]));
data/krb5-1.18.3/src/lib/krb5/krb/strptime.c:193:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(_ctloc(abmon[i]));
data/krb5-1.18.3/src/lib/krb5/krb/strptime.c:273:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				bp += strlen(_ctloc(am_pm[0]));
data/krb5-1.18.3/src/lib/krb5/krb/strptime.c:282:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				bp += strlen(_ctloc(am_pm[1]));
data/krb5-1.18.3/src/lib/krb5/krb/t_walk_rtree.c:29:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    client.length = strlen(client.data);
data/krb5-1.18.3/src/lib/krb5/krb/t_walk_rtree.c:32:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    server.length = strlen(server.data);
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:99:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      strlen(name_buf)+1) != ERROR_SUCCESS) {
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:155:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(buffer, dir, buf_len);
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:158:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(buffer, APPEND_KRB5CC, buf_len-strlen(buffer));
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:158:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncat(buffer, APPEND_KRB5CC, buf_len-strlen(buffer));
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:190:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(name_buf, prefix, name_size - 1);
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:192:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size = name_size - strlen(prefix);
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:194:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(name_buf, ":");
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:198:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(p, "krb5cc", size);
data/krb5-1.18.3/src/lib/krb5/os/ccdefname.c:209:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(p, "default_cache_name", size);
data/krb5-1.18.3/src/lib/krb5/os/changepw.c:282:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result_code_string->length = strlen(code_string);
data/krb5-1.18.3/src/lib/krb5/os/changepw.c:288:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(result_code_string->data, code_string, result_code_string->length);
data/krb5-1.18.3/src/lib/krb5/os/dnsglue.c:485:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(*realm, (const char *)p, (size_t)len);
data/krb5-1.18.3/src/lib/krb5/os/expand_path.c:66:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(tpath);
data/krb5-1.18.3/src/lib/krb5/os/expand_path.c:248:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(path);
data/krb5-1.18.3/src/lib/krb5/os/gen_rname.c:42:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(uniq) + (address->length * 2) + 1;
data/krb5-1.18.3/src/lib/krb5/os/gen_rname.c:47:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tmp = *string + strlen(uniq);
data/krb5-1.18.3/src/lib/krb5/os/hostrealm.c:308:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l = strlen(cleanname);
data/krb5-1.18.3/src/lib/krb5/os/hostrealm.c:325:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strspn(name, "01234567890.") == strlen(name)) {
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:44:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pname = malloc(size + strlen(DEFAULT_PROFILE_FILENAME) + 2);
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:47:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(*pname, "\\");
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:79:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = name + strlen(name);
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:84:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(p, DEFAULT_PROFILE_FILENAME, size - (p - name));
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:186:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size = strlen(software_suffix) + strlen("\\" DEFAULT_PROFILE_FILENAME) + strlen(szPath);
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:186:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size = strlen(software_suffix) + strlen("\\" DEFAULT_PROFILE_FILENAME) + strlen(szPath);
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:186:82:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size = strlen(software_suffix) + strlen("\\" DEFAULT_PROFILE_FILENAME) + strlen(szPath);
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:317:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for(s = filepath, i=0; (t = strchr(s, ':')) || (t=s+strlen(s)); s=t+1, i++) {
data/krb5-1.18.3/src/lib/krb5/os/init_os_ctx.c:326:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(files[i], s, ent_len);
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:382:16:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        while (fscanf(f,
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:573:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(lifreq.lifr_name, lifr->lifr_name,
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:744:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(lifreq.iflr_name, lifr->iflr_name,
data/krb5-1.18.3/src/lib/krb5/os/localaddr.c:964:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name));
data/krb5-1.18.3/src/lib/krb5/os/localauth_k5login.c:148:30:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            while ((gobble = getc(fp)) != EOF && gobble != '\n');
data/krb5-1.18.3/src/lib/krb5/os/localauth_rule.c:102:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
           m.rm_so == 0 && (size_t)m.rm_eo == strlen(selstring)) ? 0 :
data/krb5-1.18.3/src/lib/krb5/os/prompter.c:109:31:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                scratchchar = getc(fp);
data/krb5-1.18.3/src/lib/krb5/os/prompter.c:116:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        prompts[i].reply->length = strlen(prompts[i].reply->data);
data/krb5-1.18.3/src/lib/krb5/os/prompter.c:285:31:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                scratchchar = getchar();
data/krb5-1.18.3/src/lib/krb5/os/prompter.c:288:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        prompts[i].reply->length = strlen(prompts[i].reply->data);
data/krb5-1.18.3/src/lib/krb5/os/read_pwd.c:158:27:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            scratchchar = getchar();
data/krb5-1.18.3/src/lib/krb5/os/read_pwd.c:179:31:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                scratchchar = getchar();
data/krb5-1.18.3/src/lib/krb5/os/read_pwd.c:197:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pwsize = strlen(password);
data/krb5-1.18.3/src/lib/krb5/os/sendto_kdc.c:1303:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        st = context->tls->read(context, conn->http.tls, &in->buf[in->pos],
data/krb5-1.18.3/src/lib/krb5/os/sn2princ.c:145:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p = copy + strlen(copy) - 1;
data/krb5-1.18.3/src/lib/krb5/os/sn2princ.c:244:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ret = krb5_build_principal(context, &princ, strlen(realm), realm, sname,
data/krb5-1.18.3/src/lib/krb5/os/t_locate_kdc.c:122:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    realm.length = strlen (realmname);
data/krb5-1.18.3/src/lib/krb5/os/t_std_conf.c:84:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    rlm.length = strlen(realm);
data/krb5-1.18.3/src/lib/krb5/os/t_trace.c:58:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    unsigned int oct_length = strlen(str);
data/krb5-1.18.3/src/lib/krb5/os/t_trace.c:96:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s = strlen(str);
data/krb5-1.18.3/src/lib/krb5/os/t_trace.c:132:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    data.length = strlen(str);
data/krb5-1.18.3/src/lib/krb5/os/t_trace.c:144:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    key.keyblock.length = strlen(str);
data/krb5-1.18.3/src/lib/krb5/os/t_trace.c:166:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    principal_data.realm.length = strlen(principal_data.realm.data);
data/krb5-1.18.3/src/lib/krb5/os/t_trace.c:223:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    principal_data2.realm.length = strlen(principal_data2.realm.data);
data/krb5-1.18.3/src/lib/krb5/os/t_trace.c:234:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    creds.ticket.length = strlen(str);
data/krb5-1.18.3/src/lib/krb5/os/t_trace.c:237:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    creds.second_ticket.length = strlen(str);
data/krb5-1.18.3/src/lib/krb5/os/trace.c:84:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_add_printable_len(buf, p, strlen(p));
data/krb5-1.18.3/src/lib/krb5/os/trace.c:449:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (void) write(*fd, info->message, strlen(info->message));
data/krb5-1.18.3/src/lib/krb5/rcache/rc_file2.c:86:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    st = read(fd, buf, RECORD_LEN * 2);
data/krb5-1.18.3/src/lib/krb5/rcache/rc_file2.c:149:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    st = read(fd, seed, sizeof(seed));
data/krb5-1.18.3/src/lib/rpc/auth_gss.c:230:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sname.length = strlen(service);
data/krb5-1.18.3/src/lib/rpc/auth_gssapi.c:91:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     input_name.length = strlen(service_name) + 1;
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:91:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy (str, s, BUFSIZ - 1);
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:93:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
	strncat (str, ": ", BUFSIZ - 1 - strlen (bufstart));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:93:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat (str, ": ", BUFSIZ - 1 - strlen (bufstart));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:94:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	str += strlen(str);
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:95:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat (str, clnt_sperrno(e.re_status), BUFSIZ - 1 - strlen (bufstart));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:95:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat (str, clnt_sperrno(e.re_status), BUFSIZ - 1 - strlen (bufstart));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:97:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	str += strlen(str);
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:118:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (str - bufstart + 10 + strlen(strerror(e.re_errno)) < BUFSIZ)
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:121:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		str += strlen(str);
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:131:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		str += strlen(str);
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:139:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		str += strlen(str);
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:141:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if(str - bufstart + strlen(err) < BUFSIZ)
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:150:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		str += strlen(str);
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:160:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		str += strlen(str);
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:170:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		str += strlen(str);
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:267:10:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		(void) strncat(str, " - ", BUFSIZ - 1 - strlen(str));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:267:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(void) strncat(str, " - ", BUFSIZ - 1 - strlen(str));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:268:10:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		(void) strncat(str,
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:270:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    BUFSIZ - 1 - strlen(str));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:274:10:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
		(void) strncat(str, " - ", BUFSIZ - 1 - strlen(str));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:274:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(void) strncat(str, " - ", BUFSIZ - 1 - strlen(str));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:278:11:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			(void) strncat(str, m, BUFSIZ - 1 - strlen(str));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:278:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(void) strncat(str, m, BUFSIZ - 1 - strlen(str));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:280:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(void) snprintf(&str[strlen(str)], BUFSIZ - strlen(str),
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:280:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(void) snprintf(&str[strlen(str)], BUFSIZ - strlen(str),
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:305:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
	(void) strncat(str, "\n", BUFSIZ - 1 - strlen(str));
data/krb5-1.18.3/src/lib/rpc/clnt_perror.c:305:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(void) strncat(str, "\n", BUFSIZ - 1 - strlen(str));
data/krb5-1.18.3/src/lib/rpc/clnt_simple.c:118:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		(void) strncpy(crp->oldhost, host, 255);
data/krb5-1.18.3/src/lib/rpc/clnt_tcp.c:475:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	switch (len = read(ct->ct_sock, buf, (size_t) len)) {
data/krb5-1.18.3/src/lib/rpc/dyntest.c:95:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     if (DynAppend(obj, random_string, strlen(random_string)+1) != DYN_OK) {
data/krb5-1.18.3/src/lib/rpc/dyntest.c:152:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     if (DynInsert(obj, DynSize(obj) - 2, insert3, strlen(insert3) +
data/krb5-1.18.3/src/lib/rpc/dyntest.c:158:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     if (DynInsert(obj, 19, insert2, strlen(insert2)) != DYN_OK) {
data/krb5-1.18.3/src/lib/rpc/dyntest.c:163:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     if (DynInsert(obj, 0, insert1, strlen(insert1)+1) != DYN_OK) {
data/krb5-1.18.3/src/lib/rpc/dyntest.c:168:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     data = DynGet(obj, 14 + strlen(insert1) + 1);
data/krb5-1.18.3/src/lib/rpc/getrpcent.c:169:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return interpret(d->line, strlen(d->line));
data/krb5-1.18.3/src/lib/rpc/getrpcent.c:181:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(d->line, val, len);
data/krb5-1.18.3/src/lib/rpc/svc_auth_gssapi.c:958:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  in_buf.length = strlen(in_buf.value) + 1;
data/krb5-1.18.3/src/lib/rpc/svc_tcp.c:386:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((len = read(sock, buf, (size_t) len)) > 0) {
data/krb5-1.18.3/src/lib/rpc/xdr.c:624:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = strlen(sp);
data/krb5-1.18.3/src/lib/win_glue.c:159:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy( locAppIni, KERBEROS_INI, sizeof(locAppIni) - 1 );
data/krb5-1.18.3/src/lib/win_glue.c:162:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy( AppTitle, locAppTitle, APPVERINFO_SIZE);
data/krb5-1.18.3/src/lib/win_glue.c:164:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy( AppVer, locAppVer, APPVERINFO_SIZE);
data/krb5-1.18.3/src/lib/win_glue.c:166:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy( AppIni, locAppIni, APPVERINFO_SIZE);
data/krb5-1.18.3/src/lib/win_glue.c:248:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(buf, "Please upgrade it.", sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/win_glue.c:248:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, "Please upgrade it.", sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/win_glue.c:250:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, TIMEBOMB_INFO, sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/win_glue.c:250:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, TIMEBOMB_INFO, sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/win_glue.c:262:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
			strncat(buf, "Please upgrade it soon.", sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/win_glue.c:262:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, "Please upgrade it soon.", sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/win_glue.c:264:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
			strncat(buf, TIMEBOMB_INFO, sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/lib/win_glue.c:264:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strncat(buf, TIMEBOMB_INFO, sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/plugins/audit/kdc_j_encode.c:728:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(map_patype((*padata)->pa_type)) > 1) {
data/krb5-1.18.3/src/plugins/audit/kdc_j_encode.c:798:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(map_patype((*padata)->pa_type)) > 1) {
data/krb5-1.18.3/src/plugins/authdata/greet_server/greet_auth.c:39:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tmp.length = strlen(tmp.data);
data/krb5-1.18.3/src/plugins/certauth/test/main.c:107:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assert(strlen(name) < 128);
data/krb5-1.18.3/src/plugins/certauth/test/main.c:108:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name_len = strlen(name);
data/krb5-1.18.3/src/plugins/gssapi/negoextest/main.c:223:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        status_string->length = strlen(status_string->value);
data/krb5-1.18.3/src/plugins/kadm5_auth/test/main.c:121:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return (strlen(value) > 10) ? EPERM : KRB5_PLUGIN_NO_HANDLE;
data/krb5-1.18.3/src/plugins/kadm5_auth/test/main.c:198:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return (strlen(policy) <= 3) ? EPERM : KRB5_PLUGIN_NO_HANDLE;
data/krb5-1.18.3/src/plugins/kadm5_auth/test/main.c:228:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (client_policy != NULL && strlen(policy) == strlen(client_policy))
data/krb5-1.18.3/src/plugins/kadm5_auth/test/main.c:228:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (client_policy != NULL && strlen(policy) == strlen(client_policy))
data/krb5-1.18.3/src/plugins/kdb/db2/adb_policy.c:66:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dbkey.size = (strlen(entry->name) + 1);
data/krb5-1.18.3/src/plugins/kdb/db2/adb_policy.c:139:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dbkey.size = (strlen(name) + 1);
data/krb5-1.18.3/src/plugins/kdb/db2/adb_policy.c:198:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dbkey.size = (strlen(dbkey.data) + 1);
data/krb5-1.18.3/src/plugins/kdb/db2/adb_policy.c:270:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dbkey.size = (strlen(entry->name) + 1);
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_db2.c:647:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        nb = read(fd, buf, BUFSIZ);
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_xdr.c:42:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        key->length = strlen(princ_name)+1;
data/krb5-1.18.3/src/plugins/kdb/db2/kdb_xdr.c:83:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    unparse_princ_size = strlen(unparse_princ) + 1;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:223:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((nr = read(t->bt_fd, &m, sizeof(BTMETA))) < 0)
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:414:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (envtmp && ((strlen(envtmp)+sizeof(fn)+1) > sizeof(path)))
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/dbm.c:175:8:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	(void)strncpy(path, file, sizeof(path) - 1);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/dbm.c:177:8:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	(void)strncat(path, DBM_SUFFIX, sizeof(path) - 1 - strlen(path));
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/dbm.c:177:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(void)strncat(path, DBM_SUFFIX, sizeof(path) - 1 - strlen(path));
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash.c:181:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mpool_key.size = strlen(file);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hash.c:422:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	num_copied = read(hashp->fp, hdr_dest, sizeof(HASHHDR));
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hsearch.c:79:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	key.size = strlen(item.key) + 1;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/hash/hsearch.c:83:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		val.size = strlen(item.data) + 1;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/mpool/mpool.c:240:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((nr = read(mp->fd, bp->page, mp->pagesize)) !=
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_get.c:146:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if ((ch = getc(t->bt_rfp)) == EOF || !--len) {
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/recno/rec_get.c:193:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if ((ch = getc(t->bt_rfp)) == EOF || ch == bval) {
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c:31:10:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  while (fscanf(fin," %10s%10s",id1,id2) > 0) {
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:283:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		lbuf[strlen(lbuf) - 1] = '\0';
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:294:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    strlen(commands[i].cmd)) == 0)
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:362:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data.size = strlen(data.data);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:389:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key.size = strlen(argv[1]) + 1;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:429:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key.size = strlen(argv[1]) + 1;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:489:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key.size = strlen(argv[1]) + 1;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:535:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data.size = strlen(data.data);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:565:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data.size = strlen(data.data);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:591:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key.size = strlen(argv[1]) + 1;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:593:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data.size = strlen(argv[2]) + 1;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:620:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key.size = strlen(argv[1]) + 1;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c:622:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data.size = strlen(argv[2]) + 1;
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:211:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((len = strlen(buf)) == 0 || isspace((int) *p) || *p == '#')
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/dbtest.c:801:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (read(fd, p, (int)sb.st_size) == -1)
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c:90:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key.size = strlen(wp1);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c:91:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		item.size = strlen(wp2);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c:92:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key.size = strlen(wp1);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c:93:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		item.size = strlen(wp2);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c:111:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    key.size = strlen(wp1);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c:94:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key.size = strlen(wp1);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c:95:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		item.size = strlen(wp2);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c:115:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    key.size = strlen(wp1);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tread2.c:91:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key.size = strlen(wp1);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tread2.c:92:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		item.size = strlen(wp2);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash1.tests/tverify.c:91:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		key.size = strlen(wp1);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:45:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	key.size = strlen(key_line);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:47:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	val.size = strlen(val_line);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:77:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	key.size = strlen(get_key);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:136:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	key.size = strlen(key2);
data/krb5-1.18.3/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c:164:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	key.size = strlen(get_key);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:300:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ret = krb5_build_principal(context, &princ, strlen(realm), realm, comp1,
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:433:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strncmp(argv[i], "", strlen(argv[i]))!=0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:449:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:461:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strncmp(argv[i], "", strlen(argv[i]))==0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:510:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    krb5_princ_set_realm_length(util_context, &db_create_princ, strlen(global_params.realm));
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:559:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            krb_location_len = strlen(krb_location);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:616:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pwd.length = strlen(mkey_password);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:759:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strncmp(argv[i] ,"", strlen(argv[i]))!=0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:775:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:784:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        } else if (!strncmp(argv[i], "-containerref", strlen(argv[i]))) {
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:787:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strncmp(argv[i], "", strlen(argv[i]))==0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1191:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1239:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pwd.length = strlen(mkey_password);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1352:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pdata->length == strlen("history") &&
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:1353:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            !memcmp(pdata->data, "history", strlen("history"))) {
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:192:16:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    old_mode = umask(0177);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:201:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(old_mode);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:206:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (line [strlen (service_object)] == '#')
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:244:17:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
        omask = umask(077);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:246:9:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
        umask (omask);
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:257:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (line[strlen(service_object)] == '#')) {
data/krb5-1.18.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:580:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(passwd, 0, strlen(passwd));
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:115:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        in->len = (in->result != NULL) ? strlen(in->result) : 0;
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:153:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bv.bv_len = strlen(ctx->bind_pwd);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:620:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(str);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:867:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(dn) == 0)
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1247:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len1 = strlen(realmdn);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1248:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len2 = strlen(policy_dn);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1327:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ilen = strlen(list[i]);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1329:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            jlen = strlen(list[j]);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1606:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            tl->tl_data_length = strlen(a2d2[i]);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:153:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1;  /* 2 for closing brackets */
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:153:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    princlen = strlen(FILTER) + strlen(filtuser) + 2 + 1;  /* 2 for closing brackets */
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:334:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (arg_val == NULL || strlen(arg_val) == 0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:346:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            arg_val_len = strlen(arg_val) + 1;
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:664:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t dnlen = strlen(dn), stlen;
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:669:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        stlen = strlen(subtrees[i]);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:924:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (entry->princ->length == 2 && entry->princ->data[0].length == strlen("krbtgt") &&
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:939:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        } else if (ldap_context->lrparams->containerref && strlen(ldap_context->lrparams->containerref) != 0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1343:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(xargs.tktpolicydn) != 0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:99:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        principal->data[1].length == strlen (realm) &&
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:100:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncasecmp (principal->data[1].data, realm, strlen (realm)))
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:103:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(realm) != principal->realm.length)
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:240:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen (realm) + 2 /* "*@" */ + 1);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:383:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(rparams->subtree[k]) != 0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:399:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(rparams->containerref) != 0 ) {
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:629:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(rparams->subtree[i]) != 0) {
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c:645:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(rparams->containerref) != 0 ) {
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:70:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int namelen = strlen(name);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:86:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        end = line + strlen(line);
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:453:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filterlen = strlen("(objectclass=") + strlen(objectclass) + 1 + 1;
data/krb5-1.18.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:453:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filterlen = strlen("(objectclass=") + strlen(objectclass) + 1 + 1;
data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c:359:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MDB_val key = { strlen(keystr), keystr }, val = { len, bytes }, dummy;
data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c:404:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MDB_val key = { strlen(keystr), keystr };
data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c:445:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        len = read(fd, buf, BUFSIZ);
data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c:729:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    key.mv_size = strlen(name);
data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c:734:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ret = klmdb_decode_princ(context, name, strlen(name),
data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c:789:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        key.mv_size = strlen(name);
data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c:901:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    key.mv_size = strlen(name);
data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c:905:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return klmdb_decode_policy(context, name, strlen(name),
data/krb5-1.18.3/src/plugins/kdb/lmdb/kdb_lmdb.c:1078:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    key.mv_size = strlen(name);
data/krb5-1.18.3/src/plugins/kdb/lmdb/marshal.c:125:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k5_buf_add_uint32_le(&buf, strlen(pol->allowed_keysalts));
data/krb5-1.18.3/src/plugins/kdb/test/kdb_test.c:302:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k5_buf_add_len(&buf, sep + 1, strlen(sep + 1) + 1);
data/krb5-1.18.3/src/plugins/kdb/test/kdb_test.c:936:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    test_ad->length = strlen((char *)test_ad->contents);
data/krb5-1.18.3/src/plugins/kdb/test/kdb_test.c:1021:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assert(strncmp(info->pac_princ, tprinc, strlen(info->pac_princ)) == 0);
data/krb5-1.18.3/src/plugins/localauth/test/main.c:118:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((size_t)aname->length == strlen(lname))
data/krb5-1.18.3/src/plugins/preauth/otp/otp_state.c:119:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (j = strlen(buf); j > i; j--) {
data/krb5-1.18.3/src/plugins/preauth/otp/otp_state.c:593:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hndata = make_data(hostname, strlen(hostname));
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_clnt.c:613:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      strlen(KRB5_TGS_NAME), KRB5_TGS_NAME,
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:791:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        rdat.length = strlen(data->password);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3597:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        rdat.length = strlen(password);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3712:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (strlen(cctx->token_label) == label_len &&
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4213:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            rdat.length = strlen(tmp);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4417:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(dentry->d_name);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4425:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(dirname) + strlen(dentry->d_name) + 2 > sizeof(certname)) {
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4425:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(dirname) + strlen(dentry->d_name) + 2 > sizeof(certname)) {
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4432:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(keyname);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4633:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        attrs[nattrs].ulValueLen = strlen(id_cryptoctx->cert_label);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5311:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(dirname) + strlen(dentry->d_name) + 2 > sizeof(filename)) {
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5311:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(dirname) + strlen(dentry->d_name) + 2 > sizeof(filename)) {
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_matching.c:219:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(value);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_matching.c:390:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    remaining = strlen(rule);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_profile.c:235:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(realmstr, realm->data, realm->length);
data/krb5-1.18.3/src/plugins/preauth/pkinit/pkinit_srv.c:1219:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    plgctx->realmname_len = strlen(plgctx->realmname);
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:232:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sc2b.sam_response_prompt.length = strlen(sc2b.sam_response_prompt.data);
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:432:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pin2_len = strlen(passcode);
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:433:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pin1_len = strlen(trackp->passcode);
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:470:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(sc2b.sam_response_prompt.data);
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:585:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(sc2b.sam_response_prompt.data);
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid2.c:600:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(sc2b.sam_challenge_label.data);
data/krb5-1.18.3/src/plugins/preauth/securid_sam2/securid_sam2_main.c:86:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(sam_ptr->name);
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:808:16:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
static uint8_t equal(signed char b, signed char c) {
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:864:33:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      cmov(&e, &multiples[j-1], equal(index, j));
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:898:35:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:899:35:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:900:35:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:901:35:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:902:35:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:903:35:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:904:35:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:905:35:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
data/krb5-1.18.3/src/plugins/preauth/spake/edwards25519.c:1027:38:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      cmov_cached(&selected, &Ai[j], equal(j, index));
data/krb5-1.18.3/src/plugins/preauth/test/cltest.c:175:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *out_pa_data = make_pa_list(indstr, strlen(indstr));
data/krb5-1.18.3/src/plugins/preauth/test/kdctest.c:156:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            list = make_pa_list(attr_err, strlen(attr_err));
data/krb5-1.18.3/src/plugins/preauth/test/kdctest.c:163:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        list = make_pa_list(attr_2rt, strlen(attr_2rt));
data/krb5-1.18.3/src/plugins/pwqual/test/main.c:72:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(fd, dict->word_block, sb.st_size) != sb.st_size)
data/krb5-1.18.3/src/plugins/pwqual/test/main.c:93:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p += strlen(p) + 1;
data/krb5-1.18.3/src/plugins/pwqual/test/main.c:147:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncasecmp(password, *word1, strlen(*word1)) != 0)
data/krb5-1.18.3/src/plugins/pwqual/test/main.c:149:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        remainder = password + strlen(*word1);
data/krb5-1.18.3/src/plugins/tls/k5tls/openssl.c:220:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return strlen(text) == (size_t)name_length &&
data/krb5-1.18.3/src/tests/adata.c:147:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ad->length = strlen(contents);
data/krb5-1.18.3/src/tests/asn.1/ktest.c:917:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ad->length = strlen(str);
data/krb5-1.18.3/src/tests/asn.1/ktest.c:939:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    vmac->checksum.length = strlen(cksumstr);
data/krb5-1.18.3/src/tests/asn.1/trval.c:148:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((cc = fgetc(fin)) != EOF) {
data/krb5-1.18.3/src/tests/asn.1/trval.c:156:19:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            cc2 = fgetc(fin);
data/krb5-1.18.3/src/tests/asn.1/utility.c:93:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    d->length = strlen(s);
data/krb5-1.18.3/src/tests/asn.1/utility.c:107:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    d->data = ealloc(strlen(s) / 2 + 1);
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:123:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(principal_string, optarg, sizeof(principal_string) - 1);
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:125:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            suffix = principal_string + strlen(principal_string);
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:192:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
            strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:192:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:280:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pwd.length = strlen(princ_name);
data/krb5-1.18.3/src/tests/create/kdb5_mkdums.c:339:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pwd.length = strlen(mkey_password);
data/krb5-1.18.3/src/tests/gss-threads/gss-client.c:201:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send_tok.length = strlen(service_name);
data/krb5-1.18.3/src/tests/gss-threads/gss-client.c:331:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    count = read(fd, in_buf->value, in_buf->length);
data/krb5-1.18.3/src/tests/gss-threads/gss-client.c:480:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        in_buf.length = strlen(msg);
data/krb5-1.18.3/src/tests/gss-threads/gss-client.c:587:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tok.length = strlen(tok.value);
data/krb5-1.18.3/src/tests/gss-threads/gss-server.c:120:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name_buf.length = strlen(name_buf.value) + 1;
data/krb5-1.18.3/src/tests/gssapi/common.c:107:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf.length = strlen(str) - 2;
data/krb5-1.18.3/src/tests/gssapi/t_err.c:60:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (m.length != strlen(replay) || memcmp(m.value, replay, m.length) != 0) {
data/krb5-1.18.3/src/tests/gssapi/t_gssexts.c:72:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    constant.length = strlen((char *)constant.value);
data/krb5-1.18.3/src/tests/gssapi/t_imp_name.c:55:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(str) + (buf_includes_nullterm ? 1 : 0);
data/krb5-1.18.3/src/tests/gssapi/t_inq_ctx.c:138:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ubuf.length = strlen(username);
data/krb5-1.18.3/src/tests/gssapi/t_inq_ctx.c:144:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pwbuf.length = strlen(password);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:70:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int same = memcmp(buf, plain, strlen(plain)) == 0;
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:92:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iov[1].buffer.length = strlen(str);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:123:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(data, string1, strlen(string1) + 1);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:130:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(string1))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:137:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(data, string2, strlen(string2) + 1);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:146:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (output.length != strlen(string2) ||
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:154:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(data, string3, strlen(string3) + 1);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:165:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (stiov[1].buffer.length != strlen(string3) ||
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:166:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcmp(stiov[1].buffer.value, string3, strlen(string3)) != 0)
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:177:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    input.length = strlen(string4);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:192:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (stiov[1].buffer.length != strlen(string4) ||
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:193:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcmp(stiov[1].buffer.value, string4, strlen(string4)) != 0)
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:217:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iov[1].buffer.length = strlen(sign);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:220:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iov[2].buffer.length = strlen(wrap);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:230:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:232:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[2].buffer.value != wrap || iov[2].buffer.length != strlen(wrap))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:238:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(ptr, wrap, strlen(wrap));
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:250:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:252:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[2].buffer.length != strlen(wrap))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:280:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[1].buffer.value != sign || iov[1].buffer.length != strlen(sign))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:282:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[2].buffer.length != strlen(wrap) ||
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:292:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assoc.length = strlen(sign);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:296:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (output.length != strlen(wrap) ||
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:310:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    stiov[1].buffer.length = strlen(sign);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:316:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (stiov[2].buffer.length != strlen(wrap) ||
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:317:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcmp(stiov[2].buffer.value, wrap, strlen(wrap)) != 0)
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:328:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    input.length = strlen(wrap);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:330:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assoc.length = strlen(sign);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:347:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (stiov[2].buffer.length != strlen(wrap) ||
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:348:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcmp(stiov[2].buffer.value, wrap, strlen(wrap)) != 0)
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:371:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iov[0].buffer.length = strlen(sign1);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:374:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iov[1].buffer.length = strlen(sign2);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:377:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iov[2].buffer.length = strlen(sign3);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:410:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    concatbuf.length = strlen(concat);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:453:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(data, wrap, strlen(wrap) + 1);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:456:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iov[0].buffer.length = strlen(sign1);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:459:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iov[1].buffer.length = strlen(wrap);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:462:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iov[2].buffer.length = strlen(sign2);
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:469:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[0].buffer.value != sign1 || iov[0].buffer.length != strlen(sign1))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:471:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(wrap))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:473:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[2].buffer.value != sign2 || iov[2].buffer.length != strlen(sign2))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:482:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[0].buffer.value != sign1 || iov[0].buffer.length != strlen(sign1))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:484:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[1].buffer.value != data || iov[1].buffer.length != strlen(wrap))
data/krb5-1.18.3/src/tests/gssapi/t_iov.c:486:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (iov[2].buffer.value != sign2 || iov[2].buffer.length != strlen(sign2))
data/krb5-1.18.3/src/tests/gssapi/t_namingexts.c:98:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    attr.length = strlen((char *)attr.value);
data/krb5-1.18.3/src/tests/gssapi/t_namingexts.c:108:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    value.length = strlen((char *)value.value);
data/krb5-1.18.3/src/tests/gssapi/t_namingexts.c:127:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    type_id.length = strlen((char *)type_id.value);
data/krb5-1.18.3/src/tests/gssapi/t_oid.c:145:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (buf.length != strlen(tests[i].canonical) + 1 ||
data/krb5-1.18.3/src/tests/gssapi/t_oid.c:155:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf.length = strlen(tests[i].canonical);
data/krb5-1.18.3/src/tests/gssapi/t_oid.c:171:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf.length = strlen(tests[i].variant);
data/krb5-1.18.3/src/tests/gssapi/t_oid.c:186:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf.length = strlen(invalid_strings[i]);
data/krb5-1.18.3/src/tests/gssapi/t_prf.c:170:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        in.length = strlen(inputstr);
data/krb5-1.18.3/src/tests/gssapi/t_s4u.c:73:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    attr.length = strlen((char *)attr.value);
data/krb5-1.18.3/src/tests/gssapi/t_s4u.c:76:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    value.length = strlen((char *)value.value);
data/krb5-1.18.3/src/tests/gssapi/t_spnego.c:224:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assert(atok.length == strlen(expected));
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:155:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(prefix, optarg, sizeof(prefix) - 1);
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:217:4:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	  strncat(ctmp, ctmp2, sizeof(ctmp) - 1 - strlen(ctmp));
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:217:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  strncat(ctmp, ctmp2, sizeof(ctmp) - 1 - strlen(ctmp));
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:233:6:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	    strncat(stmp, stmp2, sizeof(stmp) - 1 - strlen(stmp));
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:233:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strncat(stmp, stmp2, sizeof(stmp) - 1 - strlen(stmp));
data/krb5-1.18.3/src/tests/hammer/kdc5_hammer.c:295:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pwd.length = strlen(string);
data/krb5-1.18.3/src/tests/misc/test_nfold.c:43:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    inlen = strlen(instr)*8;
data/krb5-1.18.3/src/tests/s4u2proxy.c:70:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ad->length = strlen(contents);
data/krb5-1.18.3/src/tests/s4u2self.c:67:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ad->length = strlen(contents);
data/krb5-1.18.3/src/tests/shlib/t_loader.c:82:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               HORIZ-strlen(libname), "");
data/krb5-1.18.3/src/tests/shlib/t_loader.c:113:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assert(strlen(SYM_PREFIX) == 0);
data/krb5-1.18.3/src/tests/shlib/t_loader.c:117:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               HORIZ-strlen(symname), "");
data/krb5-1.18.3/src/tests/shlib/t_loader.c:135:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               HORIZ-1-strlen(pbuf), "");
data/krb5-1.18.3/src/tests/shlib/t_loader.c:203:100:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define CALLING(S) (verbose ? printf("at   line %d: calling %s...%*s", __LINE__, #S, (int)(HORIZ+1-strlen(#S)), "") : 0)
data/krb5-1.18.3/src/tests/softpkcs11/main.c:494:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t id_len = strlen(id);
data/krb5-1.18.3/src/tests/softpkcs11/main.c:566:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
data/krb5-1.18.3/src/tests/softpkcs11/main.c:595:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
data/krb5-1.18.3/src/tests/softpkcs11/main.c:641:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        add_object_attribute(o, 0, CKA_LABEL, label, strlen(label));
data/krb5-1.18.3/src/tests/threads/gss-perf.c:293:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    namebuf.length = strlen (name);
data/krb5-1.18.3/src/tests/unlockiter.c:80:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(arg->inpipe, cp, 1) < 0)
data/krb5-1.18.3/src/tests/unlockiter.c:108:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(arg->inpipe, &c, 1) < 0) {
data/krb5-1.18.3/src/tests/unlockiter.c:157:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(inpipe, cp, 1) < 0)
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:119:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(principal_string, optarg, sizeof(principal_string) - 1);
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:121:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            suffix = principal_string + strlen(principal_string);
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:193:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
            strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:193:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:244:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pwd.length = strlen(princ_name);
data/krb5-1.18.3/src/tests/verify/kdb5_verify.c:365:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pwd.length = strlen(mkey_password);
data/krb5-1.18.3/src/util/et/com_err.c:56:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat (errbuf, whoami, sizeof(errbuf) - 1 - strlen(errbuf));
data/krb5-1.18.3/src/util/et/com_err.c:56:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat (errbuf, whoami, sizeof(errbuf) - 1 - strlen(errbuf));
data/krb5-1.18.3/src/util/et/com_err.c:57:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
        strncat (errbuf, ": ", sizeof(errbuf) - 1 - strlen(errbuf));
data/krb5-1.18.3/src/util/et/com_err.c:57:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat (errbuf, ": ", sizeof(errbuf) - 1 - strlen(errbuf));
data/krb5-1.18.3/src/util/et/com_err.c:61:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat (errbuf, error_message(code), sizeof(errbuf) - 1 - strlen(errbuf));
data/krb5-1.18.3/src/util/et/com_err.c:61:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat (errbuf, error_message(code), sizeof(errbuf) - 1 - strlen(errbuf));
data/krb5-1.18.3/src/util/et/com_err.c:62:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
        strncat (errbuf, " ", sizeof(errbuf) - 1 - strlen(errbuf));
data/krb5-1.18.3/src/util/et/com_err.c:62:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat (errbuf, " ", sizeof(errbuf) - 1 - strlen(errbuf));
data/krb5-1.18.3/src/util/et/error_message.c:211:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(buffer, msgbuf, ET_EBUFSIZ);
data/krb5-1.18.3/src/util/et/error_message.c:213:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            cp = buffer + strlen(buffer) - 1;
data/krb5-1.18.3/src/util/profile/argv_parse.c:57:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf = malloc(strlen(in_buf)+1);
data/krb5-1.18.3/src/util/profile/prof_file.c:145:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    flen = strlen(filename);
data/krb5-1.18.3/src/util/profile/prof_get.c:302:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (end_value != value + strlen (value))
data/krb5-1.18.3/src/util/profile/prof_init.c:341:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for(s = filepath, i=0; (t = strchr(s, ':')) || (t=s+strlen(s)); s=t+1, i++) {
data/krb5-1.18.3/src/util/profile/prof_init.c:350:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(filenames[i], s, ent_len);
data/krb5-1.18.3/src/util/profile/prof_init.c:533:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        required += strlen(pfp->data->filespec);
data/krb5-1.18.3/src/util/profile/prof_init.c:570:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                slen = (int32_t) strlen(pfp->data->filespec);
data/krb5-1.18.3/src/util/profile/prof_parse.c:41:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *p = line + strlen(line);
data/krb5-1.18.3/src/util/profile/prof_parse.c:175:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cp = value + strlen(value) - 1;
data/krb5-1.18.3/src/util/profile/prof_parse.c:229:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(filename);
data/krb5-1.18.3/src/util/profile/prof_parse.c:349:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(bptr) >= BUF_SIZE - 1) {
data/krb5-1.18.3/src/util/profile/prof_parse.c:355:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                char *c = bptr + strlen (bptr);
data/krb5-1.18.3/src/util/profile/prof_parse.c:373:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            end = bptr + strlen (bptr);
data/krb5-1.18.3/src/util/profile/prof_parse.c:383:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                newp = p + strlen (p) + 1;
data/krb5-1.18.3/src/util/profile/prof_parse.c:453:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (isspace((int) (*str)) ||isspace((int) (*(str + strlen(str) - 1))))
data/krb5-1.18.3/src/util/profile/prof_parse.c:613:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    add_data_to_buffer((struct prof_buf *)data, str, strlen(str));
data/krb5-1.18.3/src/util/profile/prof_tree.c:76:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t sz = strlen(s) + 1;
data/krb5-1.18.3/src/util/profile/profile_tcl.c:369:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/krb5-1.18.3/src/util/profile/profile_tcl.c:388:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/krb5-1.18.3/src/util/profile/profile_tcl.c:664:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/krb5-1.18.3/src/util/profile/profile_tcl.c:685:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/krb5-1.18.3/src/util/profile/profile_tcl.c:690:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1168:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((2*sz + 1 + strlen(type->name)) > 1000) return 0;
data/krb5-1.18.3/src/util/profile/profile_tcl.c:1380:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t meth_len = strlen(meth->name);
data/krb5-1.18.3/src/util/profile/profile_tcl.c:2236:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      Tcl_NewStringObj(s, strlen(s)));
data/krb5-1.18.3/src/util/profile/profile_tcl.c:2664:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      Tcl_NewStringObj(s, strlen(s)));
data/krb5-1.18.3/src/util/profile/profile_tcl.c:2672:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      Tcl_NewStringObj(s, strlen(s)));
data/krb5-1.18.3/src/util/profile/profile_tcl.c:2954:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      Tcl_NewStringObj(s, strlen(s)));
data/krb5-1.18.3/src/util/ss/help.c:58:16:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        (void) strncpy(buffer, info->info_dirs[idx], sizeof(buffer) - 1);
data/krb5-1.18.3/src/util/ss/help.c:60:16:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
        (void) strncat(buffer, "/", sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/help.c:60:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (void) strncat(buffer, "/", sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/help.c:61:16:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        (void) strncat(buffer, argv[1], sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/help.c:61:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (void) strncat(buffer, argv[1], sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/help.c:62:16:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
        (void) strncat(buffer, ".info", sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/help.c:62:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (void) strncat(buffer, ".info", sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/help.c:67:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(buf, "No info found for ", sizeof(buf) - 1);
data/krb5-1.18.3/src/util/ss/help.c:69:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(buf, argv[1], sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/util/ss/help.c:69:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(buf, argv[1], sizeof(buf) - 1 - strlen(buf));
data/krb5-1.18.3/src/util/ss/list_rqs.c:93:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int len = strlen(*name);
data/krb5-1.18.3/src/util/ss/list_rqs.c:94:17:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                strncat(buffer, *name, sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/list_rqs.c:94:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strncat(buffer, *name, sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/list_rqs.c:97:21:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
                    strncat(buffer, ", ", sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/list_rqs.c:97:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strncat(buffer, ", ", sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/list_rqs.c:101:17:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/list_rqs.c:101:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/list_rqs.c:106:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
            strncat(buffer, twentyfive_spaces, sizeof(buffer) - 1 - (25-spacing));
data/krb5-1.18.3/src/util/ss/list_rqs.c:107:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(buffer + 25, entry->info_string, sizeof(buffer) - 1 - 25);
data/krb5-1.18.3/src/util/ss/list_rqs.c:108:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
            strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/list_rqs.c:108:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncat(buffer, NL, sizeof(buffer) - 1 - strlen(buffer));
data/krb5-1.18.3/src/util/ss/mk_cmds.c:44:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    path = malloc(strlen(argv[1])+4); /* extra space to add ".ct" */
data/krb5-1.18.3/src/util/ss/mk_cmds.c:63:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(c_file, (q) ? q + 1 : path, sizeof(c_file) - 1);
data/krb5-1.18.3/src/util/ss/mk_cmds.c:65:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
    strncat(c_file, ".c", sizeof(c_file) - 1 - strlen(c_file));
data/krb5-1.18.3/src/util/ss/mk_cmds.c:65:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncat(c_file, ".c", sizeof(c_file) - 1 - strlen(c_file));
data/krb5-1.18.3/src/util/ss/pager.c:106:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        while ((n = read(0, buf, 80)) > 0)
data/krb5-1.18.3/src/util/ss/utils.c:104:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(s) + 1;
data/krb5-1.18.3/src/util/ss/utils.c:107:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(new, s, len);
data/krb5-1.18.3/src/util/support/base64.c:120:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(str);
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:952:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(host, tmpbuf, hlen);
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:957:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy (host, p, hlen);
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:974:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy (host, hp->h_name, hlen);
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:988:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy (service, numbuf, slen);
data/krb5-1.18.3/src/util/support/fake-addrinfo.c:998:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy (service, sp->s_name, slen);
data/krb5-1.18.3/src/util/support/getopt_long.c:183:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			current_argv_len = strlen(current_argv);
data/krb5-1.18.3/src/util/support/getopt_long.c:189:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(long_options[i].name) == (unsigned)current_argv_len) {
data/krb5-1.18.3/src/util/support/hex.c:95:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hexlen = strlen(hex);
data/krb5-1.18.3/src/util/support/ipc_stream.c:285:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        length = strlen (in_string) + 1;
data/krb5-1.18.3/src/util/support/json.c:490:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return k5_json_string_create_len(cstring, strlen(cstring), val_out);
data/krb5-1.18.3/src/util/support/k5buf.c:150:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    k5_buf_add_len(buf, data, strlen(data));
data/krb5-1.18.3/src/util/support/k5buf.c:222:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        zap(tmp, strlen(tmp));
data/krb5-1.18.3/src/util/support/path.c:139:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        c = path1[strlen(path1) - 1];
data/krb5-1.18.3/src/util/support/plugins.c:128:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filespec = malloc(strlen(dir) + 2 + 1);
data/krb5-1.18.3/src/util/support/plugins.c:130:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    index = strlen(filespec) - 1;
data/krb5-1.18.3/src/util/support/plugins.c:169:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(dp->dent.d_name, dp->fileinfo.name, _MAX_FNAME);
data/krb5-1.18.3/src/util/support/plugins.c:171:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dp->dent.d_reclen = (unsigned short)strlen(dp->dent.d_name);
data/krb5-1.18.3/src/util/support/plugins.c:441:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NAMELEN(D) strlen((D)->d_name)
data/krb5-1.18.3/src/util/support/plugins.c:447:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NAMELEN(D) strlen((D)->d_name)
data/krb5-1.18.3/src/util/support/strlcpy.c:77:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return(dlen + strlen(s));
data/krb5-1.18.3/src/util/verto/ev.c:1680:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  write (STDERR_FILENO, msg, strlen (msg));
data/krb5-1.18.3/src/util/verto/ev.c:2494:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          read (evpipe [1], &counter, sizeof (uint64_t));
data/krb5-1.18.3/src/util/verto/ev.c:2508:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          read (evpipe [0], &dummy, sizeof (dummy));
data/krb5-1.18.3/src/util/verto/ev.c:2609:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ssize_t res = read (sigfd, si, sizeof (si));
data/krb5-1.18.3/src/util/verto/ev.c:4259:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((errno == ENOENT || errno == EACCES) && strlen (w->path) < 4096)
data/krb5-1.18.3/src/util/verto/ev.c:4343:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int len = read (fs_fd, buf, sizeof (buf));
data/krb5-1.18.3/src/util/verto/verto.c:180:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(first) + strlen(second);
data/krb5-1.18.3/src/util/verto/verto.c:180:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(first) + strlen(second);
data/krb5-1.18.3/src/util/verto/verto.c:182:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len += strlen(third);
data/krb5-1.18.3/src/util/verto/verto.c:188:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ret, first, strlen(first));
data/krb5-1.18.3/src/util/verto/verto.c:188:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncpy(ret, first, strlen(first));
data/krb5-1.18.3/src/util/verto/verto.c:189:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ret + strlen(first), second, strlen(second));
data/krb5-1.18.3/src/util/verto/verto.c:189:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncpy(ret + strlen(first), second, strlen(second));
data/krb5-1.18.3/src/util/verto/verto.c:189:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncpy(ret + strlen(first), second, strlen(second));
data/krb5-1.18.3/src/util/verto/verto.c:191:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(ret + strlen(first) + strlen(second), third, strlen(third));
data/krb5-1.18.3/src/util/verto/verto.c:191:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncpy(ret + strlen(first) + strlen(second), third, strlen(third));
data/krb5-1.18.3/src/util/verto/verto.c:191:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncpy(ret + strlen(first) + strlen(second), third, strlen(third));
data/krb5-1.18.3/src/util/verto/verto.c:191:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncpy(ret + strlen(first) + strlen(second), third, strlen(third));
data/krb5-1.18.3/src/util/verto/verto.c:350:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        flen = strlen(ent->d_name);
data/krb5-1.18.3/src/util/verto/verto.c:351:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        slen = strlen(suffix);
data/krb5-1.18.3/src/util/verto/verto.c:424:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!suffix || strlen(suffix) < 1 || !(suffix = strdup(suffix))) {
data/krb5-1.18.3/src/util/verto/verto.c:429:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(prefix + strlen(prefix) - strlen(suffix), "-");
data/krb5-1.18.3/src/util/verto/verto.c:429:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strcpy(prefix + strlen(prefix) - strlen(suffix), "-");
data/krb5-1.18.3/src/util/verto/verto.c:429:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strcpy(prefix + strlen(prefix) - strlen(suffix), "-");
data/krb5-1.18.3/src/wconfig.c:73:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ignore_len = strlen(ignore_str);
data/krb5-1.18.3/src/wconfig.c:76:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		alen = strlen(*argv);
data/krb5-1.18.3/src/wconfig.c:186:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    plen = strlen(path);
data/krb5-1.18.3/src/wconfig.c:187:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    flen = strlen(fname);
data/krb5-1.18.3/src/wconfig.c:219:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = strlen(*cpp);
data/krb5-1.18.3/src/windows/installer/wix/custom/custom.cpp:489:24:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if(_tcslen(kpList[i].desc)) {
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:449:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ccname = (char *)malloc(strlen(pname) + 5);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:671:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pname = malloc(strlen(username) + strlen(realm) + 2);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:671:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pname = malloc(strlen(username) + strlen(realm) + 2);
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:675:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(pname, "@");
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:1026:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )
data/krb5-1.18.3/src/windows/kfwlogon/kfwcommon.c:1103:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:154:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dwLogonScriptLen = strlen(RUNDLL32_CMDLINE) + strlen(filename) + 2;
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:154:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dwLogonScriptLen = strlen(RUNDLL32_CMDLINE) + strlen(filename) + 2;
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:497:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen(filename) + strlen(szLogonId) + 2 > sizeof(filename) ) {
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:497:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen(filename) + strlen(szLogonId) + 2 > sizeof(filename) ) {
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:502:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(filename, "\\");
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:524:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen(newfilename) + strlen(szLogonId) + 2 > sizeof(newfilename) ) {
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:524:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen(newfilename) + strlen(szLogonId) + 2 > sizeof(newfilename) ) {
data/krb5-1.18.3/src/windows/kfwlogon/kfwlogon.c:529:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(newfilename, "\\");
data/krb5-1.18.3/src/windows/leash/KrbListTickets.cpp:158:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    list->encTypes = (char *)calloc(1, strlen(Buffer)+1);
data/krb5-1.18.3/src/windows/leash/Leash.cpp:163:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* pPath = modulePath + strlen(modulePath) - 1;
data/krb5-1.18.3/src/windows/leash/Leash.cpp:876:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t  keylen = strlen(realmkey)-1;
data/krb5-1.18.3/src/windows/leash/Leash.cpp:879:21:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                    strncpy(realm,domain,256);
data/krb5-1.18.3/src/windows/leash/Leash.cpp:881:21:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
                    strncat(realmkey,domain,256-strlen(realmkey));
data/krb5-1.18.3/src/windows/leash/Leash.cpp:881:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strncat(realmkey,domain,256-strlen(realmkey));
data/krb5-1.18.3/src/windows/leash/Leash.cpp:941:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    p += strlen((char*)p) + 1;
data/krb5-1.18.3/src/windows/leash/Leash.cpp:1031:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
        strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
data/krb5-1.18.3/src/windows/leash/Leash.cpp:1031:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
data/krb5-1.18.3/src/windows/leash/Leash.cpp:1040:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(confname, *configFile, szConfname);
data/krb5-1.18.3/src/windows/leash/Leash.cpp:1049:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
        strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
data/krb5-1.18.3/src/windows/leash/Leash.cpp:1049:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:155:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strSize += strlen(sm_TicketFlags[i].m_description);
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:2004:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(nid.szTip, (LPCTSTR) tip, sizeof(nid.szTip));
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:2414:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        param += strlen(param) + 1;
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:2417:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        param += strlen(param) + 1;
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:2420:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        param += strlen(param) + 1;
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:2427:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(ldi.username) > 0 && strlen(ldi.realm) > 0)
data/krb5-1.18.3/src/windows/leash/LeashView.cpp:2427:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(ldi.username) > 0 && strlen(ldi.realm) > 0)
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:727:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        lpdit->cx = strlen(ptext[i]) * 4 + 10;
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:743:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( pwid < strlen(tb[i].label) )
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:744:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pwid = strlen(tb[i].label);
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:842:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( strlen(plines[numlines-1]) > maxwidth )
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:843:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            maxwidth = strlen(plines[numlines-1]);
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:847:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(tb[i].label) + 1 + (tb[i].len > 40 ? 40 : tb[i].len);
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:870:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nlen = strlen(name)+2;
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:873:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        blen = strlen(banner)+2;
data/krb5-1.18.3/src/windows/leashdll/krb5routines.c:890:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                prompts[i].reply->length = strlen(prompts[i].reply->data);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:149:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (desiredName && (strlen(desiredName) + strlen(desiredRealm) + 32 < NETID_TITLE_SZ)) {
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:149:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (desiredName && (strlen(desiredName) + strlen(desiredRealm) + 32 < NETID_TITLE_SZ)) {
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:251:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (desiredName && (strlen(desiredName) + strlen(desiredRealm) + 32 < NETID_TITLE_SZ)) {
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:251:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (desiredName && (strlen(desiredName) + strlen(desiredRealm) + 32 < NETID_TITLE_SZ)) {
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:957:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
        strncat(confname, "\\",sizeof(confname)-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:957:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(confname, "\\",sizeof(confname)-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:959:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:959:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:968:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(confname, *configFile, szConfname);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:976:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
        strncat(confname, "\\",sizeof(confname)-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:976:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(confname, "\\",sizeof(confname)-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:978:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:978:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:990:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	for (i=0, c=fgetc(file); c != EOF ; c=fgetc(file), i++)
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:990:40:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	for (i=0, c=fgetc(file); c != EOF ; c=fgetc(file), i++)
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1081:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p += strlen(p);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1087:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p += strlen(p);
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1333:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (lpdi->username && (strlen(lpdi->username) > 0) &&
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1334:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            lpdi->realm && (strlen(lpdi->realm) > 0)) {
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1713:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (lpdi->username != NULL && (strlen(lpdi->username) > 0) &&
data/krb5-1.18.3/src/windows/leashdll/lsh_pwd.c:1714:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            lpdi->realm != NULL && (strlen(lpdi->realm) > 0)) {
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:124:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    base_size = strlen(base) + 1;
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:125:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ret_size = base_size + strlen(postfix) + 1;
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:132:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(copy, base, base_size);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:135:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ret, base, base_size);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:136:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ret + (base_size - 1), postfix, ret_size - (base_size - 1));
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:371:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len += sizeof(sep) + sizeof(v5_prefix) + strlen(v5_error_str) +
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:531:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(inst) != 0)
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:533:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(temp, "/");
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:536:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(realm) != 0)
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:538:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(temp, "@");
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:807:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
            strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:807:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:816:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(confname, *configFile, szConfname);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:826:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant string.
        strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:826:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1012:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    cch = strlen(value) + 2; /* NUL and new 's' */
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1017:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(buf, "s");
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1163:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    cch = strlen(value) + 2; /* NUL and new 's' */
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:1168:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(buf, "s");
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2421:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        step = strlen(strs);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2427:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            step = strlen(strs);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2432:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                step = strlen(strs);
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2531:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (desiredName && (strlen(desiredName) + strlen(desiredRealm) + 32 < NETID_TITLE_SZ)) {
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2531:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (desiredName && (strlen(desiredName) + strlen(desiredRealm) + 32 < NETID_TITLE_SZ)) {
data/krb5-1.18.3/src/windows/leashdll/lshfunc.c:2783:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(ccname, ccachename, cclen);
data/krb5-1.18.3/src/windows/leashdll/lshutil.cpp:427:25:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int princ_len = _tcslen(user) + _tcslen(m_defaultRealm) + 1;
data/krb5-1.18.3/src/windows/leashdll/lshutil.cpp:427:41:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int princ_len = _tcslen(user) + _tcslen(m_defaultRealm) + 1;
data/krb5-1.18.3/src/windows/leashdll/timesync.c:289:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(tmpstr, "\n");

ANALYSIS SUMMARY:

Hits = 3217
Lines analyzed = 444907 in approximately 22.98 seconds (19363 lines/second)
Physical Source Lines of Code (SLOC) = 313400
Hits@level = [0] 3058 [1] 1056 [2] 1844 [3] 125 [4] 184 [5]   8
Hits@level+ = [0+] 6275 [1+] 3217 [2+] 2161 [3+] 317 [4+] 192 [5+]   8
Hits/KSLOC@level+ = [0+] 20.0223 [1+] 10.2648 [2+] 6.89534 [3+] 1.01149 [4+] 0.612636 [5+] 0.0255265
Dot directories skipped = 1 (--followdotdir overrides)
Suppressed hits = 2 (use --neverignore to show them)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.