Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ksysguard-5.19.5/ksystemstats/client.cpp
Examining data/ksysguard-5.19.5/ksystemstats/main.cpp
Examining data/ksysguard-5.19.5/ksystemstats/autotests/main.cpp
Examining data/ksysguard-5.19.5/ksystemstats/ksysguarddaemon.h
Examining data/ksysguard-5.19.5/ksystemstats/client.h
Examining data/ksysguard-5.19.5/ksystemstats/ksysguarddaemon.cpp
Examining data/ksysguard-5.19.5/ksystemstats/test/main.cpp
Examining data/ksysguard-5.19.5/plugins/process/nvidia/nvidia.cpp
Examining data/ksysguard-5.19.5/plugins/process/nvidia/nvidia.h
Examining data/ksysguard-5.19.5/plugins/process/network/network.h
Examining data/ksysguard-5.19.5/plugins/process/network/network.cpp
Examining data/ksysguard-5.19.5/plugins/process/network/helper/Capture.cpp
Examining data/ksysguard-5.19.5/plugins/process/network/helper/main.cpp
Examining data/ksysguard-5.19.5/plugins/process/network/helper/Accumulator.h
Examining data/ksysguard-5.19.5/plugins/process/network/helper/Accumulator.cpp
Examining data/ksysguard-5.19.5/plugins/process/network/helper/ConnectionMapping.h
Examining data/ksysguard-5.19.5/plugins/process/network/helper/Packet.cpp
Examining data/ksysguard-5.19.5/plugins/process/network/helper/ConnectionMapping.cpp
Examining data/ksysguard-5.19.5/plugins/process/network/helper/Capture.h
Examining data/ksysguard-5.19.5/plugins/process/network/helper/Packet.h
Examining data/ksysguard-5.19.5/plugins/process/network/helper/TimeStamps.h
Examining data/ksysguard-5.19.5/plugins/global/nvidia/nvidia.cpp
Examining data/ksysguard-5.19.5/plugins/global/nvidia/nvidia.h
Examining data/ksysguard-5.19.5/plugins/global/ksgrd/ksgrdiface.cpp
Examining data/ksysguard-5.19.5/plugins/global/ksgrd/ksgrdiface.h
Examining data/ksysguard-5.19.5/libkstats/AggregateSensor.cpp
Examining data/ksysguard-5.19.5/libkstats/SensorObject.cpp
Examining data/ksysguard-5.19.5/libkstats/SensorProperty.cpp
Examining data/ksysguard-5.19.5/libkstats/SensorObject.h
Examining data/ksysguard-5.19.5/libkstats/SensorContainer.h
Examining data/ksysguard-5.19.5/libkstats/SensorContainer.cpp
Examining data/ksysguard-5.19.5/libkstats/SensorProperty.h
Examining data/ksysguard-5.19.5/libkstats/types.h
Examining data/ksysguard-5.19.5/libkstats/AggregateSensor.h
Examining data/ksysguard-5.19.5/libkstats/SensorPlugin.h
Examining data/ksysguard-5.19.5/libkstats/SensorPlugin.cpp
Examining data/ksysguard-5.19.5/ksysguardd/Solaris/Memory.h
Examining data/ksysguard-5.19.5/ksysguardd/Solaris/Memory.c
Examining data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c
Examining data/ksysguard-5.19.5/ksysguardd/Solaris/LoadAvg.c
Examining data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.h
Examining data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.h
Examining data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c
Examining data/ksysguard-5.19.5/ksysguardd/Solaris/LoadAvg.h
Examining data/ksysguard-5.19.5/ksysguardd/PWUIDCache.c
Examining data/ksysguard-5.19.5/ksysguardd/CContLib/ccont.h
Examining data/ksysguard-5.19.5/ksysguardd/CContLib/ccont.c
Examining data/ksysguard-5.19.5/ksysguardd/ksysguardd.h
Examining data/ksysguard-5.19.5/ksysguardd/conf.h
Examining data/ksysguard-5.19.5/ksysguardd/Tru64/Memory.h
Examining data/ksysguard-5.19.5/ksysguardd/Tru64/Memory.c
Examining data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c
Examining data/ksysguard-5.19.5/ksysguardd/Tru64/LoadAvg.c
Examining data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.h
Examining data/ksysguard-5.19.5/ksysguardd/Tru64/LoadAvg.h
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/CPU.c
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/diskstat.h
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/logfile.c
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/apm.c
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/Memory.h
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/logfile.h
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/loadavg.h
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/loadavg.c
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/Memory.c
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/CPU.h
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/diskstat.c
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/netdev.c
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/apm.h
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/netdev.h
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/ProcessList.h
Examining data/ksysguard-5.19.5/ksysguardd/NetBSD/ProcessList.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/uptime.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/uptime.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/diskstat.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/logfile.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/apm.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/Memory.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/logfile.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/loadavg.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/loadavg.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/Memory.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/cpuinfo.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/cpuinfo.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/diskstat.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/netdev.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/apm.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/netdev.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/stat.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/stat.h
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c
Examining data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/uptime.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/diskstat.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/logfile.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/softraid.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/apm.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/Memory.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/logfile.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/loadavg.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/acpi.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/loadavg.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/Memory.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/i8k.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/netstat.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/diskstat.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/apm.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/lmsensors.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/netdev.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/lmsensors.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/stat.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/i8k.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/stat.h
Examining data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c
Examining data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.h
Examining data/ksysguard-5.19.5/ksysguardd/OpenBSD/memory.h
Examining data/ksysguard-5.19.5/ksysguardd/OpenBSD/cpu.h
Examining data/ksysguard-5.19.5/ksysguardd/OpenBSD/ProcessList.h
Examining data/ksysguard-5.19.5/ksysguardd/OpenBSD/cpu.c
Examining data/ksysguard-5.19.5/ksysguardd/OpenBSD/ProcessList.c
Examining data/ksysguard-5.19.5/ksysguardd/OpenBSD/memory.c
Examining data/ksysguard-5.19.5/ksysguardd/conf.c
Examining data/ksysguard-5.19.5/ksysguardd/PWUIDCache.h
Examining data/ksysguard-5.19.5/ksysguardd/ksysguardd.c
Examining data/ksysguard-5.19.5/ksysguardd/modules.h
Examining data/ksysguard-5.19.5/ksysguardd/Irix/Memory.h
Examining data/ksysguard-5.19.5/ksysguardd/Irix/Memory.c
Examining data/ksysguard-5.19.5/ksysguardd/Irix/cpu.h
Examining data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c
Examining data/ksysguard-5.19.5/ksysguardd/Irix/LoadAvg.c
Examining data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.h
Examining data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.h
Examining data/ksysguard-5.19.5/ksysguardd/Irix/cpu.c
Examining data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c
Examining data/ksysguard-5.19.5/ksysguardd/Irix/LoadAvg.h
Examining data/ksysguard-5.19.5/ksysguardd/Command.h
Examining data/ksysguard-5.19.5/ksysguardd/Command.c
Examining data/ksysguard-5.19.5/ksysguardd/GNU/dummy.cpp
Examining data/ksysguard-5.19.5/gui/WorkSheet.h
Examining data/ksysguard-5.19.5/gui/SensorBrowser.cpp
Examining data/ksysguard-5.19.5/gui/HostConnector.cpp
Examining data/ksysguard-5.19.5/gui/SensorBrowser.h
Examining data/ksysguard-5.19.5/gui/ksortfilterproxymodel.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/FancyPlotterSettings.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/DancingBars.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/DancingBarsSettings.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorLoggerDlg.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorModel.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/ListView.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/ProcessController.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorLoggerSettings.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/DancingBarsSettings.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorLoggerSettings.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/MultiMeterSettings.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorLoggerDlg.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorLogger.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/DummyDisplay.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/MultiMeterSettings.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/ListViewSettings.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorLogger.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/ProcessController.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/ListViewSettings.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorDisplay.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorModel.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/FancyPlotter.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorDisplay.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/DummyDisplay.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/BarGraph.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/LogFile.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/DancingBars.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/ListView.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/MultiMeter.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/LogFile.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/FancyPlotterSettings.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/BarGraph.cpp
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/FancyPlotter.h
Examining data/ksysguard-5.19.5/gui/SensorDisplayLib/MultiMeter.h
Examining data/ksysguard-5.19.5/gui/WorkSheetSettings.cpp
Examining data/ksysguard-5.19.5/gui/Workspace.cpp
Examining data/ksysguard-5.19.5/gui/StyleEngine.h
Examining data/ksysguard-5.19.5/gui/StyleEngine.cpp
Examining data/ksysguard-5.19.5/gui/SignalIDs.h
Examining data/ksysguard-5.19.5/gui/ksortfilterproxymodel.h
Examining data/ksysguard-5.19.5/gui/Workspace.h
Examining data/ksysguard-5.19.5/gui/HostConnector.h
Examining data/ksysguard-5.19.5/gui/SharedSettings.h
Examining data/ksysguard-5.19.5/gui/WorkSheetSettings.h
Examining data/ksysguard-5.19.5/gui/WorkSheet.cpp
Examining data/ksysguard-5.19.5/gui/ksysguard.cpp
Examining data/ksysguard-5.19.5/gui/ksysguard.h
FINAL RESULTS:
data/ksysguard-5.19.5/ksysguardd/Command.c:72:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(vfprintf(CurrentClient, fmt, az) < 0) {
data/ksysguard-5.19.5/ksysguardd/Command.c:84:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf( errmsg, sizeof( errmsg ) - 1, fmt, az );
data/ksysguard-5.19.5/ksysguardd/Command.c:102:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf( errmsg, sizeof( errmsg ) - 1, fmt, az );
data/ksysguard-5.19.5/ksysguardd/Command.c:137:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cmd->command, command );
data/ksysguard-5.19.5/ksysguardd/Command.c:178:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cmd->command, command );
data/ksysguard-5.19.5/ksysguardd/Command.c:187:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cmd->type, type );
data/ksysguard-5.19.5/ksysguardd/Command.c:206:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cmd->command, command );
data/ksysguard-5.19.5/ksysguardd/Command.c:243:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buf, command );
data/ksysguard-5.19.5/ksysguardd/Command.h:45:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ( ( format ( printf, 1, 2 ) ) )
data/ksysguard-5.19.5/ksysguardd/Command.h:54:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ( ( format ( printf, 1, 2 ) ) )
data/ksysguard-5.19.5/ksysguardd/Command.h:63:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ( ( format ( printf, 1, 2 ) ) )
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:70:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, TZ_MIB_LEN, TZ_MIB, tz_cnt);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:74:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, BUF_LEN, TZ_MONITOR, tz_cnt + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:89:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, BUF_LEN, BAT_CHARGE_MONITOR, bat_cnt + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:91:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, BUF_LEN, BAT_CAPACITY_MONITOR, bat_cnt + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:93:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, BUF_LEN, BAT_REMAINING_MONITOR, bat_cnt + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:95:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, BUF_LEN, BAT_VOLTAGE_MONITOR, bat_cnt + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:97:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, BUF_LEN, BAT_RATE_MONITOR, bat_cnt + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:108:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, BUF_LEN, TZ_MONITOR, tz + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:114:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, TZ_MIB_LEN, BAT_CHARGE_MONITOR, bat + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:116:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, BUF_LEN, BAT_CAPACITY_MONITOR, bat + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:118:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, BUF_LEN, BAT_REMAINING_MONITOR, bat + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:120:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, BUF_LEN, BAT_VOLTAGE_MONITOR, bat + 1);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:136:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, TZ_MIB_LEN, TZ_MIB, tz);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:98:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(monitor,"network/interfaces/%s/receiver/packets", NetDevs[i].name);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:100:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(monitor ,"network/interfaces/%s/receiver/errors", NetDevs[i].name);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:112:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(monitor,"network/interfaces/%s/transmitter/packets", NetDevs[i].name);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:114:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(monitor,"network/interfaces/%s/transmitter/errors", NetDevs[i].name);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:122:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(monitor,"network/interfaces/%s/transmitter/collisions", NetDevs[i].name);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:133:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(monitor,"network/interfaces/%s/receiver/packets", NetDevs[i].name);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:135:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(monitor,"network/interfaces/%s/receiver/errors", NetDevs[i].name);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:146:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(monitor,"network/interfaces/%s/transmitter/packets", NetDevs[i].name);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:148:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(monitor,"network/interfaces/%s/transmitter/errors", NetDevs[i].name);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:156:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(monitor,"network/interfaces/%s/transmitter/collisions", NetDevs[i].name);
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:84:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "sleep" );
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:87:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "run" );
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:90:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "zombie" );
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:93:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "stop" );
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:96:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "start" );
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:99:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "wmem" );
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:101:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s/%d", "cpu", (int) lwpinfo.pr_sonproc );
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:104:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "???" );
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:173:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s/pinfo/%ld", PROCDIR, pid );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:247:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ( fscanf( fd, format, buf ) != 1 )
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:250:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf( buf, tagformat, tag );
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:341:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, sizeof(filename), fileFormat, number);
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:522:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(th_file, sizeof(th_file),
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:583:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fan_state_file, sizeof(fan_state_file),
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:74:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while ( sscanf( cibp, format, tag, value ) == 2 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:107:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(freqName, sizeof(freqName) - 1, freqTemplate, coreUniqueId);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:288:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Rate/totalio", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:291:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Rate/rio", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:294:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Rate/wio", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:297:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Rate/rblk", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:300:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Rate/wblk", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:304:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Delta/totalio", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:307:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Delta/rio", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:310:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Delta/wio", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:313:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Delta/rblk", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:316:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Delta/wblk", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:319:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Delta/rtim", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:322:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/Delta/wtim", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:326:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "disk/%s_(%d:%d)/ioqueue", devname, major, minor);
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:345:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Rate/totalio", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:347:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Rate/rio", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:349:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Rate/wio", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:351:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Rate/rblk", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:353:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Rate/wblk", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:356:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Delta/totalio", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:358:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Delta/rio", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:360:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Delta/wio", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:362:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Delta/rblk", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:364:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Delta/wblk", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:366:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Delta/rtim", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:368:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/Delta/wtim", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:371:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)/ioqueue", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:181:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(netDevBufP, format, buf);
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:186:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
for (i = 0; sscanf(netDevBufP, format, buf) == 1; ++i) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:190:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(buf, devFormat, tag)) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:226:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(netDevWifiBufP, format, buf);
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:231:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
for (j = 0; sscanf(netDevWifiBufP, format, buf) == 1; ++j) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:235:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(buf, devFormat, tag)) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:313:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf( netDevBufP, format, buf );
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:318:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
for ( i = 0; sscanf( netDevBufP, format, buf ) == 1; ++i ) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:323:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ( sscanf( buf, devFormat, tag ) ) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:350:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf( netDevWifiBufP, format, buf );
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:355:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
for ( j = 0; sscanf( netDevWifiBufP, format, buf ) == 1; ++j ) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:359:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ( sscanf( buf, devFormat, tag ) ) {
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:245:3: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl ("/sbin/mdadm", "mdadm", "--detail", arrayDevice, (char *)0);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:268:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while (sscanf(mdadmStatBufP, format, lineBuf) != EOF) {
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:275:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/ArraySizeKB", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:288:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/UsedDeviceSizeKB", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:297:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/PreferredMinor", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:354:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( MyArray->ArrayName, key.ArrayName );
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:358:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/NumBlocks", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:361:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/TotalDevices", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:364:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/FailedDevices", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:367:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/SpareDevices", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:370:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/NumRaidDevices", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:373:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/WorkingDevices", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:376:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/ActiveDevices", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:379:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/RaidType", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:382:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/DeviceNumber", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:385:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/ResyncingPercent", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:388:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sensorName, "SoftRaid/%s/DiskInfo", MyArray->ArrayName);
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:133:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/disk%d/%s", i, shortLabel );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:270:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)24/total", ptr->devname, major, minor );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:272:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)24/rio", ptr->devname, major, minor );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:274:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)24/wio", ptr->devname, major, minor );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:276:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)24/rblk", ptr->devname, major, minor );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:278:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)24/wblk", ptr->devname, major, minor );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:304:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)24/total", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:306:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)24/rio", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:308:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)24/wio", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:310:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)24/rblk", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:312:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( sensorName, "disk/%s_(%d:%d)24/wblk", ptr->devname, ptr->major, ptr->minor );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:355:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while ( fscanf( stat, format, buf ) == 1 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:357:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf( buf, tagFormat, tag );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:418:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while ( fscanf( stat, format, buf ) == 1 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:420:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf( buf, tagFormat, tag );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:500:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while ( fscanf( stat, format, buf ) == 1 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:502:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf( buf, tagFormat, tag );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:608:17: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
while ( fscanf( stat, format, buf ) == 1 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:610:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf( buf, tagFormat, tag );
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:61:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(uptimeBufP, format, buf) == 1) {
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:84:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(uptimeBufP, format, buf) == 1)
data/ksysguard-5.19.5/ksysguardd/NetBSD/netdev.c:261:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(NetDevs[i].name, newval[i].name);
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:266:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/receiver/packets", IfInfo[i].Name );
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:269:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/transmitter/packets", IfInfo[i].Name );
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:280:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/receiver/errors",
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:287:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/transmitter/errors",
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:294:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/transmitter/collisions",
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:301:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/transmitter/multicast",
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:308:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/receiver/multicast",
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:315:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/transmitter/broadcast",
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:322:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/receiver/broadcast",
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:330:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/receiver/data",
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:334:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/interfaces/%s/transmitter/data",
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:85:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "sleep" );
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:88:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "run" );
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:91:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "zombie" );
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:94:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "stop" );
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:97:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "start" );
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:101:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s/%d", "cpu", processor );
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:104:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", "???" );
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:259:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/%s/ipackets", IfInfo[i].Name );
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:262:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/%s/opackets", IfInfo[i].Name );
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:273:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/%s/ierrors",
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:280:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/%s/oerrors",
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:287:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/%s/collisions",
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:294:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/%s/multixmt",
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:301:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/%s/multircv",
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:308:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/%s/brdcstxmt",
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:315:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mon, "network/%s/brdcstrcv",
data/ksysguard-5.19.5/ksysguardd/ksysguardd.c:108:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( ( option = getopt( argc, argv, "-p:f:dih" ) ) != EOF ) {
data/ksysguard-5.19.5/plugins/process/network/helper/main.cpp:49:22: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((option = getopt_long(argc, argv, "", long_options, &optionIndex)) != -1) {
data/ksysguard-5.19.5/gui/SensorDisplayLib/FancyPlotter.cpp:294:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mSettingsDialog->open(); // open() opens the dialog modaly (ie. blocks the parent window)
data/ksysguard-5.19.5/gui/SensorDisplayLib/SensorLogger.cpp:345:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !mLogFile.open( QIODevice::ReadWrite | QIODevice::Append ) ) {
data/ksysguard-5.19.5/gui/WorkSheet.cpp:86:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !file.open( QIODevice::ReadOnly ) ) {
data/ksysguard-5.19.5/gui/WorkSheet.cpp:238:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !file.open( QIODevice::WriteOnly ) ) {
data/ksysguard-5.19.5/ksysguardd/Command.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Command.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/Memory.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[_POSIX2_LINE_MAX];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELEN];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:75:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char (*cpunames)[8] = NULL;
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MONITORBUF];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:107:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "processes/ps");
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MONITORBUF];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:134:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "processes/ps");
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:157:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prev_list, proc_buf, sizeof(struct kinfo_proc) * nproc);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prev_sorted, sorted_proc, sizeof(int) * nproc);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STATEBUF + 1], buf2[UNAMEBUF], buf3[NAMEBUF], args[ARGBUF];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[BUF_LEN];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:79:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((acpifd = open("/dev/acpi", O_RDONLY)) == -1) {
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[BUF_LEN];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/acpi.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TZ_MIB_LEN];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/apm.c:44:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ApmFD = open(APMDEV, O_RDONLY)) < 0)
data/ksysguard-5.19.5/ksysguardd/FreeBSD/cpuinfo.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SYSCTL_ID_LEN];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/cpuinfo.c:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SYSCTL_ID_LEN];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/cpuinfo.c:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SYSCTL_ID_LEN];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/cpuinfo.c:551:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FREQ_LEVEL_BUFFER];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/cpuinfo.c:552:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mid[SYSCTL_ID_LEN];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/diskstat.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[256];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/diskstat.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mntpnt[256];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/diskstat.c:62:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char device[1025];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/diskstat.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[1024];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/diskstat.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[1024];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/logfile.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/logfile.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[1024];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/logfile.c:61:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(entry->path, "r")) != NULL)
data/ksysguard-5.19.5/ksysguardd/FreeBSD/logfile.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/logfile.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[257];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/logfile.c:115:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(conf->path, "r")) == NULL) {
data/ksysguard-5.19.5/ksysguardd/FreeBSD/netdev.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/netdev.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[1024];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/netdev.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[1024];
data/ksysguard-5.19.5/ksysguardd/FreeBSD/stat.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IRQ_NAME], *cp;
data/ksysguard-5.19.5/ksysguardd/FreeBSD/stat.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IRQ_NAME];
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ];
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[1024];
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[1024];
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXNETDEVS*sizeof(struct ifreq)];
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char State[8]; /* process state */
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Command[PRCOMSIZ];/* command name */
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CmdLine[PRARGSZ];/* command line */
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:80:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[8];
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:174:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (fd = open( buf, O_RDONLY )) < 0 ) {
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:315:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
updateProcess( (pid_t) atol( de->d_name ));
data/ksysguard-5.19.5/ksysguardd/Irix/cpu.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[50];
data/ksysguard-5.19.5/ksysguardd/Irix/cpu.c:84:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mname,"cpu/cpu%d/user",i+1);
data/ksysguard-5.19.5/ksysguardd/Irix/cpu.c:87:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mname,"cpu/cpu%d/sys",i+1);
data/ksysguard-5.19.5/ksysguardd/Irix/cpu.c:90:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mname,"cpu/cpu%d/idle",i+1);
data/ksysguard-5.19.5/ksysguardd/Linux/Memory.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char MemInfoBuf[ MEMINFOBUFSIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/Memory.c:151:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = open( "/proc/meminfo", O_RDONLY ) ) < 0 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[ 16 ];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tty[10];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ 64 ];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[ 256 ];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userName[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cGroup[ 256 ];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char macContext[ 256 ];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ BUFSIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[ TAGSIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagformat[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:236:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = fopen( buf, "r" ) ) == 0 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:244:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format, "%%%d[^\n]\n", (int)sizeof( buf ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:245:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tagformat, "%%%ds", (int)sizeof( tag ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:273:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = fopen( buf, "r" ) ) == 0 )
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:317:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = fopen( buf, "r" ) ) != 0 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:330:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ps->status, "running" );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:332:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ps->status, "sleeping" );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:334:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ps->status, "disk sleep" );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:336:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ps->status, "zombie" );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:338:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ps->status, "stopped" );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:340:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ps->status, "paging" );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:342:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( ps->status, "Unknown: %c", status );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:346:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = fopen( buf, "r" ) ) == 0 )
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:372:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps->name, ps->cmdline + processNameStartPosition, processNameLength);
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:416:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = fopen( buf, "r" ) ) != 0 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:432:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = fopen( buf, "r" ) ) != 0 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:452:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atol( entry->d_name );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:630:5: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
if(vfork() == 0) {
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName [ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName [ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName [ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName [ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName [ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName [ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:121:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int number = atoi(de->d_name + (sizeof("BAT")-1));
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [ 200 ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [ 200 ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [ 200 ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [ 200 ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [ 200 ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [ 200 ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:343:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int typeFile = open(filename, O_RDONLY);
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName [ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName [ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char th_ref[ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:393:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int number = atoi(de->d_name + (sizeof("thermal_zone")-1));
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:405:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int number = atoi(de->d_name+( sizeof("cooling_device")-1));
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:445:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char th_file[ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:446:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_buf[ 100 ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:448:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(th_file, O_RDONLY);
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [ 200 ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char th_file[ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:514:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_buf[ OLD_TEMPERATURE_FILE_MAXLEN ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:526:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(th_file, O_RDONLY);
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:553:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name [ 200 ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fan_state_file[ ACPIFILENAMELENGTHMAX ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:573:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_buf[ OLD_FAN_STATE_FILE_MAXLEN ];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:576:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fan_state[4];
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:587:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fan_state_file, O_RDONLY);
data/ksysguard-5.19.5/ksysguardd/Linux/apm.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ApmBuf[ APMBUFSIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/apm.c:75:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = open( "/proc/apm", O_RDONLY ) ) < 0 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[ 256 ];
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:71:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format, "%%%d[^:]: %%%d[^\n]\n", (int)sizeof( tag ) - 1,
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:90:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdName[ 24 ];
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:106:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char freqName[sizeof(freqTemplate) + 3];
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:108:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *freqFd = fopen(freqName, "r");
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:186:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = open( "/proc/cpuinfo", O_RDONLY ) ) < 0 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:214:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( new_buffer, CpuInfoBuf, n ); /* copy read data */
data/ksysguard-5.19.5/ksysguardd/Linux/diskstat.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[ 256 ];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstat.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mntpnt[ 256 ];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstat.c:62:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char device[ 1025 ];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstat.c:100:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char monitor[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:114:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( file = fopen( "/proc/diskstats", "r" ) ) == NULL )
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[DISKDEVNAMELEN];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName[128];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:341:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName[ 128 ];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[DISKDEVNAMELEN];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ 17 ];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[DISKDEVNAMELEN];
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ 17 ];
data/ksysguard-5.19.5/ksysguardd/Linux/i8k.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char I8kBuf[ I8KBUFSIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/i8k.c:73:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = open( "/proc/i8k", O_RDONLY ) ) < 0 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/lmsensors.c:91:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[256];
data/ksysguard-5.19.5/ksysguardd/Linux/lmsensors.c:125:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scnbuf[BUFFER_SIZE_LMSEN];
data/ksysguard-5.19.5/ksysguardd/Linux/lmsensors.c:196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE_LMSEN];
data/ksysguard-5.19.5/ksysguardd/Linux/lmsensors.c:200:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( input = fopen( "/etc/sensors.conf", "r" ) ) == NULL ) {
data/ksysguard-5.19.5/ksysguardd/Linux/loadavg.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char LoadAvgBuf[ LOADAVGBUFSIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/loadavg.c:80:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = open( "/proc/loadavg", O_RDONLY ) ) < 0 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/logfile.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ 256 ];
data/ksysguard-5.19.5/ksysguardd/Linux/logfile.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Linux/logfile.c:59:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fp = fopen( entry->path, "r" ) ) != NULL ) {
data/ksysguard-5.19.5/ksysguardd/Linux/logfile.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Linux/logfile.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ 257 ];
data/ksysguard-5.19.5/ksysguardd/Linux/logfile.c:115:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( file = fopen( conf->path, "r" ) ) == NULL ) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:150:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char NetDevBuf[ NETDEVBUFSIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:151:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char NetDevWifiBuf[ NETDEVBUFSIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devFormat[ 16 ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[ 64 ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:174:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format, "%%%d[^\n]\n", (int)sizeof( buf ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:175:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( devFormat, "%%%ds", (int)sizeof( tag ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devFormat[ 16 ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:298:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[ 64 ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:308:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format, "%%%d[^\n]\n", (int)sizeof( buf ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:309:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( devFormat, "%%%ds", (int)sizeof( tag ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:327:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mon[ MON_SIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:362:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mon[ MON_SIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:388:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mon[ MON_SIZE ];
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:412:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/proc/net/dev", O_RDONLY)) > 0) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:440:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = open( "/proc/net/wireless", O_RDONLY ) ) < 0 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:467:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[ 64 ]; \
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:497:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[ 64 ]; \
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:518:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[ 64 ]; \
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:543:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[ 64 ]; \
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_addr[128];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_port[128];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_addr[128];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_port[128];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[128];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[128];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[128];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:131:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:153:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:199:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((netstat = fopen("/proc/net/tcp", "r")) != NULL) {
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:206:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((netstat = fopen("/proc/net/udp", "r")) != NULL) {
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:211:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((netstat = fopen("/proc/net/unix", "r")) != NULL) {
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:216:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((netstat = fopen("/proc/net/raw", "r")) != NULL) {
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:242:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((netstat = fopen("/proc/net/tcp", "r")) != NULL) {
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:247:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((netstat = fopen("/proc/net/udp", "r")) != NULL) {
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:252:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((netstat = fopen("/proc/net/unix", "r")) != NULL) {
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:256:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((netstat = fopen("/proc/net/raw", "r")) != NULL) {
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:293:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((netstat = fopen(buffer, "r")) == NULL) {
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:373:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen("/proc/net/unix", "r")) == NULL) {
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mdstatBuf[ MDSTATBUFSIZE ]; /* Buffer for /proc/mdstat */
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ArrayName[ ARRAYNAMELEN +1];
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribute[40];
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribute[40];
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName[128];
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arrayDevice[ARRAYNAMELEN + 5 + 1];
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuf[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mdadmStatBuf[ MDADMSTATBUFSIZE ]; /* Buffer for mdadm --detail */
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:266:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format, "%%%d[^\n]\n", (int)sizeof( lineBuf ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:320:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = open( "/proc/mdstat", O_RDONLY ) ) < 0 )
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName[128];
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:485:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[100];
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:575:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MyArray->ResyncingPercent = atoi(eq+1);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:585:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MyArray->ResyncingPercent = atoi(current_word);
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName[ 128 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName[ 128 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:300:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sensorName[ 128 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagFormat[ 16 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:341:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format, "%%%d[^\n]\n", (int)sizeof( buf ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:342:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tagFormat, "%%%ds", (int)sizeof( tag ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:347:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *stat = fopen("/proc/stat", "r");
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:416:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat = fopen("/proc/vmstat", "r");
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagFormat[ 16 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:485:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:486:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:490:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format, "%%%d[^\n]\n", (int)sizeof( buf ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:491:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tagFormat, "%%%ds", (int)sizeof( tag ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:493:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *stat = fopen("/proc/stat", "r");
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:522:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdName[ 24 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:529:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/user", id );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:531:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/nice", id );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:533:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/sys", id );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:535:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/TotalLoad", id );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:537:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/idle", id );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:539:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/wait", id );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:570:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdName[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:593:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/interrupts/int%02d", i );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:604:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat = fopen("/proc/vmstat", "r");
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:1012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[DISKDEVNAMELEN];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:1013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ 17 ];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:1051:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[DISKDEVNAMELEN];
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:1052:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ 17 ];
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char UptimeBuf[ UPTIMEBUFSIZE ]; /* Buffer for /proc/uptime */
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:58:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format, "%%%d[^\n]\n", (int)sizeof( buf ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[ 32 ];
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 1024 ];
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:80:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format, "%%%d[^\n]\n", (int)sizeof( buf ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:103:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fd = open( "/proc/uptime", O_RDONLY ) ) < 0 )
data/ksysguard-5.19.5/ksysguardd/NetBSD/ProcessList.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[16];
data/ksysguard-5.19.5/ksysguardd/NetBSD/ProcessList.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ksysguard-5.19.5/ksysguardd/NetBSD/ProcessList.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[256];
data/ksysguard-5.19.5/ksysguardd/NetBSD/ProcessList.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userName[32];
data/ksysguard-5.19.5/ksysguardd/NetBSD/ProcessList.c:220:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ps->cmdline, "????");
data/ksysguard-5.19.5/ksysguardd/NetBSD/apm.c:45:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ApmFD = open(APMDEV, O_RDONLY)) < 0)
data/ksysguard-5.19.5/ksysguardd/NetBSD/diskstat.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[256];
data/ksysguard-5.19.5/ksysguardd/NetBSD/diskstat.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mntpnt[256];
data/ksysguard-5.19.5/ksysguardd/NetBSD/diskstat.c:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char device[1025];
data/ksysguard-5.19.5/ksysguardd/NetBSD/diskstat.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[1024];
data/ksysguard-5.19.5/ksysguardd/NetBSD/diskstat.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[1024];
data/ksysguard-5.19.5/ksysguardd/NetBSD/logfile.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/ksysguard-5.19.5/ksysguardd/NetBSD/logfile.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monitor[1024];
data/ksysguard-5.19.5/ksysguardd/NetBSD/logfile.c:62:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(entry->path, "r")) != NULL)
data/ksysguard-5.19.5/ksysguardd/NetBSD/logfile.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/ksysguard-5.19.5/ksysguardd/NetBSD/logfile.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[257];
data/ksysguard-5.19.5/ksysguardd/NetBSD/logfile.c:118:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(conf->path, "r")) == NULL) {
data/ksysguard-5.19.5/ksysguardd/NetBSD/netdev.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/ksysguard-5.19.5/ksysguardd/NetBSD/netdev.c:113:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nv->name, sdl->sdl_data, sdl->sdl_nlen);
data/ksysguard-5.19.5/ksysguardd/NetBSD/netdev.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/ksysguard-5.19.5/ksysguardd/OpenBSD/ProcessList.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[16];
data/ksysguard-5.19.5/ksysguardd/OpenBSD/ProcessList.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ksysguard-5.19.5/ksysguardd/OpenBSD/ProcessList.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[256];
data/ksysguard-5.19.5/ksysguardd/OpenBSD/ProcessList.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userName[32];
data/ksysguard-5.19.5/ksysguardd/Solaris/LoadAvg.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdName[ 24 ];
data/ksysguard-5.19.5/ksysguardd/Solaris/LoadAvg.c:87:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/user", id );
data/ksysguard-5.19.5/ksysguardd/Solaris/LoadAvg.c:89:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/sys", id );
data/ksysguard-5.19.5/ksysguardd/Solaris/LoadAvg.c:91:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/TotalLoad", id );
data/ksysguard-5.19.5/ksysguardd/Solaris/LoadAvg.c:93:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/idle", id );
data/ksysguard-5.19.5/ksysguardd/Solaris/LoadAvg.c:95:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( cmdName, "cpu/cpu%d/wait", id );
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mon[128];
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[8];
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:173:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (fd = open( buf, O_RDONLY )) < 0 ) {
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:288:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
updateProcess( (pid_t) atol( de->d_name ));
data/ksysguard-5.19.5/ksysguardd/Tru64/Memory.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[128];
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mon[128];
data/ksysguard-5.19.5/ksysguardd/conf.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[ 2048 ];
data/ksysguard-5.19.5/ksysguardd/conf.c:62:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( config = fopen( filename, "r" ) ) == NULL ) {
data/ksysguard-5.19.5/ksysguardd/ksysguardd.c:111:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
SocketPort = atoi( optarg );
data/ksysguard-5.19.5/ksysguardd/ksysguardd.c:150:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( file = fopen( LockFile, "w+" ) ) != NULL ) {
data/ksysguard-5.19.5/ksysguardd/ksysguardd.c:229:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDWR, 0);
data/ksysguard-5.19.5/ksysguardd/ksysguardd.c:409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdBuf[ CMDBUFSIZE ];
data/ksysguard-5.19.5/plugins/process/network/helper/Capture.cpp:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorBuffer[PCAP_ERRBUF_SIZE];
data/ksysguard-5.19.5/plugins/process/network/helper/ConnectionMapping.cpp:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100] = { "\0" };
data/ksysguard-5.19.5/gui/ksysguard.cpp:554:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( read( initpipe[ 0 ], &c, 1 ) < 0 );
data/ksysguard-5.19.5/ksysguardd/Command.c:132:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!cmd || !(cmd->command = (char*)malloc( strlen( command ) + 1 ))) {
data/ksysguard-5.19.5/ksysguardd/Command.c:172:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!cmd || !(cmd->command = (char*)malloc( strlen( command ) + 1 ))) {
data/ksysguard-5.19.5/ksysguardd/Command.c:180:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->type = (char*)malloc( strlen( type ) + 1 );
data/ksysguard-5.19.5/ksysguardd/Command.c:199:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->command = (char*)malloc( strlen( command ) + 2 );
data/ksysguard-5.19.5/ksysguardd/Command.c:207:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->command[ strlen( command ) ] = '?';
data/ksysguard-5.19.5/ksysguardd/Command.c:208:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->command[ strlen( command ) + 1 ] = '\0';
data/ksysguard-5.19.5/ksysguardd/Command.c:237:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = (char*)malloc( strlen( command ) + 2 );
data/ksysguard-5.19.5/ksysguardd/Command.c:244:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buf, "?" );
data/ksysguard-5.19.5/ksysguardd/Command.c:309:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strcmp( cmd->command, c + strlen( "test " ) ) == 0 ) {
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:229:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((arg_fix += strlen(arg_fix)) < args + len - 1)
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:338:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(cmd + 12, statuses[idx], strlen(cmd + 12) - 1) == 0)
data/ksysguard-5.19.5/ksysguardd/FreeBSD/ProcessList.c:349:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(cmd + 12, statuses[idx], strlen(cmd + 12) - 1) == 0)
data/ksysguard-5.19.5/ksysguardd/FreeBSD/diskstat.c:66:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(cmd, "partitions%1024s", device);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/diskstat.c:182:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(disk_info->mntpnt, "/root", 6);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/logfile.c:111:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(cmd, "%*s %256s", name);
data/ksysguard-5.19.5/ksysguardd/FreeBSD/stat.c:115:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(cp, "IRQ", 3);
data/ksysguard-5.19.5/ksysguardd/Irix/NetDev.c:203:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(NetDevs[i].name,ifc.ifc_req[i].ifr_name, IFNAMSIZ);
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:47:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define KDEINITLEN strlen("kdeinit: ")
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:127:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( string, " " );
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:197:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ps->State,lwpStateName( psinfo ),8);
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:226:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ps->Command,psinfo.pr_fname,PRCOMSIZ);
data/ksysguard-5.19.5/ksysguardd/Irix/ProcessList.c:229:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ps->CmdLine,psinfo.pr_psargs,PRARGSZ);
data/ksysguard-5.19.5/ksysguardd/Linux/Memory.c:57:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sscanf( b + strlen( key ), ": %llu", val );
data/ksysguard-5.19.5/ksysguardd/Linux/Memory.c:158:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read( fd, MemInfoBuf, MEMINFOBUFSIZE - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:222:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( str, " " );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:253:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf( buf, "%*s %63s", ps->name );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:356:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (c = fgetc(fd)) != EOF && i < sizeof(ps->cmdline)-3) {
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:396:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( ps->cmdline + KDEINITLEN );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:400:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ps->name, ps->cmdline + KDEINITLEN, len );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:406:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ps->userName, uName, sizeof( ps->userName ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/ProcessList.c:423:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ps->cGroup, &buf[3], sizeof( ps->cGroup ) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:351:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int readBytes = read( typeFile, buffer, bufferSize - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:452:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read_bytes = read( fd, input_buf, sizeof(input_buf) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:534:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_bytes = read( fd, input_buf, sizeof(input_buf) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:596:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_bytes = read( fd, input_buf, sizeof(input_buf) - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/acpi.c:604:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(input_buf, "status: %2s", fan_state);
data/ksysguard-5.19.5/ksysguardd/Linux/apm.c:83:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read( fd, ApmBuf, APMBUFSIZE - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:81:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = tag + strlen( tag ) - 1;
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:141:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cibp = CpuInfoBuf + strlen( CpuInfoBuf );
data/ksysguard-5.19.5/ksysguardd/Linux/cpuinfo.c:200:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t len = read( fd, CpuInfoBuf + n, CpuInfoBufSize - 1 - n );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstat.c:66:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf( cmd, "partitions%1024s", device );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstat.c:235:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( disk_info->device, mnt_info->mnt_fsname, sizeof( disk_info->device ) );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstat.c:238:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( disk_info->mntpnt, mnt_info->mnt_dir, sizeof( disk_info->mntpnt ) );
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:404:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if(sscanf( cmd, "disk/%[^_]_(%d:%d)/Rate/%16s", devname, &major, &minor, name ) == 4) {
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:434:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
else if(sscanf( cmd, "disk/%[^_]_(%d:%d)/Delta/%16s", devname, &major, &minor, name ) == 4) {
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:468:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
else if(sscanf( cmd, "disk/%[^_]_(%d:%d)/%16s", devname, &major, &minor, name ) == 4) {
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:499:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if(sscanf( cmd, "disk/%[^_]_(%d:%d)/Rate/%16s", devname, &major, &minor, name ) == 4) {
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:501:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
else if(sscanf( cmd, "disk/%[^_]_(%d:%d)/Delta/%16s", devname, &major, &minor, name ) == 4) {
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:503:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
else if(sscanf( cmd, "disk/%[^_]_(%d:%d)/%16s", devname, &major, &minor, name ) == 4) {
data/ksysguard-5.19.5/ksysguardd/Linux/diskstats.c:520:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[ strlen( name ) - 1 ] = '\0';
data/ksysguard-5.19.5/ksysguardd/Linux/i8k.c:80:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( ( n = read( fd, I8kBuf, I8KBUFSIZE - 1 ) ) == I8KBUFSIZE - 1 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/lmsensors.c:76:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int end = strlen(key.fullName)-1;
data/ksysguard-5.19.5/ksysguardd/Linux/lmsensors.c:161:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->fullName = (char*)malloc( strlen( "lmsensors/" ) +
data/ksysguard-5.19.5/ksysguardd/Linux/lmsensors.c:162:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( scnbuf ) + 1 +
data/ksysguard-5.19.5/ksysguardd/Linux/lmsensors.c:163:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( label ) + 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/loadavg.c:88:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read( fd, LoadAvgBuf, LOADAVGBUFSIZE - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/logfile.c:110:3: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf( cmd, "%*s %256s", name );
data/ksysguard-5.19.5/ksysguardd/Linux/logfile.c:131:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( entry->name, conf->name, 256 );
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:183:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
netDevBufP += strlen(buf) + 1; /* move netDevBufP to next line */
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:188:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
netDevBufP += strlen(buf) + 1; /* move netDevBufP to next line */
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:228:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
netDevWifiBufP += strlen(buf) + 1; /* move netDevWifiBufP to next line */
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:233:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
netDevWifiBufP += strlen(buf) + 1; /* move netDevWifiBufP to next line */
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:315:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
netDevBufP += strlen( buf ) + 1; /* move netDevBufP to next line */
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:320:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
netDevBufP += strlen( buf ) + 1; /* move netDevBufP to next line */
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:329:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( NetDevs[ i ].name, tag, sizeof( NetDevs[ i ].name ) );
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:352:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
netDevWifiBufP += strlen( buf ) + 1; /* move netDevWifiBufP to next line */
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:357:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
netDevWifiBufP += strlen( buf ) + 1; /* move netDevWifiBufP to next line */
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:413:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, NetDevBuf, NETDEVBUFSIZE - 1);
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:443:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if ( ( n = read( fd, NetDevWifiBuf, NETDEVBUFSIZE - 1 ) ) == NETDEVBUFSIZE - 1 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:472:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dev, beg + 1, end - beg - 1 ); \
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:502:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dev, beg + 1, end - beg - 1 ); \
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:523:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dev, beg + 1, end - beg - 1 ); \
data/ksysguard-5.19.5/ksysguardd/Linux/netdev.c:548:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( dev, beg + 1, end - beg - 1 ); \
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:123:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, service->s_name, sizeof(buffer)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:145:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, host->h_name, sizeof(buffer)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:163:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, protocol->p_name, sizeof(buffer)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:313:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_info->local_addr, get_host_name(local_addr), sizeof(socket_info->local_addr)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:315:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_info->remote_addr, get_host_name(remote_addr), sizeof(socket_info->remote_addr)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:319:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_info->local_port, get_serv_name(local_port, "tcp"), sizeof(socket_info->local_port)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:321:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_info->remote_port, get_serv_name(remote_port, "tcp"), sizeof(socket_info->remote_port)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:324:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_info->state, conn_state[state], sizeof(socket_info->state));
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:332:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_info->local_port, get_serv_name(local_port, "udp"), sizeof(socket_info->local_port)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:334:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_info->remote_port, get_serv_name(remote_port, "udp"), sizeof(socket_info->remote_port)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:337:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_info->state, conn_state[state], sizeof(socket_info->state)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:346:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_info->local_port, get_proto_name(local_port), sizeof(socket_info->local_port)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:348:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(socket_info->remote_port, get_proto_name(remote_port), sizeof(socket_info->remote_port)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:385:18: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int matches = sscanf(buffer, "%*x: %d %*d %*d %d %d %d %255s",
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:396:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(unix_info->type, raw_type[type], sizeof(unix_info->type)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:398:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(unix_info->state, raw_state[state], sizeof(unix_info->state)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/netstat.c:401:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(unix_info->path, path, sizeof(unix_info->path)-1);
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:108:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ( sscanf(cmd, "SoftRaid/%[^/]/%39s", key.ArrayName, attribute) == 2 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:163:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ( sscanf(cmd, "SoftRaid/%[^/]/%39s", key.ArrayName, attribute) == 2 ) {
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:258:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = read( fd[0], mdadmStatBuf, MDADMSTATBUFSIZE-1 );
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:270:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mdadmStatBufP += strlen(lineBuf) + 1; /* move mdadmStatBufP to next line */
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:323:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read( fd, mdstatBuf, MDSTATBUFSIZE - 1 );
data/ksysguard-5.19.5/ksysguardd/Linux/softraid.c:340:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(key.ArrayName, array_name, array_name_length);
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:127:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = buf + strlen( label ) + 1;
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:184:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = buf + strlen( label ) + 1;
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:210:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen( "disk_io: " );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:984:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sscanf( cmd + strlen( "cpu/interrupts/int" ), "%d", &id );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:991:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sscanf( cmd + strlen( "cpu/interrupt/int" ), "%d", &id );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:1016:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf( cmd, "disk/%[^_]_(%d:%d)/%16s", devname, &major, &minor, name );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:1055:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf( cmd, "disk/%[^_]_(%d:%d)/%16s", devname, &major, &minor, name );
data/ksysguard-5.19.5/ksysguardd/Linux/stat.c:1067:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[ strlen( name ) - 1 ] = '\0';
data/ksysguard-5.19.5/ksysguardd/Linux/uptime.c:106:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read( fd, UptimeBuf, UPTIMEBUFSIZE - 1 );
data/ksysguard-5.19.5/ksysguardd/NetBSD/diskstat.c:56:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(cmd, "partitions%1024s", device);
data/ksysguard-5.19.5/ksysguardd/NetBSD/diskstat.c:155:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(disk_info->mntpnt, "/root", 6);
data/ksysguard-5.19.5/ksysguardd/NetBSD/logfile.c:114:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(cmd, "%*s %256s", name);
data/ksysguard-5.19.5/ksysguardd/NetBSD/netdev.c:149:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cmdExecutor read, inform;
data/ksysguard-5.19.5/ksysguardd/NetBSD/netdev.c:207:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = p+strlen(p)-1;
data/ksysguard-5.19.5/ksysguardd/NetBSD/netdev.c:243:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
opTable[j].read,
data/ksysguard-5.19.5/ksysguardd/Solaris/NetDev.c:372:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = name + strlen( name ) - 1;
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:127:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( string, " " );
data/ksysguard-5.19.5/ksysguardd/Solaris/ProcessList.c:177:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( read( fd, &psinfo, sizeof( psinfo_t )) != sizeof( psinfo_t )) {
data/ksysguard-5.19.5/ksysguardd/Tru64/NetDev.c:351:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = name + strlen( name ) - 1;
data/ksysguard-5.19.5/ksysguardd/conf.c:92:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( line[ 0 ] == '#') || ( strlen( line ) == 0 ) )
data/ksysguard-5.19.5/ksysguardd/conf.c:98:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( line[ strlen( line ) - 1 ] == '\n' )
data/ksysguard-5.19.5/ksysguardd/conf.c:99:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[ strlen( line ) - 1 ] = '\0';
data/ksysguard-5.19.5/ksysguardd/ksysguardd.c:223:7: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask( 0 );
data/ksysguard-5.19.5/ksysguardd/ksysguardd.c:248:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int result = read( fd, &c, 1 );
ANALYSIS SUMMARY:
Hits = 588
Lines analyzed = 37037 in approximately 1.77 seconds (20922 lines/second)
Physical Source Lines of Code (SLOC) = 24863
Hits@level = [0] 762 [1] 121 [2] 311 [3] 2 [4] 154 [5] 0
Hits@level+ = [0+] 1350 [1+] 588 [2+] 467 [3+] 156 [4+] 154 [5+] 0
Hits/KSLOC@level+ = [0+] 54.2976 [1+] 23.6496 [2+] 18.7829 [3+] 6.27438 [4+] 6.19394 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.