Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libbackuppc-xs-perl-0.62/bpc_attribCache.c
Examining data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c
Examining data/libbackuppc-xs-perl-0.62/backuppc.h
Examining data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c
Examining data/libbackuppc-xs-perl-0.62/bpc_lib.c
Examining data/libbackuppc-xs-perl-0.62/rsync.h
Examining data/libbackuppc-xs-perl-0.62/bpc_dirOps.c
Examining data/libbackuppc-xs-perl-0.62/bpc_hashtable.c
Examining data/libbackuppc-xs-perl-0.62/byteorder.h
Examining data/libbackuppc-xs-perl-0.62/ppport.h
Examining data/libbackuppc-xs-perl-0.62/zlib/compress.c
Examining data/libbackuppc-xs-perl-0.62/zlib/inffast.h
Examining data/libbackuppc-xs-perl-0.62/zlib/trees.h
Examining data/libbackuppc-xs-perl-0.62/zlib/crc32.c
Examining data/libbackuppc-xs-perl-0.62/zlib/zutil.h
Examining data/libbackuppc-xs-perl-0.62/zlib/zlib.h
Examining data/libbackuppc-xs-perl-0.62/zlib/zutil.c
Examining data/libbackuppc-xs-perl-0.62/zlib/deflate.h
Examining data/libbackuppc-xs-perl-0.62/zlib/adler32.c
Examining data/libbackuppc-xs-perl-0.62/zlib/inffast.c
Examining data/libbackuppc-xs-perl-0.62/zlib/zconf.h
Examining data/libbackuppc-xs-perl-0.62/zlib/trees.c
Examining data/libbackuppc-xs-perl-0.62/zlib/inflate.c
Examining data/libbackuppc-xs-perl-0.62/zlib/inftrees.c
Examining data/libbackuppc-xs-perl-0.62/zlib/deflate.c
Examining data/libbackuppc-xs-perl-0.62/zlib/inflate.h
Examining data/libbackuppc-xs-perl-0.62/zlib/inffixed.h
Examining data/libbackuppc-xs-perl-0.62/zlib/crc32.h
Examining data/libbackuppc-xs-perl-0.62/zlib/inftrees.h
Examining data/libbackuppc-xs-perl-0.62/bpc_attrib.c
Examining data/libbackuppc-xs-perl-0.62/bpc_fileDigest.c
Examining data/libbackuppc-xs-perl-0.62/md5/mdigest.h
Examining data/libbackuppc-xs-perl-0.62/md5/md5.c
Examining data/libbackuppc-xs-perl-0.62/bpc_refCount.c
FINAL RESULTS:
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:779:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(poolPath, 0444);
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:824:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(poolPath, 0444);
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:876:35: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if ( !stat(poolPath, &st) && !chmod(poolPath, st.st_mode & ~S_IXOTH & ~S_IFMT) ) {
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:745:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attribDirPath, attribPath);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:804:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attribPathTemp, attribPath);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:847:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attribPathNew, attribPath);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1323:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attribPathTemp, attribPath);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:140:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, ac->shareNameUM);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:147:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dir, ac->shareName);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:154:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, p+1);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:159:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName, path);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:213:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attr->key.key, attribPath);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:348:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attr->key.key, attribPath);
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:121:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirList + dirListLen, dp->d_name);
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:205:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirList + dirListLen, dp->d_name);
data/libbackuppc-xs-perl-0.62/bpc_lib.c:294:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
strLen = vsnprintf(LogData.mesg + LogData.mesgLen + pad, LogData.mesgSize - LogData.mesgLen - pad, fmt, args);
data/libbackuppc-xs-perl-0.62/bpc_lib.c:303:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
strLen = vsnprintf(LogData.mesg + LogData.mesgLen + pad, LogData.mesgSize - LogData.mesgLen - pad, fmt, args);
data/libbackuppc-xs-perl-0.62/bpc_lib.c:340:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
strLen = vsnprintf(LogData.mesg + LogData.mesgLen + pad, LogData.mesgSize - LogData.mesgLen - pad, fmt, args);
data/libbackuppc-xs-perl-0.62/bpc_lib.c:349:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
strLen = vsnprintf(LogData.mesg + LogData.mesgLen + pad, LogData.mesgSize - LogData.mesgLen - pad, fmt, args);
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:173:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->match[i].fileName, candidateFile->fileName);
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:375:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(candidateFile->fileName, poolPath);
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:428:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(candidateFile->fileName, poolPath);
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:659:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->tmpFileName, fileNameTmp);
data/libbackuppc-xs-perl-0.62/ppport.h:6890:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
retval = vsnprintf(buffer, len, format, ap);
data/libbackuppc-xs-perl-0.62/ppport.h:6892:14: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
retval = vsprintf(buffer, format, ap);
data/libbackuppc-xs-perl-0.62/ppport.h:6921:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, pat, args);
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:202:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# if !defined(vsnprintf) && !defined(NO_vsnprintf)
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:203:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:249:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Trace(x) {if (z_verbose>=0) fprintf x ;}
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:250:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracev(x) {if (z_verbose>0) fprintf x ;}
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:251:40: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracevv(x) {if (z_verbose>1) fprintf x ;}
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:252:48: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:253:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
data/libbackuppc-xs-perl-0.62/backuppc.h:107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targetDir[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/backuppc.h:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/backuppc.h:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/backuppc.h:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpFileName[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/backuppc.h:407:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shareName[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/backuppc.h:409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shareNameUM[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/backuppc.h:410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostName[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/backuppc.h:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostDir[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/backuppc.h:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backupTopDir[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/backuppc.h:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currentDir[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyCopy[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:132:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keyCopy, key, keyLen);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:150:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xattr->key.key, key, keyLen);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:170:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xattr->value, value, valueLen);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:186:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, xattrSrc->key.key, xattrSrc->key.keyLen);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, xattrSrc->value, xattrSrc->valueLen);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:244:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->list + info->idx, xattr->key.key, xattr->key.keyLen);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:306:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file->name, fileName, fileNameLen + 1);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:439:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:462:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:496:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->entries + info->entryIdx, file->name, len);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:644:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file->digest.digest, bufP, file->digest.len);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:694:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribPath[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:725:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:739:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribDirPath[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:775:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:802:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribPathTemp[BPC_MAXPATHLEN + 16];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:805:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(attribPathTemp, "_0");
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:824:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribPathNew[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:834:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dir->digest.digest, buf + 4, digestLen);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:850:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdNum = open(attribPathNew, O_WRONLY | O_CREAT | O_TRUNC, 0660)) < 0 ) {
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1027:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->bufP, xattr->key.key, xattr->key.keyLen);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1036:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->bufP, xattr->value, xattr->valueLen);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1058:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufP, file->name, fileNameLen);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1075:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufP, file->digest.digest, file->digest.len);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribPath[BPC_MAXPATHLEN], attribPathTemp[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1158:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdNum = open(attribPathTemp, O_WRONLY | O_CREAT | O_TRUNC, 0660)) < 0 ) {
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1192:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.bufP, digest.digest, digest.len);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1215:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dir->digest, &digest, sizeof(digest));
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribPath[BPC_MAXPATHLEN], attribPathTemp[BPC_MAXPATHLEN], *baseAttribFileName;
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1287:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdNum = open(attribPathTemp, O_WRONLY | O_CREAT | O_TRUNC, 0660)) < 0 ) {
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1335:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char deletePath[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1363:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dir->digest, &digest, sizeof(digest));
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullPath[2*BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:142:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(attribPath, "/attrib");
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[BPC_MAXPATHLEN], attribPath[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:221:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topDir[2*BPC_MAXPATHLEN], fullAttribPath[2*BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribPath[BPC_MAXPATHLEN], attribDir[BPC_MAXPATHLEN], attribFile[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:355:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inodeDir[2*BPC_MAXPATHLEN], fullAttribPath[2*BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:419:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inodeDir[2*BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[BPC_MAXPATHLEN], indexStr[256];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:509:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indexStr[256];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:541:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indexStr[256];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:562:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indexStr[256];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:575:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:582:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path + pathLen, "/x");
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:605:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->entries + info->entryIdx, file->name, len);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:607:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->entries + info->entryIdx, &file->inode, sizeof(ino_t));
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:617:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[BPC_MAXPATHLEN], fullPath[2*BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:630:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fullPath, "/x");
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:649:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.entries + info.entryIdx, &inode, sizeof(inode));
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:652:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info.entries + info.entryIdx, "..");
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:655:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.entries + info.entryIdx, &inode, sizeof(inode));
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:762:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribPath[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:767:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathDeep[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:768:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[BPC_MAXPATHLEN], dir[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filePath[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filePath[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:283:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fd = open(lockFile, O_CREAT | O_RDWR, 0660)) < 0 ) {
data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c:54:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd->fd = open(fileName, O_WRONLY | O_CREAT | O_TRUNC, 0660);
data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c:60:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd->fd = open(fileName, O_WRONLY | O_CREAT | O_TRUNC, 0660);
data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c:73:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd->fd = open(fileName, O_RDONLY);
data/libbackuppc-xs-perl-0.62/bpc_lib.c:22:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BPC_TopDir[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_lib.c:23:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BPC_PoolDir[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_lib.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BPC_CPoolDir[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_lib.c:25:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BPC_PoolDir3[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_lib.c:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BPC_CPoolDir3[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_lib.c:154:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest->digest, emptyFileMD5, sizeof(emptyFileMD5));
data/libbackuppc-xs-perl-0.62/bpc_lib.c:157:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path, "/dev/null");
data/libbackuppc-xs-perl-0.62/bpc_lib.c:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_lib.c:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lenStr[256];
data/libbackuppc-xs-perl-0.62/bpc_lib.c:197:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lenStr, "%llu", (long long unsigned int)bufferLen);
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:203:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->buffer + info->bufferIdx, data, dataLen);
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:214:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->buffer + info->bufferIdx, data, addTo1MB);
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:261:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr_v3[BPC_DIGEST_LEN_MAX * 2 + 1], hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:267:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:306:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr_v3[BPC_DIGEST_LEN_MAX * 2 + 1], hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:312:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:321:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char poolPath[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:525:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:541:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[BPC_MAXPATHLEN], *p;
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:676:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdWrite = open(poolPath, O_WRONLY | O_CREAT | O_EXCL, 0666)) < 0 ) {
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:681:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdRead = open(fileName, O_RDONLY)) < 0 ) {
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:716:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char poolPath[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:746:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockFile[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:862:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockFile[BPC_MAXPATHLEN], *p;
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:230:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->bufP, info->digest.digest, info->digest.len);
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:244:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out.fd = open(fileName, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:249:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[BPC_MAXPATHLEN], *p;
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:255:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out.fd = open(fileName, O_WRONLY | O_CREAT | O_TRUNC, 0666);
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:288:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fileName, O_RDONLY);
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:330:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest.digest, bufP, digest.len);
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:367:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fd = open(fileName, O_CREAT | O_WRONLY, 0660)) < 0 ) {
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFileName[BPC_MAXPATHLEN], finalFileName[BPC_MAXPATHLEN];
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:421:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fd = open(tempFileName, O_RDONLY, 0666)) >= 0 ) {
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:476:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1];
data/libbackuppc-xs-perl-0.62/byteorder.h:34:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define CVAL(buf,pos) (((unsigned char *)(buf))[pos])
data/libbackuppc-xs-perl-0.62/md5/md5.c:166:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + left, input, fill);
data/libbackuppc-xs-perl-0.62/md5/md5.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + left, input, length);
data/libbackuppc-xs-perl-0.62/md5/md5.c:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[33];
data/libbackuppc-xs-perl-0.62/md5/md5.c:268:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output + j * 2, "%02x", md5sum[j]);
data/libbackuppc-xs-perl-0.62/md5/md5.c:283:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(*++argv, "rb"))) {
data/libbackuppc-xs-perl-0.62/ppport.h:3842:42: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define CopyD(s,d,n,t) memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
data/libbackuppc-xs-perl-0.62/ppport.h:6745:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
&& (xdigit = strchr((char *) PL_hexdigit, s[1])))
data/libbackuppc-xs-perl-0.62/ppport.h:6967:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + used, src, copy);
data/libbackuppc-xs-perl-0.62/ppport.h:6996:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, copy);
data/libbackuppc-xs-perl-0.62/ppport.h:7088:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char octbuf[32] = "%123456789ABCDF";
data/libbackuppc-xs-perl-0.62/ppport.h:7158:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/libbackuppc-xs-perl-0.62/zlib/crc32.c:161:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen("crc32.h", "w");
data/libbackuppc-xs-perl-0.62/zlib/inflate.c:572:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hbuf[4]; /* buffer for gzip header crc calculation */
data/libbackuppc-xs-perl-0.62/zlib/inflate.c:1287:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4]; /* to restore bit buffer to byte string */
data/libbackuppc-xs-perl-0.62/zlib/trees.c:332:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *header = fopen("trees.h", "w");
data/libbackuppc-xs-perl-0.62/zlib/zutil.c:14:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * const z_errmsg[10] = {
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:56:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:114:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:176:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define F_OPEN(name, mode) fopen((name), (mode))
data/libbackuppc-xs-perl-0.62/zlib/zutil.h:233:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define zmemcpy memcpy
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:290:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return bpc_hashtable_find(&dir->filesHT, (uchar*)fileName, strlen(fileName), allocate_if_missing);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:298:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fileNameLen = strlen(fileName);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:386:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bpc_attrib_file *file = bpc_hashtable_find(&dir->filesHT, (uchar*)fileName, strlen(fileName), 0);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:488:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t len = strlen(file->name) + 1;
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:738:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int attribFileNameLen = strlen(attribFileName);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:749:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(attribDirPath, ".");
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:826:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t digestLen = nRead - 4, attribPathLen = strlen(attribPath);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1052:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fileNameLen = strlen(file->name);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1244:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
baseAttribFileNameLen = strlen(baseAttribFileName);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1255:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribPathLen = strlen(attribPath);
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1279:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bpc_logErrf("bpc_attrib_dirWrite: path too long (%d, %d, %d)\n", strlen(attribPath), digest.len, sizeof(attribPath));
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1300:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(attribPath + attribPathLen, "0");
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1320:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bpc_logErrf("bpc_attrib_dirWrite: oldDigest path too long (%d, %d, %d)\n", strlen(attribPath), oldDigest->len, sizeof(attribPath));
data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1328:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(attribPathTemp + attribPathLen, "0");
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:34:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ac->hostName, hostName, BPC_MAXPATHLEN);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:36:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ac->shareNameUM, shareNameUM, BPC_MAXPATHLEN);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:39:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ac->shareNameLen = strlen(ac->shareName);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:88:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = ac->currentDir + strlen(ac->currentDir) - 1;
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:124:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathLen = strlen(path);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:128:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fullPath, path, BPC_MAXPATHLEN);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:141:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dir, "/");
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:148:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir += strlen(dir);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:195:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribPathLen = strlen(attribPath);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:272:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( entry = entries ; entry < entries + entrySize ; entry += strlen(entry) + 1 ) {
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:387:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( entry = entries ; entry < entries + entrySize ; entry += strlen(entry) + 1 ) {
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:576:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pathLen = strlen(path);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:597:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t len = strlen(file->name) + 1;
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:619:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pathLen = strlen(path);
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:633:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(path, ".");
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:646:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(info.entries + info.entryIdx, ".");
data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:773:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info.pathLen = strlen(info.path);
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:41:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = path + strlen(path);
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:59:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = path + strlen(path);
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:114:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( dirListLen + strlen(dp->d_name) + 1 >= dirListSize ) {
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:115:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirListSize = dirListSize * 2 + strlen(dp->d_name);
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:122:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirListLen += strlen(dp->d_name) + 1;
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:153:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( dirListP = dirList ; dirListP < dirList + dirListLen ; dirListP += strlen(dirListP) + 1 ) {
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:198:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( dirListLen + strlen(dp->d_name) + 1 >= dirListSize ) {
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:199:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirListSize = dirListSize * 2 + strlen(dp->d_name);
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:206:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirListLen += strlen(dp->d_name) + 1;
data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:231:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( dirListP = dirList ; dirListP < dirList + dirListLen ; dirListP += strlen(dirListP) + 1 ) {
data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c:172:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
thisRead = read(fd->fd, buf, nRead);
data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c:196:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
thisRead = read(fd->fd, fd->strm.next_in + fd->strm.avail_in, maxRead);
data/libbackuppc-xs-perl-0.62/bpc_lib.c:160:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, compress ? BPC_CPoolDir : BPC_PoolDir, BPC_MAXPATHLEN - 32);
data/libbackuppc-xs-perl-0.62/bpc_lib.c:162:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = path + strlen(path);
data/libbackuppc-xs-perl-0.62/bpc_lib.c:198:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_update(&md5, (uchar*)lenStr, strlen(lenStr));
data/libbackuppc-xs-perl-0.62/bpc_lib.c:250:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:687:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (nRead = read(fdRead, info->buffer, sizeof(info->buffer))) > 0 ) {
data/libbackuppc-xs-perl-0.62/bpc_refCount.c:157:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
thisRead = read(fd, buf + *nRead, bufSize - *nRead);
data/libbackuppc-xs-perl-0.62/md5/md5.c:265:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
get_md5(md5sum, str, strlen(str));
data/libbackuppc-xs-perl-0.62/ppport.h:5335:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*));
data/libbackuppc-xs-perl-0.62/ppport.h:5343:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define sv_vcatpvf(sv, pat, args) sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*))
data/libbackuppc-xs-perl-0.62/ppport.h:5347:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define sv_vsetpvf(sv, pat, args) sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*))
data/libbackuppc-xs-perl-0.62/ppport.h:5367:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libbackuppc-xs-perl-0.62/ppport.h:5395:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libbackuppc-xs-perl-0.62/ppport.h:5416:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \
data/libbackuppc-xs-perl-0.62/ppport.h:5438:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libbackuppc-xs-perl-0.62/ppport.h:5466:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libbackuppc-xs-perl-0.62/ppport.h:5487:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \
data/libbackuppc-xs-perl-0.62/ppport.h:5541:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define HvNAMELEN_get(hv) (HvNAME_get(hv) ? (I32)strlen(HvNAME_get(hv)) : 0)
data/libbackuppc-xs-perl-0.62/ppport.h:6339:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
STRLEN len = strlen(radix);
data/libbackuppc-xs-perl-0.62/ppport.h:6923:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buffer);
data/libbackuppc-xs-perl-0.62/ppport.h:6963:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used = strlen(dst);
data/libbackuppc-xs-perl-0.62/ppport.h:6964:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(src);
data/libbackuppc-xs-perl-0.62/ppport.h:6993:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(src);
ANALYSIS SUMMARY:
Hits = 231
Lines analyzed = 22888 in approximately 0.83 seconds (27452 lines/second)
Physical Source Lines of Code (SLOC) = 13290
Hits@level = [0] 91 [1] 65 [2] 133 [3] 0 [4] 30 [5] 3
Hits@level+ = [0+] 322 [1+] 231 [2+] 166 [3+] 33 [4+] 33 [5+] 3
Hits/KSLOC@level+ = [0+] 24.2287 [1+] 17.3815 [2+] 12.4906 [3+] 2.48307 [4+] 2.48307 [5+] 0.225734
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.