Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libinfinity-0.7.1/infinoted/infinoted-startup.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-dh-params.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-config-reload.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-signal.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-directory-sync.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-note-text.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-note-chat.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-logging.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-traffic-logging.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-linekeeper.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-document-stream.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-dbus.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-certificate-auth.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-record.c
Examining data/libinfinity-0.7.1/infinoted/plugins/util/infinoted-plugin-util-navigate-browser.h
Examining data/libinfinity-0.7.1/infinoted/plugins/util/infinoted-plugin-util-navigate-browser.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-transformation-protection.c
Examining data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-autosave.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-config-reload.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-parameter.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-run.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-plugin-manager.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-signal.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-pam.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-log.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-options.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-main.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-run.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-parameter.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-pam.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-util.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-options.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-util.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-log.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-dh-params.h
Examining data/libinfinity-0.7.1/infinoted/infinoted-plugin-manager.c
Examining data/libinfinity-0.7.1/infinoted/infinoted-startup.h
Examining data/libinfinity-0.7.1/test/inf-test-traffic-replay.c
Examining data/libinfinity-0.7.1/test/inf-test-state-vector.c
Examining data/libinfinity-0.7.1/test/inf-test-reduce-replay.c
Examining data/libinfinity-0.7.1/test/inf-test-daemon.c
Examining data/libinfinity-0.7.1/test/inf-test-tcp-server.c
Examining data/libinfinity-0.7.1/test/inf-test-text-fixline.c
Examining data/libinfinity-0.7.1/test/inf-test-text-replay.c
Examining data/libinfinity-0.7.1/test/inf-test-certificate-validate.c
Examining data/libinfinity-0.7.1/test/inf-test-chunk.c
Examining data/libinfinity-0.7.1/test/inf-test-xmpp-connection.c
Examining data/libinfinity-0.7.1/test/inf-test-mass-join.c
Examining data/libinfinity-0.7.1/test/inf-test-text-quick-write.c
Examining data/libinfinity-0.7.1/test/inf-test-certificate-request.c
Examining data/libinfinity-0.7.1/test/inf-test-browser.c
Examining data/libinfinity-0.7.1/test/inf-test-xmpp-server.c
Examining data/libinfinity-0.7.1/test/util/inf-test-util.h
Examining data/libinfinity-0.7.1/test/util/inf-test-util.c
Examining data/libinfinity-0.7.1/test/inf-test-chat.c
Examining data/libinfinity-0.7.1/test/inf-test-gtk-browser.c
Examining data/libinfinity-0.7.1/test/inf-test-tcp-connection.c
Examining data/libinfinity-0.7.1/test/inf-test-text-cleanup.c
Examining data/libinfinity-0.7.1/test/inf-test-set-acl.c
Examining data/libinfinity-0.7.1/test/inf-test-text-session.c
Examining data/libinfinity-0.7.1/test/inf-test-text-recover.c
Examining data/libinfinity-0.7.1/test/inf-test-text-operations.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-insert-operation.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-delete-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-fixline-buffer.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-operations.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-user.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-buffer.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-move-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-insert-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-remote-delete-operation.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-filesystem-format.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-filesystem-format.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-buffer.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-undo-grouping.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-fixline-buffer.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-delete-operation.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-chunk.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-user.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-session.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-undo-grouping.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-delete-operation.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-chunk.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-buffer.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-buffer.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-session.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-remote-delete-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-delete-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-insert-operation.h
Examining data/libinfinity-0.7.1/libinftext/inf-text-move-operation.c
Examining data/libinfinity-0.7.1/libinftext/inf-text-default-insert-operation.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-acl-sheet-view.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model-sort.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-manager.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-permissions-dialog.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-account-creation-dialog.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-chat.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-view.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-store.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-connection-view.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-account-creation-dialog.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model-filter.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model-filter.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-dialog.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-io.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-store.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-view.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-view.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-chat.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-acl-sheet-view.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-dialog.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-connection-view.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-permissions-dialog.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-io.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-manager.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-certificate-view.h
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.c
Examining data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-model-sort.h
Examining data/libinfinity-0.7.1/libinfinity/inf-i18n.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-request-log.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-no-operation.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-undo-grouping.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-state-vector.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session-record.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session-replay.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-user.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-split-operation.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-no-operation.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-operation.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session-record.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-algorithm.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-undo-grouping.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-split-operation.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session-replay.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-state-vector.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-request.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-operation.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-request-log.h
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-user.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-request.c
Examining data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-algorithm.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-request.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-session-proxy.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-error.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-buffer.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-protocol.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-init.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-browser.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-sasl-context.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-verify.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-manager.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-keepalive.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-chat-buffer.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-native-socket.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-buffer.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-acl.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-chat-session.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-keepalive.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-user.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-user.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xml-connection.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-acl.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-protocol.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-error.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection-private.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xml-connection.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-request-result.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-local-publisher.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-async-operation.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-browser.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-file-util.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-native-socket.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-request-result.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-chain.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-discovery.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-discovery-avahi.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-session.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-chain.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-sasl-context.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-verify.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-file-util.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-credentials.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-manager.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-ip-address.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-simulated-connection.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-chat-session.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-local-publisher.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-browser-iter.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-request.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-discovery.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-ip-address.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-async-operation.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-certificate-credentials.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-io.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-io.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-session-proxy.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-init.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-session.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-chat-buffer.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-discovery-avahi.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-browser-iter.c
Examining data/libinfinity-0.7.1/libinfinity/common/inf-simulated-connection.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-user-table.h
Examining data/libinfinity-0.7.1/libinfinity/common/inf-user-table.c
Examining data/libinfinity-0.7.1/libinfinity/inf-config.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-chat-filesystem-format.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-storage.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-storage.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-xmpp-server.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-chat-filesystem-format.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-request.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-xml-server.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-note-plugin.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-session-proxy.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-progress-request.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-server-pool.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-tcp-server.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-account-storage.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-storage.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-xmpp-server.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-directory.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-account-storage.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-directory.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-xml-server.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-tcp-server.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-storage.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-request.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-session-proxy.c
Examining data/libinfinity-0.7.1/libinfinity/server/infd-progress-request.h
Examining data/libinfinity-0.7.1/libinfinity/server/infd-server-pool.c
Examining data/libinfinity-0.7.1/libinfinity/inf-define-enum.h
Examining data/libinfinity-0.7.1/libinfinity/inf-signals.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-request.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-note-plugin.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-request-manager.c
Examining data/libinfinity-0.7.1/libinfinity/client/infc-request.c
Examining data/libinfinity-0.7.1/libinfinity/client/infc-progress-request.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-progress-request.c
Examining data/libinfinity-0.7.1/libinfinity/client/infc-session-proxy.c
Examining data/libinfinity-0.7.1/libinfinity/client/infc-browser.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-request-manager.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-session-proxy.h
Examining data/libinfinity-0.7.1/libinfinity/client/infc-browser.c
Examining data/libinfinity-0.7.1/libinfinity/inf-i18n.c
Examining data/libinfinity-0.7.1/libinfinity/inf-dll.c
Examining data/libinfinity-0.7.1/libinfinity/inf-signals.c
Examining data/libinfinity-0.7.1/libinfinity/inf-dll.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-central-factory.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-object.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-central-factory.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-central-method.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-hosted-group.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-joined-group.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-group.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-method.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-manager.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-factory.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-hosted-group.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-group-private.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-central-method.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-joined-group.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-factory.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-manager.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-object.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-group.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-method.c
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-registry.h
Examining data/libinfinity-0.7.1/libinfinity/communication/inf-communication-registry.c
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-buffer.c
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-viewport.h
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-hue-chooser.h
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-hue-chooser.c
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-viewport.c
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-view.c
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-view.h
Examining data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-buffer.h
FINAL RESULTS:
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-traffic-logging.c:69:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(info->file, fmt, arglist);
data/libinfinity-0.7.1/infinoted/infinoted-dh-params.c:67:22: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_build_filename(g_get_home_dir(), ".infinoted", "dh.pem", NULL);
data/libinfinity-0.7.1/infinoted/infinoted-options.c:977:22: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_build_filename(g_get_home_dir(), ".infinote", NULL);
data/libinfinity-0.7.1/infinoted/infinoted-util.c:62:18: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir());
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-record.c:55:31: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
basename = g_build_filename(g_get_home_dir(), ".infinoted-records", title, NULL);
data/libinfinity-0.7.1/libinfgtk/inf-gtk-browser-store.c:1082:17: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
priv->stamp = g_random_int();
data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.c:373:9: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
i = g_random_int_range(0, n_low_prio_srvs);
data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.c:377:12: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rand = g_random_int_range(0, total_weight);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:1183:53: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
id_str = g_strdup_printf("fs:user:%s:%x", name, g_random_int());
data/libinfinity-0.7.1/libinftext/inf-text-session.c:1179:43: [3] (random) g_random_double:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_value_set_double(¶meter->value, g_random_double());
data/libinfinity-0.7.1/test/inf-test-certificate-validate.c:424:34: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
target_file = g_build_filename(g_get_tmp_dir(), "pinned-test", NULL);
data/libinfinity-0.7.1/test/inf-test-daemon.c:76:39: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
root_directory = g_build_filename(g_get_home_dir(), ".infinote", NULL);
data/libinfinity-0.7.1/test/inf-test-text-quick-write.c:105:12: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
action = g_random_int_range(0, 100000);
data/libinfinity-0.7.1/test/inf-test-text-quick-write.c:163:10: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
secs = g_random_int_range(10, 50);
data/libinfinity-0.7.1/test/inf-test-text-session.c:213:44: [3] (random) g_rand_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dist_item = g_slist_nth(permutation, g_rand_int(rand) % (dist + 1));
data/libinfinity-0.7.1/test/inf-test-text-session.c:214:14: [3] (random) g_rand_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rval = g_rand_int(rand) % (dist + 1);
data/libinfinity-0.7.1/infinoted/infinoted-log.c:135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_msg[128];
data/libinfinity-0.7.1/infinoted/infinoted-log.c:410:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
priv->log_file = fopen(path, "a");
data/libinfinity-0.7.1/infinoted/infinoted-pam.c:48:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_str, str, size);
data/libinfinity-0.7.1/infinoted/infinoted-pam.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[128];
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-document-stream.c:148:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(queue->data + queue->pos + queue->len, data, len);
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-document-stream.c:1416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.sun_path[1], ADDRESS_NAME, sizeof(ADDRESS_NAME) - 1);
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-traffic-logging.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_msg[128];
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-traffic-logging.c:223:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
info->file = fopen(info->filename, "a");
data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-session-record.c:572:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
priv->file = fopen(filename, "w");
data/libinfinity-0.7.1/libinfinity/adopted/inf-adopted-state-vector.c:207:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_vec->data, vec->data,
data/libinfinity-0.7.1/libinfinity/client/infc-browser.c:1614:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(seq_buffer, "%u", seq);
data/libinfinity-0.7.1/libinfinity/client/infc-session-proxy.c:351:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(seq_buffer, "%u", seq);
data/libinfinity-0.7.1/libinfinity/common/inf-acl.c:891:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-acl.c:925:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[5];
data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.c:1306:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cert_id[20];
data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.c:1308:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key_id[20];
data/libinfinity-0.7.1/libinfinity/common/inf-chat-session.c:1209:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_file = fopen(log_file, "a");
data/libinfinity-0.7.1/libinfinity/common/inf-chat-session.c:1253:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(priv->log_filename, log_file, len);
data/libinfinity-0.7.1/libinfinity/common/inf-discovery-avahi.c:1457:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[IF_NAMESIZE];
data/libinfinity-0.7.1/libinfinity/common/inf-file-util.c:260:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dir_fd = open(path, O_NOFOLLOW | O_RDONLY);
data/libinfinity-0.7.1/libinfinity/common/inf-file-util.c:262:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dir_fd = open(path, O_RDONLY);
data/libinfinity-0.7.1/libinfinity/common/inf-ip-address.c:129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr->shared.addr6.s6_addr, address, 16);
data/libinfinity-0.7.1/libinfinity/common/inf-ip-address.c:204:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr->shared.addr6.s6_addr, shared.addr6.sin6_addr.s6_addr, 16);
data/libinfinity-0.7.1/libinfinity/common/inf-ip-address.c:344:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shared.addr6.sin6_addr.s6_addr, address->shared.addr6.s6_addr, 16);
data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.c:460:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ansbuf[4096];
data/libinfinity-0.7.1/libinfinity/common/inf-name-resolver.c:461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[256];
data/libinfinity-0.7.1/libinfinity/common/inf-session.c:1046:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id_buf, "%u", g_value_get_uint(¶ms[i].value));
data/libinfinity-0.7.1/libinfinity/common/inf-session.c:1754:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num_messages_buf, "%u", sync->messages_total - 2);
data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.c:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.c:923:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.c:929:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.c:423:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.c:438:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.c:1066:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[IF_NAMESIZE];
data/libinfinity-0.7.1/libinfinity/common/inf-tcp-connection.c:1687:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(priv->queue + priv->front_pos, data, len);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-connection.c:251:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_return_val_if_fail(iface->open != NULL, FALSE);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-connection.c:253:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return iface->open(connection, error);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-connection.h:82:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gboolean (*open)(InfXmlConnection* connection,
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:800:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(gint) * 3 + 1];
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:801:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", value);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:820:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(glong) * 3 + 1];
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:821:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%ld", value);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:840:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(guint) * 3 + 1];
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:841:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%u", value);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:860:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(gulong) * 3 + 1];
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:861:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%lu", value);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:880:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[G_ASCII_DTOSTR_BUF_SIZE];
data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c:1152:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, priv->pull_data, pull_len);
data/libinfinity-0.7.1/libinfinity/server/infd-directory.c:3472:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id_buf, "%u", node->id);
data/libinfinity-0.7.1/libinfinity/server/infd-directory.c:4379:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path + len + sep_len, storage_node->name, node_len + 1);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:446:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salted_password, salt, 16);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:447:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salted_password + 16, password, password_len);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:448:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(salted_password + 16 + password_len, salt + 16, 16);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-storage.c:208:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_NOFOLLOW | open_mode, 0644);
data/libinfinity-0.7.1/libinfinity/server/infd-tcp-server.c:594:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinfinity/server/infd-tcp-server.c:608:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:676:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(segment->text + offset_index, text, bytes);
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:807:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:829:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_merge->text, last->text, last->length);
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:867:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_segment->text, last->text, last->length);
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:869:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:883:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:916:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:1054:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libinfinity-0.7.1/libinftext/inf-text-chunk.c:1218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + cur, segment->text, segment->length);
data/libinfinity-0.7.1/test/inf-test-browser.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/libinfinity-0.7.1/test/inf-test-chat.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/libinfinity-0.7.1/test/inf-test-text-recover.c:146:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argc > 2) counter = atoi(argv[2]);
data/libinfinity-0.7.1/test/inf-test-text-session.c:409:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rseed = atoi(argv[1]);
data/libinfinity-0.7.1/test/inf-test-traffic-replay.c:824:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
conn->file = fopen(replay->filename, "r");
data/libinfinity-0.7.1/test/inf-test-traffic-replay.c:1045:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(argv[i], "r");
data/libinfinity-0.7.1/infinoted/infinoted-main.c:65:18: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
prev_umask = umask(0777);
data/libinfinity-0.7.1/infinoted/infinoted-main.c:141:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(prev_umask);
data/libinfinity-0.7.1/infinoted/infinoted-options.c:240:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
options->password_len = strlen(options->password);
data/libinfinity-0.7.1/infinoted/infinoted-pam.c:46:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(str) + 1;
data/libinfinity-0.7.1/infinoted/infinoted-startup.c:376:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
password_len = strlen(password);
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-document-stream.c:210:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errlen = strlen(message);
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-document-stream.c:291:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(inf_user_get_name(ms->user));
data/libinfinity-0.7.1/infinoted/plugins/infinoted-plugin-record.c:56:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen(basename) + 8;
data/libinfinity-0.7.1/libinfgtk/inf-gtk-account-creation-dialog.c:119:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name)
data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.c:5438:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.c:5446:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.c:5458:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/libinfinity-0.7.1/libinfgtk/inf-gtk-resources.c:5465:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/libinfinity-0.7.1/libinfinity/client/infc-browser.c:4427:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cert_text.size = strlen(cert_text.data);
data/libinfinity-0.7.1/libinfinity/common/inf-cert-util.c:133:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(desc->dn_common_name)
data/libinfinity-0.7.1/libinfinity/common/inf-chat-session.c:1250:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(log_file);
data/libinfinity-0.7.1/libinfinity/common/inf-standalone-io.c:380:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(priv->events[0].fd, &buf, 1);
data/libinfinity-0.7.1/libinfinity/common/inf-xml-util.c:918:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inf_xml_util_add_child_text(xml, error->message, strlen(error->message));
data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c:1478:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(len = strlen(mechanism); mechlist != NULL; mechlist = strchr(res, ' '))
data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c:1950:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inf_xmpp_connection_send_chars(xmpp, reply, strlen(reply));
data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c:2036:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(end == NULL) end = begin + strlen(begin);
data/libinfinity-0.7.1/libinfinity/common/inf-xmpp-connection.c:3082:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inf_xmpp_connection_send_chars(xmpp, request, strlen(request));
data/libinfinity-0.7.1/libinfinity/server/infd-directory.c:4365:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node_len = strlen(storage_node->name);
data/libinfinity-0.7.1/libinfinity/server/infd-directory.c:6410:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crq_text.size = strlen(crq_text.data);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:203:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datum.size = strlen(password_salt);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:234:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datum.size = strlen(password_hash);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:443:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
password_len = strlen(password);
data/libinfinity-0.7.1/libinfinity/server/infd-filesystem-account-storage.c:1101:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > 48)
data/libinfinity-0.7.1/libinftextgtk/inf-text-gtk-buffer.c:1575:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(text), /* I hate strlen. GTK+ should tell us how many bytes. */
data/libinfinity-0.7.1/test/inf-test-browser.c:244:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(buffer) != sizeof(buffer) ||
data/libinfinity-0.7.1/test/inf-test-browser.c:247:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-1] = '\0';
data/libinfinity-0.7.1/test/inf-test-certificate-request.c:165:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Armin Burgmeier")
data/libinfinity-0.7.1/test/inf-test-chat.c:69:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(strlen(buffer) != sizeof(buffer) ||
data/libinfinity-0.7.1/test/inf-test-chat.c:72:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-1] = '\0';
data/libinfinity-0.7.1/test/inf-test-chat.c:80:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buffer),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:74:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(check_text) != len || strncmp(check_text, text, len) != 0)
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:117:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(initial_buffer_content),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:118:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(initial_buffer_content),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:155:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(text),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:156:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(text),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:166:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(text),
data/libinfinity-0.7.1/test/inf-test-text-fixline.c:167:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(text),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:109:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(def->text),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:110:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(def->text),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:192:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:193:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:202:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:203:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:268:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:269:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:279:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:280:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:369:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:370:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:379:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:380:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:544:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
data/libinfinity-0.7.1/test/inf-test-text-operations.c:545:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(EXAMPLE_DOCUMENT),
ANALYSIS SUMMARY:
Hits = 146
Lines analyzed = 155139 in approximately 3.60 seconds (43041 lines/second)
Physical Source Lines of Code (SLOC) = 107616
Hits@level = [0] 268 [1] 58 [2] 72 [3] 15 [4] 1 [5] 0
Hits@level+ = [0+] 414 [1+] 146 [2+] 88 [3+] 16 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 3.84701 [1+] 1.35668 [2+] 0.817722 [3+] 0.148677 [4+] 0.0092923 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.