Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libircclient-1.9/include/libirc_options.h
Examining data/libircclient-1.9/include/libirc_errors.h
Examining data/libircclient-1.9/include/libircclient.h
Examining data/libircclient-1.9/include/libirc_events.h
Examining data/libircclient-1.9/include/libirc_rfcnumeric.h
Examining data/libircclient-1.9/examples/ircftp.cpp
Examining data/libircclient-1.9/examples/colors.cpp
Examining data/libircclient-1.9/examples/censor.cpp
Examining data/libircclient-1.9/examples/spammer.c
Examining data/libircclient-1.9/examples/irctest.c
Examining data/libircclient-1.9/cocoa/Classes/DDInvocationGrabber.h
Examining data/libircclient-1.9/cocoa/Classes/NSObject+DDExtensions.h
Examining data/libircclient-1.9/cocoa/Classes/IRCClientChannelDelegate.h
Examining data/libircclient-1.9/cocoa/Classes/IRCClientSession.h
Examining data/libircclient-1.9/cocoa/Classes/IRCClientSessionDelegate.h
Examining data/libircclient-1.9/cocoa/Classes/IRCClientChannel.h
Examining data/libircclient-1.9/src/dcc.h
Examining data/libircclient-1.9/src/ssl.c
Examining data/libircclient-1.9/src/errors.c
Examining data/libircclient-1.9/src/colors.c
Examining data/libircclient-1.9/src/dcc.c
Examining data/libircclient-1.9/src/portable.c
Examining data/libircclient-1.9/src/session.h
Examining data/libircclient-1.9/src/utils.c
Examining data/libircclient-1.9/src/params.h
Examining data/libircclient-1.9/src/sockets.c
Examining data/libircclient-1.9/src/libircclient.c
FINAL RESULTS:
data/libircclient-1.9/examples/censor.cpp:112:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s, please do not swear in this channel.", nickbuf);
data/libircclient-1.9/examples/censor.cpp:118:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "%s, do not swear in this channel, or you'll leave it.", nickbuf);
data/libircclient-1.9/examples/censor.cpp:124:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (text, "kicked %s from %s for swearing.", nickbuf, params[0]);
data/libircclient-1.9/examples/irctest.c:57:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf, sizeof(buf), fmt, va_alist);
data/libircclient-1.9/examples/irctest.c:83:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, params[cnt]);
data/libircclient-1.9/examples/spammer.c:120:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (textbuf, "Hey, %s, hi!", origin);
data/libircclient-1.9/src/colors.c:53:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (*destline, str);
data/libircclient-1.9/src/colors.c:86:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (startbuf, "[COLOR=%s/%s]", color_replacement_table[colorid], color_replacement_table[bgcolorid]);
data/libircclient-1.9/src/colors.c:88:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (startbuf, "[COLOR=%s]", color_replacement_table[colorid]);
data/libircclient-1.9/src/dcc.c:660:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (notbuf, "DCC Chat (%s)", inet_ntoa (saddr.sin_addr));
data/libircclient-1.9/src/dcc.c:701:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dcc->outgoing_buf + dcc->outgoing_offset, text);
data/libircclient-1.9/src/dcc.c:740:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if ( sscanf (req, "DCC SEND %s %lu %hu %lu", filenamebuf, &ip, &port, &size) == 4 )
data/libircclient-1.9/src/dcc.c:883:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (notbuf, "DCC Send %s (%s)", p, inet_ntoa (saddr.sin_addr));
data/libircclient-1.9/src/dcc.c:884:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmdbuf, "DCC SEND %s %lu %u %ld", p, (unsigned long) ntohl (saddr.sin_addr.s_addr), ntohs (saddr.sin_port), filesize);
data/libircclient-1.9/src/libircclient.c:981:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf, sizeof(buf), format, va_alist);
data/libircclient-1.9/src/libircclient.c:993:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (session->outgoing_buf + session->outgoing_offset, buf);
data/libircclient-1.9/src/portable.c:57:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libircclient-1.9/src/portable.c:57:21: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libircclient-1.9/src/portable.c:58:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/libircclient-1.9/src/utils.c:111:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (textbuf, "FINGER %s (%s) Idle 0 seconds",
data/libircclient-1.9/src/portable.c:74:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection (mutex);
data/libircclient-1.9/src/portable.c:103:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection (mutex);
data/libircclient-1.9/src/ssl.c:30:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection( &mutex_buf[n] );
data/libircclient-1.9/src/ssl.c:52:3: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection( &(mutex_buf[i]) );
data/libircclient-1.9/examples/censor.cpp:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nickbuf[128];
data/libircclient-1.9/examples/censor.cpp:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nickbuf[128], text[256];
data/libircclient-1.9/examples/irctest.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libircclient-1.9/examples/irctest.c:63:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen ("irctest.log", "ab")) != 0 )
data/libircclient-1.9/examples/irctest.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libircclient-1.9/examples/irctest.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/libircclient-1.9/examples/irctest.c:138:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "DCC [%d]: %d", id, count++);
data/libircclient-1.9/examples/irctest.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nickbuf[128];
data/libircclient-1.9/examples/irctest.c:250:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen ("file", "wb")) == 0 )
data/libircclient-1.9/examples/irctest.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/libircclient-1.9/examples/irctest.c:259:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", event);
data/libircclient-1.9/examples/spammer.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textbuf[168];
data/libircclient-1.9/src/colors.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startbuf[64];
data/libircclient-1.9/src/colors.c:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagbuf[32];
data/libircclient-1.9/src/colors.c:288:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tagbuf, p1 + 1, taglen);
data/libircclient-1.9/src/colors.c:310:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tagbuf, "\x03%02d", color);
data/libircclient-1.9/src/colors.c:315:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tagbuf, "\x03%02d,%02d", color, bgcolor);
data/libircclient-1.9/src/colors.c:334:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (d, cur, partlen);
data/libircclient-1.9/src/colors.c:358:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (d, cur, partlen);
data/libircclient-1.9/src/dcc.c:548:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&saddr6.sin6_addr, &session->local_addr6, sizeof(session->local_addr6));
data/libircclient-1.9/src/dcc.c:560:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&saddr.sin_addr, &session->local_addr, sizeof(session->local_addr));
data/libircclient-1.9/src/dcc.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[128], notbuf[128];
data/libircclient-1.9/src/dcc.c:661:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cmdbuf, "DCC CHAT chat %lu %u", (unsigned long) ntohl (saddr.sin_addr.s_addr), ntohs (saddr.sin_port));
data/libircclient-1.9/src/dcc.c:715:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filenamebuf[256];
data/libircclient-1.9/src/dcc.c:828:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[128], notbuf[128];
data/libircclient-1.9/src/dcc.c:852:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (dcc->dccsend_file_fp = fopen (filename, "rb")) == 0 )
data/libircclient-1.9/src/dcc.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char incoming_buf[LIBIRC_DCC_BUFFER_SIZE];
data/libircclient-1.9/src/dcc.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outgoing_buf[LIBIRC_DCC_BUFFER_SIZE];
data/libircclient-1.9/src/errors.c:15:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * libirc_strerror[LIBIRC_ERR_MAX] =
data/libircclient-1.9/src/libircclient.c:82:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&session->callbacks, callbacks, sizeof(irc_callbacks_t));
data/libircclient-1.9/src/libircclient.c:208:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi( p );
data/libircclient-1.9/src/libircclient.c:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/libircclient-1.9/src/libircclient.c:236:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&saddr.sin_addr, hp->h_addr, (size_t) hp->h_length);
data/libircclient-1.9/src/libircclient.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portStr[32], *p;
data/libircclient-1.9/src/libircclient.c:339:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi( p );
data/libircclient-1.9/src/libircclient.c:346:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( portStr, "%u", (unsigned)port );
data/libircclient-1.9/src/libircclient.c:370:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &saddr, res->ai_addr, res->ai_addrlen );
data/libircclient-1.9/src/libircclient.c:396:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &saddr, res->ai_addr, res->ai_addrlen );
data/libircclient-1.9/src/libircclient.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2*512], *p, *s;
data/libircclient-1.9/src/libircclient.c:535:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, session->incoming_buf, process_length);
data/libircclient-1.9/src/libircclient.c:584:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi (p);
data/libircclient-1.9/src/libircclient.c:651:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nickbuf[256];
data/libircclient-1.9/src/libircclient.c:717:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctcp_buf[128];
data/libircclient-1.9/src/libircclient.c:723:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ctcp_buf, params[1] + 1, msglen);
data/libircclient-1.9/src/libircclient.c:767:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctcp_buf[512];
data/libircclient-1.9/src/libircclient.c:773:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ctcp_buf, params[1] + 1, msglen);
data/libircclient-1.9/src/libircclient.c:817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], hname[256];
data/libircclient-1.9/src/libircclient.c:853:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&session->local_addr, &((struct sockaddr_in *)&laddr)->sin_addr, sizeof(struct in_addr));
data/libircclient-1.9/src/libircclient.c:855:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&session->local_addr6, &((struct sockaddr_in6 *)&laddr)->sin6_addr, sizeof(struct in6_addr));
data/libircclient-1.9/src/libircclient.c:866:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (hname, "unknown");
data/libircclient-1.9/src/libircclient.c:971:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libircclient-1.9/src/libircclient.c:1134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (nick, target, len);
data/libircclient-1.9/src/libircclient.c:1152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (host, p, len);
data/libircclient-1.9/src/session.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char incoming_buf[LIBIRC_BUFFER_SIZE];
data/libircclient-1.9/src/session.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outgoing_buf[LIBIRC_BUFFER_SIZE];
data/libircclient-1.9/src/utils.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nickbuf[128], textbuf[256];
data/libircclient-1.9/examples/irctest.c:81:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "|");
data/libircclient-1.9/src/colors.c:49:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen(str);
data/libircclient-1.9/src/colors.c:352:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = cur + strlen(cur);
data/libircclient-1.9/src/dcc.c:386:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*dcc->cb)(ircsession, dcc->id, err, dcc->ctx, dcc->incoming_buf, strlen(dcc->incoming_buf));
data/libircclient-1.9/src/dcc.c:692:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(text) + 2) >= (sizeof(dcc->outgoing_buf) - dcc->outgoing_offset) )
data/libircclient-1.9/src/dcc.c:702:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dcc->outgoing_offset += strlen (text);
data/libircclient-1.9/src/libircclient.c:655:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strncmp (nickbuf, session->nick, strlen(session->nick)) && paramindex > 0 )
data/libircclient-1.9/src/libircclient.c:681:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( paramindex > 0 && !strncmp (params[0], session->nick, strlen(session->nick)) )
data/libircclient-1.9/src/libircclient.c:709:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msglen = strlen (params[1]);
data/libircclient-1.9/src/libircclient.c:745:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( !strncasecmp (params[0], session->nick, strlen(session->nick) ) )
data/libircclient-1.9/src/libircclient.c:759:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msglen = strlen (params[1]);
data/libircclient-1.9/src/libircclient.c:782:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( !strncasecmp (params[0], session->nick, strlen(session->nick) ) )
data/libircclient-1.9/src/libircclient.c:986:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(buf) + 2) >= (sizeof(session->outgoing_buf) - session->outgoing_offset) )
data/libircclient-1.9/src/libircclient.c:994:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
session->outgoing_offset += strlen (buf);
data/libircclient-1.9/src/libircclient.c:1129:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (target);
data/libircclient-1.9/src/libircclient.c:1147:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (p);
ANALYSIS SUMMARY:
Hits = 96
Lines analyzed = 9015 in approximately 0.35 seconds (25534 lines/second)
Physical Source Lines of Code (SLOC) = 3615
Hits@level = [0] 61 [1] 16 [2] 56 [3] 4 [4] 20 [5] 0
Hits@level+ = [0+] 157 [1+] 96 [2+] 80 [3+] 24 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 43.4302 [1+] 26.556 [2+] 22.13 [3+] 6.639 [4+] 5.5325 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.