Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsepol-3.1/cil/include/cil/cil.h
Examining data/libsepol-3.1/cil/src/cil.c
Examining data/libsepol-3.1/cil/src/cil_binary.c
Examining data/libsepol-3.1/cil/src/cil_binary.h
Examining data/libsepol-3.1/cil/src/cil_build_ast.c
Examining data/libsepol-3.1/cil/src/cil_build_ast.h
Examining data/libsepol-3.1/cil/src/cil_copy_ast.c
Examining data/libsepol-3.1/cil/src/cil_copy_ast.h
Examining data/libsepol-3.1/cil/src/cil_find.c
Examining data/libsepol-3.1/cil/src/cil_find.h
Examining data/libsepol-3.1/cil/src/cil_flavor.h
Examining data/libsepol-3.1/cil/src/cil_fqn.c
Examining data/libsepol-3.1/cil/src/cil_fqn.h
Examining data/libsepol-3.1/cil/src/cil_internal.h
Examining data/libsepol-3.1/cil/src/cil_lexer.h
Examining data/libsepol-3.1/cil/src/cil_list.c
Examining data/libsepol-3.1/cil/src/cil_list.h
Examining data/libsepol-3.1/cil/src/cil_log.c
Examining data/libsepol-3.1/cil/src/cil_log.h
Examining data/libsepol-3.1/cil/src/cil_mem.c
Examining data/libsepol-3.1/cil/src/cil_mem.h
Examining data/libsepol-3.1/cil/src/cil_parser.c
Examining data/libsepol-3.1/cil/src/cil_parser.h
Examining data/libsepol-3.1/cil/src/cil_policy.c
Examining data/libsepol-3.1/cil/src/cil_policy.h
Examining data/libsepol-3.1/cil/src/cil_post.c
Examining data/libsepol-3.1/cil/src/cil_post.h
Examining data/libsepol-3.1/cil/src/cil_reset_ast.c
Examining data/libsepol-3.1/cil/src/cil_reset_ast.h
Examining data/libsepol-3.1/cil/src/cil_resolve_ast.c
Examining data/libsepol-3.1/cil/src/cil_resolve_ast.h
Examining data/libsepol-3.1/cil/src/cil_stack.c
Examining data/libsepol-3.1/cil/src/cil_stack.h
Examining data/libsepol-3.1/cil/src/cil_strpool.c
Examining data/libsepol-3.1/cil/src/cil_strpool.h
Examining data/libsepol-3.1/cil/src/cil_symtab.c
Examining data/libsepol-3.1/cil/src/cil_symtab.h
Examining data/libsepol-3.1/cil/src/cil_tree.c
Examining data/libsepol-3.1/cil/src/cil_tree.h
Examining data/libsepol-3.1/cil/src/cil_verify.c
Examining data/libsepol-3.1/cil/src/cil_verify.h
Examining data/libsepol-3.1/cil/test/unit/AllTests.c
Examining data/libsepol-3.1/cil/test/unit/CilTest.c
Examining data/libsepol-3.1/cil/test/unit/CilTest.h
Examining data/libsepol-3.1/cil/test/unit/CuTest.c
Examining data/libsepol-3.1/cil/test/unit/CuTest.h
Examining data/libsepol-3.1/cil/test/unit/test_cil.c
Examining data/libsepol-3.1/cil/test/unit/test_cil.h
Examining data/libsepol-3.1/cil/test/unit/test_cil_build_ast.c
Examining data/libsepol-3.1/cil/test/unit/test_cil_build_ast.h
Examining data/libsepol-3.1/cil/test/unit/test_cil_copy_ast.c
Examining data/libsepol-3.1/cil/test/unit/test_cil_copy_ast.h
Examining data/libsepol-3.1/cil/test/unit/test_cil_fqn.c
Examining data/libsepol-3.1/cil/test/unit/test_cil_fqn.h
Examining data/libsepol-3.1/cil/test/unit/test_cil_lexer.c
Examining data/libsepol-3.1/cil/test/unit/test_cil_lexer.h
Examining data/libsepol-3.1/cil/test/unit/test_cil_list.c
Examining data/libsepol-3.1/cil/test/unit/test_cil_list.h
Examining data/libsepol-3.1/cil/test/unit/test_cil_parser.c
Examining data/libsepol-3.1/cil/test/unit/test_cil_parser.h
Examining data/libsepol-3.1/cil/test/unit/test_cil_post.c
Examining data/libsepol-3.1/cil/test/unit/test_cil_post.h
Examining data/libsepol-3.1/cil/test/unit/test_cil_resolve_ast.c
Examining data/libsepol-3.1/cil/test/unit/test_cil_resolve_ast.h
Examining data/libsepol-3.1/cil/test/unit/test_cil_symtab.c
Examining data/libsepol-3.1/cil/test/unit/test_cil_symtab.h
Examining data/libsepol-3.1/cil/test/unit/test_cil_tree.c
Examining data/libsepol-3.1/cil/test/unit/test_cil_tree.h
Examining data/libsepol-3.1/cil/test/unit/test_integration.c
Examining data/libsepol-3.1/cil/test/unit/test_integration.h
Examining data/libsepol-3.1/include/sepol/boolean_record.h
Examining data/libsepol-3.1/include/sepol/booleans.h
Examining data/libsepol-3.1/include/sepol/context.h
Examining data/libsepol-3.1/include/sepol/context_record.h
Examining data/libsepol-3.1/include/sepol/debug.h
Examining data/libsepol-3.1/include/sepol/errcodes.h
Examining data/libsepol-3.1/include/sepol/handle.h
Examining data/libsepol-3.1/include/sepol/ibendport_record.h
Examining data/libsepol-3.1/include/sepol/ibendports.h
Examining data/libsepol-3.1/include/sepol/ibpkey_record.h
Examining data/libsepol-3.1/include/sepol/ibpkeys.h
Examining data/libsepol-3.1/include/sepol/iface_record.h
Examining data/libsepol-3.1/include/sepol/interfaces.h
Examining data/libsepol-3.1/include/sepol/kernel_to_cil.h
Examining data/libsepol-3.1/include/sepol/kernel_to_conf.h
Examining data/libsepol-3.1/include/sepol/module.h
Examining data/libsepol-3.1/include/sepol/module_to_cil.h
Examining data/libsepol-3.1/include/sepol/node_record.h
Examining data/libsepol-3.1/include/sepol/nodes.h
Examining data/libsepol-3.1/include/sepol/policydb.h
Examining data/libsepol-3.1/include/sepol/policydb/avrule_block.h
Examining data/libsepol-3.1/include/sepol/policydb/avtab.h
Examining data/libsepol-3.1/include/sepol/policydb/conditional.h
Examining data/libsepol-3.1/include/sepol/policydb/constraint.h
Examining data/libsepol-3.1/include/sepol/policydb/context.h
Examining data/libsepol-3.1/include/sepol/policydb/ebitmap.h
Examining data/libsepol-3.1/include/sepol/policydb/expand.h
Examining data/libsepol-3.1/include/sepol/policydb/flask_types.h
Examining data/libsepol-3.1/include/sepol/policydb/hashtab.h
Examining data/libsepol-3.1/include/sepol/policydb/hierarchy.h
Examining data/libsepol-3.1/include/sepol/policydb/link.h
Examining data/libsepol-3.1/include/sepol/policydb/mls_types.h
Examining data/libsepol-3.1/include/sepol/policydb/module.h
Examining data/libsepol-3.1/include/sepol/policydb/polcaps.h
Examining data/libsepol-3.1/include/sepol/policydb/policydb.h
Examining data/libsepol-3.1/include/sepol/policydb/services.h
Examining data/libsepol-3.1/include/sepol/policydb/sidtab.h
Examining data/libsepol-3.1/include/sepol/policydb/symtab.h
Examining data/libsepol-3.1/include/sepol/policydb/util.h
Examining data/libsepol-3.1/include/sepol/port_record.h
Examining data/libsepol-3.1/include/sepol/ports.h
Examining data/libsepol-3.1/include/sepol/roles.h
Examining data/libsepol-3.1/include/sepol/sepol.h
Examining data/libsepol-3.1/include/sepol/user_record.h
Examining data/libsepol-3.1/include/sepol/users.h
Examining data/libsepol-3.1/src/assertion.c
Examining data/libsepol-3.1/src/avrule_block.c
Examining data/libsepol-3.1/src/avtab.c
Examining data/libsepol-3.1/src/boolean_internal.h
Examining data/libsepol-3.1/src/boolean_record.c
Examining data/libsepol-3.1/src/booleans.c
Examining data/libsepol-3.1/src/conditional.c
Examining data/libsepol-3.1/src/constraint.c
Examining data/libsepol-3.1/src/context.c
Examining data/libsepol-3.1/src/context.h
Examining data/libsepol-3.1/src/context_internal.h
Examining data/libsepol-3.1/src/context_record.c
Examining data/libsepol-3.1/src/debug.c
Examining data/libsepol-3.1/src/debug.h
Examining data/libsepol-3.1/src/deprecated_funcs.c
Examining data/libsepol-3.1/src/ebitmap.c
Examining data/libsepol-3.1/src/expand.c
Examining data/libsepol-3.1/src/flask.h
Examining data/libsepol-3.1/src/handle.c
Examining data/libsepol-3.1/src/handle.h
Examining data/libsepol-3.1/src/hashtab.c
Examining data/libsepol-3.1/src/hierarchy.c
Examining data/libsepol-3.1/src/ibendport_internal.h
Examining data/libsepol-3.1/src/ibendport_record.c
Examining data/libsepol-3.1/src/ibendports.c
Examining data/libsepol-3.1/src/ibpkey_internal.h
Examining data/libsepol-3.1/src/ibpkey_record.c
Examining data/libsepol-3.1/src/ibpkeys.c
Examining data/libsepol-3.1/src/iface_internal.h
Examining data/libsepol-3.1/src/iface_record.c
Examining data/libsepol-3.1/src/interfaces.c
Examining data/libsepol-3.1/src/kernel_to_cil.c
Examining data/libsepol-3.1/src/kernel_to_common.c
Examining data/libsepol-3.1/src/kernel_to_common.h
Examining data/libsepol-3.1/src/kernel_to_conf.c
Examining data/libsepol-3.1/src/link.c
Examining data/libsepol-3.1/src/mls.c
Examining data/libsepol-3.1/src/mls.h
Examining data/libsepol-3.1/src/module.c
Examining data/libsepol-3.1/src/module_internal.h
Examining data/libsepol-3.1/src/module_to_cil.c
Examining data/libsepol-3.1/src/node_internal.h
Examining data/libsepol-3.1/src/node_record.c
Examining data/libsepol-3.1/src/nodes.c
Examining data/libsepol-3.1/src/optimize.c
Examining data/libsepol-3.1/src/polcaps.c
Examining data/libsepol-3.1/src/policydb.c
Examining data/libsepol-3.1/src/policydb_convert.c
Examining data/libsepol-3.1/src/policydb_internal.h
Examining data/libsepol-3.1/src/policydb_public.c
Examining data/libsepol-3.1/src/port_internal.h
Examining data/libsepol-3.1/src/port_record.c
Examining data/libsepol-3.1/src/ports.c
Examining data/libsepol-3.1/src/private.h
Examining data/libsepol-3.1/src/roles.c
Examining data/libsepol-3.1/src/services.c
Examining data/libsepol-3.1/src/sidtab.c
Examining data/libsepol-3.1/src/symtab.c
Examining data/libsepol-3.1/src/user_internal.h
Examining data/libsepol-3.1/src/user_record.c
Examining data/libsepol-3.1/src/users.c
Examining data/libsepol-3.1/src/util.c
Examining data/libsepol-3.1/src/write.c
Examining data/libsepol-3.1/tests/debug.c
Examining data/libsepol-3.1/tests/debug.h
Examining data/libsepol-3.1/tests/helpers.c
Examining data/libsepol-3.1/tests/helpers.h
Examining data/libsepol-3.1/tests/libsepol-tests.c
Examining data/libsepol-3.1/tests/test-common.c
Examining data/libsepol-3.1/tests/test-common.h
Examining data/libsepol-3.1/tests/test-cond.c
Examining data/libsepol-3.1/tests/test-cond.h
Examining data/libsepol-3.1/tests/test-deps.c
Examining data/libsepol-3.1/tests/test-deps.h
Examining data/libsepol-3.1/tests/test-downgrade.c
Examining data/libsepol-3.1/tests/test-downgrade.h
Examining data/libsepol-3.1/tests/test-expander-attr-map.c
Examining data/libsepol-3.1/tests/test-expander-attr-map.h
Examining data/libsepol-3.1/tests/test-expander-roles.c
Examining data/libsepol-3.1/tests/test-expander-roles.h
Examining data/libsepol-3.1/tests/test-expander-users.c
Examining data/libsepol-3.1/tests/test-expander-users.h
Examining data/libsepol-3.1/tests/test-expander.c
Examining data/libsepol-3.1/tests/test-expander.h
Examining data/libsepol-3.1/tests/test-linker-cond-map.c
Examining data/libsepol-3.1/tests/test-linker-cond-map.h
Examining data/libsepol-3.1/tests/test-linker-roles.c
Examining data/libsepol-3.1/tests/test-linker-roles.h
Examining data/libsepol-3.1/tests/test-linker-types.c
Examining data/libsepol-3.1/tests/test-linker-types.h
Examining data/libsepol-3.1/tests/test-linker.c
Examining data/libsepol-3.1/tests/test-linker.h
Examining data/libsepol-3.1/utils/chkcon.c
FINAL RESULTS:
data/libsepol-3.1/cil/include/cil/cil.h:73:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 2, 3)))
data/libsepol-3.1/cil/src/cil.c:1565:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "%s", lvl->sens->datum.fqn);
data/libsepol-3.1/cil/src/cil.c:1583:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "%s,%s", str1, cat->datum.fqn);
data/libsepol-3.1/cil/src/cil.c:1586:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "%s,%s,%s", str1, str2, cat->datum.fqn);
data/libsepol-3.1/cil/src/cil.c:1589:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "%s.%s,%s",str1, str2, cat->datum.fqn);
data/libsepol-3.1/cil/src/cil.c:1602:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "%s", str1);
data/libsepol-3.1/cil/src/cil.c:1605:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "%s,%s", str1, str2);
data/libsepol-3.1/cil/src/cil.c:1608:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "%s.%s",str1, str2);
data/libsepol-3.1/cil/src/cil.c:1656:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "%s:%s", selinuxuser->name_str, user->datum.fqn);
data/libsepol-3.1/cil/src/cil.c:1740:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "%s", filecon->path_str);
data/libsepol-3.1/cil/src/cil.c:1769:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "%s", str_type);
data/libsepol-3.1/cil/src/cil.c:1777:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf_pos = sprintf(str_tmp, "\t%s:%s:%s", user->datum.fqn, role->datum.fqn,
data/libsepol-3.1/cil/src/cil_fqn.c:63:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix, fqn_args->prefix);
data/libsepol-3.1/cil/src/cil_fqn.c:64:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(prefix, datum->name);
data/libsepol-3.1/cil/src/cil_fqn.c:94:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(child_args.prefix, fqn_args->prefix);
data/libsepol-3.1/cil/src/cil_fqn.c:95:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(child_args.prefix, datum->name);
data/libsepol-3.1/cil/src/cil_list.c:38:50: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((noreturn)) __attribute__((format (printf, 1, 2))) void cil_list_error(const char* msg, ...)
data/libsepol-3.1/cil/src/cil_log.c:52:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 0))) void cil_vlog(enum cil_log_level lvl, const char *msg, va_list args)
data/libsepol-3.1/cil/src/cil_log.c:56:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buff, MAX_LOG_SIZE, msg, args);
data/libsepol-3.1/cil/src/cil_log.c:61:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3))) void cil_log(enum cil_log_level lvl, const char *msg, ...)
data/libsepol-3.1/cil/src/cil_log.h:38:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 2, 0))) void cil_vlog(enum cil_log_level lvl, const char *msg, va_list args);
data/libsepol-3.1/cil/src/cil_log.h:39:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 2, 3))) void cil_log(enum cil_log_level lvl, const char *msg, ...);
data/libsepol-3.1/cil/src/cil_mem.c:94:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3))) int cil_asprintf(char **strp, const char *fmt, ...)
data/libsepol-3.1/cil/src/cil_policy.c:519:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new, o_str);
data/libsepol-3.1/cil/src/cil_policy.c:588:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new, op_str);
data/libsepol-3.1/cil/src/cil_post.c:205:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(a_path, a_filecon->path_str);
data/libsepol-3.1/cil/src/cil_post.c:206:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(b_path, b_filecon->path_str);
data/libsepol-3.1/cil/src/cil_symtab.c:45:50: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((noreturn)) __attribute__((format (printf, 1, 2))) void cil_symtab_error(const char* msg, ...)
data/libsepol-3.1/cil/src/cil_tree.c:53:50: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((noreturn)) __attribute__((format (printf, 1, 2))) void cil_tree_error(const char* msg, ...)
data/libsepol-3.1/cil/src/cil_tree.c:116:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format (printf, 3, 4))) void cil_tree_log(struct cil_tree_node *node, enum cil_log_level lvl, const char* msg, ...)
data/libsepol-3.1/cil/src/cil_tree.h:55:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format (printf, 3, 4))) void cil_tree_log(struct cil_tree_node *node, enum cil_log_level lvl, const char* msg, ...);
data/libsepol-3.1/cil/test/unit/CuTest.c:47:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newStr, old);
data/libsepol-3.1/cil/test/unit/CuTest.c:98:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str->buffer, text);
data/libsepol-3.1/cil/test/unit/CuTest.c:109:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3))) void CuStringAppendFormat(CuString* str, const char* format, ...)
data/libsepol-3.1/cil/test/unit/CuTest.c:114:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, format, argp);
data/libsepol-3.1/cil/test/unit/CuTest.c:175:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:%d: ", file, line);
data/libsepol-3.1/cil/test/unit/test_cil_lexer.c:57:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, test_str);
data/libsepol-3.1/cil/test/unit/test_integration.c:43:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = system("./secilc -M -c 24 test/integration.cil &> /dev/null");
data/libsepol-3.1/cil/test/unit/test_integration.c:48:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status1 = system("checkpolicy -M -c 24 -o policy.conf.24 test/policy.conf &> /dev/null");
data/libsepol-3.1/cil/test/unit/test_integration.c:53:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status2 = system("sediff -q policy.24 \\; policy.conf.24 &> /dev/null");
data/libsepol-3.1/cil/test/unit/test_integration.c:69:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = system("./secilc -M -c 24 test/policy.cil &> /dev/null");
data/libsepol-3.1/include/sepol/debug.h:31:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 3, 4)))
data/libsepol-3.1/src/context.c:118:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ptr, "%s:%s:%s",
data/libsepol-3.1/src/debug.c:39:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 3, 4)))
data/libsepol-3.1/src/debug.c:65:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stream, fmt, ap);
data/libsepol-3.1/src/debug.c:73:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 3, 4)))
data/libsepol-3.1/src/debug.h:62:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 3, 4)))
data/libsepol-3.1/src/handle.h:12:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 3, 4)))
data/libsepol-3.1/src/kernel_to_cil.c:1059:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(p, remaining, fmt,
data/libsepol-3.1/src/kernel_to_cil.c:3020:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rc = snprintf(low_high_str, 40, "0x%"PRIx64, low);
data/libsepol-3.1/src/kernel_to_common.c:28:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (vfprintf(stderr, fmt, argptr) < 0) {
data/libsepol-3.1/src/kernel_to_common.c:48:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (vfprintf(out, fmt, argptr) < 0) {
data/libsepol-3.1/src/kernel_to_common.c:54:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 1, 0)))
data/libsepol-3.1/src/kernel_to_common.c:78:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rc = vsnprintf(str, len, fmt, vargs2);
data/libsepol-3.1/src/kernel_to_common.h:86:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 1, 2)))
data/libsepol-3.1/src/kernel_to_common.h:89:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 2, 3)))
data/libsepol-3.1/src/kernel_to_common.h:92:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 1, 3)))
data/libsepol-3.1/src/kernel_to_common.h:99:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 2, 4)))
data/libsepol-3.1/src/kernel_to_conf.c:1050:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(p, remaining, fmt,
data/libsepol-3.1/src/kernel_to_conf.c:1054:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(p, remaining, fmt, val_to_name[start]);
data/libsepol-3.1/src/kernel_to_conf.c:2897:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rc = snprintf(low_high_str, 40, "0x%"PRIx64, low);
data/libsepol-3.1/src/kernel_to_conf.c:2899:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rc = snprintf(low_high_str, 40, "0x%"PRIx64"-0x%"PRIx64, low, high);
data/libsepol-3.1/src/mls.c:62:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr2, ptr + 1);
data/libsepol-3.1/src/mls.c:185:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scontextp,
data/libsepol-3.1/src/mls.c:205:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scontextp,
data/libsepol-3.1/src/mls.c:217:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scontextp,
data/libsepol-3.1/src/mls.c:234:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scontextp, policydb->p_cat_val_to_name[i - 1]);
data/libsepol-3.1/src/module_to_cil.c:74:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 1, 2)))
data/libsepol-3.1/src/module_to_cil.c:79:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (vfprintf(stderr, fmt, argptr) < 0) {
data/libsepol-3.1/src/module_to_cil.c:96:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 1, 2)))
data/libsepol-3.1/src/module_to_cil.c:100:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (vfprintf(out_file, fmt, argptr) < 0) {
data/libsepol-3.1/src/module_to_cil.c:107:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf, 2, 3)))
data/libsepol-3.1/src/module_to_cil.c:113:6: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (vfprintf(out_file, fmt, argptr) < 0) {
data/libsepol-3.1/src/module_to_cil.c:1340:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rlen = snprintf(new_val, len, fmt_str, op, val1, val2);
data/libsepol-3.1/src/module_to_cil.c:1870:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rlen = snprintf(new_val, len, fmt_str, op, val1, val2);
data/libsepol-3.1/src/policydb.c:763:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key, OBJECT_R);
data/libsepol-3.1/src/services.c:726:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(answer_list[answer_counter], "%s %s %s", a,
data/libsepol-3.1/src/services.c:745:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(answer_list[answer_counter], "%s (%s)",
data/libsepol-3.1/src/services.c:748:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(answer_list[answer_counter], "%s%s",
data/libsepol-3.1/src/services.c:762:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_buf, "%s %s\n",
data/libsepol-3.1/tests/libsepol-tests.c:94:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt_long(argc, argv, "vi", opts, NULL)) != -1) {
data/libsepol-3.1/cil/src/cil.c:532:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, size);
data/libsepol-3.1/cil/src/cil.c:1796:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
buf_pos = sprintf(str_tmp, "\t<<none>>");
data/libsepol-3.1/cil/src/cil_binary.c:3302:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_ocon->u.node6.addr, &cil_nodecon->addr->ip.v6.s6_addr[0], 16);
data/libsepol-3.1/cil/src/cil_binary.c:3303:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_ocon->u.node6.mask, &cil_nodecon->mask->ip.v6.s6_addr[0], 16);
data/libsepol-3.1/cil/src/cil_copy_ast.c:1594:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new->ip, &data->ip, sizeof(data->ip));
data/libsepol-3.1/cil/src/cil_fqn.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[CIL_MAX_NAME_LENGTH];
data/libsepol-3.1/cil/src/cil_fqn.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[CIL_MAX_NAME_LENGTH];
data/libsepol-3.1/cil/src/cil_log.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[MAX_LOG_SIZE];
data/libsepol-3.1/cil/src/cil_policy.c:458:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, str, len);
data/libsepol-3.1/cil/src/cil_policy.c:531:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, o_str, o_len);
data/libsepol-3.1/cil/src/cil_policy.c:543:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, o_str, o_len);
data/libsepol-3.1/cil/src/cil_policy.c:605:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new, "not ");
data/libsepol-3.1/cil/src/cil_policy.c:613:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new, " and ");
data/libsepol-3.1/cil/src/cil_policy.c:621:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new, " or ");
data/libsepol-3.1/cil/src/cil_policy.c:667:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curr, DATUM(classperms->class)->fqn, len);
data/libsepol-3.1/cil/src/cil_policy.c:675:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curr, DATUM(i1->data)->fqn, len);
data/libsepol-3.1/cil/src/cil_tree.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stack[COND_EXPR_MAXDEPTH] = {};
data/libsepol-3.1/cil/src/cil_tree.c:1455:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libsepol-3.1/cil/src/cil_tree.c:1721:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libsepol-3.1/cil/test/unit/CilTest.c:62:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen("test/policy.cil", "r");
data/libsepol-3.1/cil/test/unit/CuTest.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[2];
data/libsepol-3.1/cil/test/unit/CuTest.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_STRING_LEN];
data/libsepol-3.1/cil/test/unit/CuTest.c:128:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str->buffer + pos, text, length);
data/libsepol-3.1/cil/test/unit/CuTest.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_STRING_LEN];
data/libsepol-3.1/cil/test/unit/CuTest.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRING_MAX];
data/libsepol-3.1/cil/test/unit/CuTest.c:233:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "expected <%d> but was <%d>", expected, actual);
data/libsepol-3.1/cil/test/unit/CuTest.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRING_MAX];
data/libsepol-3.1/cil/test/unit/CuTest.c:242:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "expected <%f> but was <%f>", expected, actual);
data/libsepol-3.1/cil/test/unit/CuTest.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRING_MAX];
data/libsepol-3.1/cil/test/unit/CuTest.c:252:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "expected pointer <0x%p> but was <0x%p>", expected, actual);
data/libsepol-3.1/include/sepol/policydb/policydb.h:533:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **sym_val_to_name[SYM_NUM];
data/libsepol-3.1/src/assertion.c:157:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_key, k, sizeof(avtab_key_t));
data/libsepol-3.1/src/assertion.c:336:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_key, k, sizeof(avtab_key_t));
data/libsepol-3.1/src/context.c:312:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(con_cpy, con_str, con_str_len);
data/libsepol-3.1/src/expand.c:2673:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xperms, source_rule->xperms, sizeof(av_extended_perms_t));
data/libsepol-3.1/src/ibpkey_record.c:46:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subnet_prefix, in_addr.s6_addr, sizeof(*subnet_prefix));
data/libsepol-3.1/src/ibpkey_record.c:62:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.s6_addr[0], &subnet_prefix, sizeof(subnet_prefix));
data/libsepol-3.1/src/ibpkey_record.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subnet_prefix_str[INET6_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_cil.c:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unknown[18];
data/libsepol-3.1/src/kernel_to_cil.c:554:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sid = (char *)sid_to_str[i];
data/libsepol-3.1/src/kernel_to_cil.c:1604:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char xpermsbuf[2048];
data/libsepol-3.1/src/kernel_to_cil.c:2518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unknown[18];
data/libsepol-3.1/src/kernel_to_cil.c:2531:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sid = (char *)sid_to_str[i];
data/libsepol-3.1/src/kernel_to_cil.c:2667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */
data/libsepol-3.1/src/kernel_to_cil.c:2753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_cil.c:2754:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[INET_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_cil.c:2793:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_cil.c:2794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[INET6_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_cil.c:2833:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subnet_prefix_str[INET6_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_cil.c:2837:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */
data/libsepol-3.1/src/kernel_to_cil.c:2843:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subnet_prefix.s6_addr, &ibpkeycon->u.ibpkey.subnet_prefix,
data/libsepol-3.1/src/kernel_to_cil.c:2890:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[4];
data/libsepol-3.1/src/kernel_to_cil.c:2932:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pirq_str[21]; /* 2^64-1 <= 20 digits */
data/libsepol-3.1/src/kernel_to_cil.c:2969:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_high_str[40]; /* 2^64-1 <= 16 digits (hex) so (low high) < 40 chars */
data/libsepol-3.1/src/kernel_to_cil.c:3012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_high_str[40]; /* 2^64-1 <= 16 digits (hex) so (low high) < 40 chars */
data/libsepol-3.1/src/kernel_to_cil.c:3053:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_str[20]; /* 2^64-1 <= 16 digits (hex) so (low high) < 19 chars */
data/libsepol-3.1/src/kernel_to_conf.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unknown[18];
data/libsepol-3.1/src/kernel_to_conf.c:452:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sid = (char *)sid_to_str[i];
data/libsepol-3.1/src/kernel_to_conf.c:2391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unknown[18];
data/libsepol-3.1/src/kernel_to_conf.c:2404:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sid = (char *)sid_to_str[i];
data/libsepol-3.1/src/kernel_to_conf.c:2540:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */
data/libsepol-3.1/src/kernel_to_conf.c:2626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_conf.c:2627:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[INET_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_conf.c:2667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_conf.c:2668:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[INET6_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_conf.c:2707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subnet_prefix_str[INET6_ADDRSTRLEN];
data/libsepol-3.1/src/kernel_to_conf.c:2711:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */
data/libsepol-3.1/src/kernel_to_conf.c:2717:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subnet_prefix.s6_addr, &ibpkeycon->u.ibpkey.subnet_prefix,
data/libsepol-3.1/src/kernel_to_conf.c:2765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[4];
data/libsepol-3.1/src/kernel_to_conf.c:2807:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pirq_str[21]; /* 2^64-1 <= 20 digits */
data/libsepol-3.1/src/kernel_to_conf.c:2846:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_high_str[40]; /* 2^64-1 <= 16 digits (hex) so low-high < 40 chars */
data/libsepol-3.1/src/kernel_to_conf.c:2889:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low_high_str[40]; /* 2^64-1 <= 16 digits (hex) so low-high < 40 chars */
data/libsepol-3.1/src/kernel_to_conf.c:2930:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_str[20]; /* 2^64-1 <= 16 digits (hex) so < 19 chars */
data/libsepol-3.1/src/link.c:81:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *symtab_names[SYM_NUM] = {
data/libsepol-3.1/src/link.c:193:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmap, mod->perm_map[sclassi],
data/libsepol-3.1/src/link.c:1321:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_rule->xperms, cur->xperms,
data/libsepol-3.1/src/module.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*field, data, len);
data/libsepol-3.1/src/module.c:263:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base->file_contexts + base->file_contexts_len,
data/libsepol-3.1/src/module.c:296:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(base->netfilter_contexts + base->netfilter_contexts_len,
data/libsepol-3.1/src/module_to_cil.c:150:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*line, *start, len);
data/libsepol-3.1/src/module_to_cil.c:2529:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unknown[18];
data/libsepol-3.1/src/module_to_cil.c:2647:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subnet_prefix_str[INET6_ADDRSTRLEN];
data/libsepol-3.1/src/module_to_cil.c:2655:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subnet_prefix.s6_addr, &ibpkeycon->u.ibpkey.subnet_prefix,
data/libsepol-3.1/src/module_to_cil.c:2701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET_ADDRSTRLEN];
data/libsepol-3.1/src/module_to_cil.c:2702:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[INET_ADDRSTRLEN];
data/libsepol-3.1/src/module_to_cil.c:2733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET6_ADDRSTRLEN];
data/libsepol-3.1/src/module_to_cil.c:2734:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[INET6_ADDRSTRLEN];
data/libsepol-3.1/src/node_record.c:60:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr_bytes, &in_addr.s_addr, 4);
data/libsepol-3.1/src/node_record.c:73:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr_bytes, in_addr.s6_addr, 16);
data/libsepol-3.1/src/node_record.c:144:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.s_addr, addr_bytes, 4);
data/libsepol-3.1/src/node_record.c:161:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.s6_addr[0], addr_bytes, 16);
data/libsepol-3.1/src/node_record.c:289:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_key->addr, node->addr, node->addr_sz);
data/libsepol-3.1/src/node_record.c:290:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_key->mask, node->mask, node->mask_sz);
data/libsepol-3.1/src/node_record.c:387:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_buf, node->addr, node->addr_sz);
data/libsepol-3.1/src/node_record.c:430:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_addr, addr, addr_sz);
data/libsepol-3.1/src/node_record.c:472:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_buf, node->mask, node->mask_sz);
data/libsepol-3.1/src/node_record.c:514:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_mask, mask, mask_sz);
data/libsepol-3.1/src/node_record.c:589:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_node->addr, node->addr, node->addr_sz);
data/libsepol-3.1/src/node_record.c:590:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_node->mask, node->mask, node->mask_sz);
data/libsepol-3.1/src/nodes.c:39:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_node->u.node.addr, addr_buf, addr_bsize);
data/libsepol-3.1/src/nodes.c:40:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_node->u.node.mask, mask_buf, mask_bsize);
data/libsepol-3.1/src/nodes.c:43:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_node->u.node6.addr, addr_buf, addr_bsize);
data/libsepol-3.1/src/nodes.c:44:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_node->u.node6.mask, mask_buf, mask_bsize);
data/libsepol-3.1/src/policydb.c:445:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *symtab_name[SYM_NUM] = {
data/libsepol-3.1/src/services.c:215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[128];
data/libsepol-3.1/src/services.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[128];
data/libsepol-3.1/src/services.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[128];
data/libsepol-3.1/src/services.c:1723:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, fp->data, bytes);
data/libsepol-3.1/src/services.c:1748:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fp->data, ptr, bytes);
data/libsepol-3.1/src/services.c:1858:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&oldpolicydb, policydb, sizeof *policydb);
data/libsepol-3.1/src/services.c:1862:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(policydb, &newpolicydb, sizeof *policydb);
data/libsepol-3.1/src/services.c:2245:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mysids2, mysids,
data/libsepol-3.1/src/util.c:84:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char avbuf[1024];
data/libsepol-3.1/src/util.c:131:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char xpermsbuf[2048];
data/libsepol-3.1/src/write.c:1446:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &c->u.ibpkey.subnet_prefix,
data/libsepol-3.1/tests/helpers.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/libsepol-3.1/tests/test-downgrade.c:210:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in_fp = fopen(path, "rb")) == NULL) {
data/libsepol-3.1/tests/test-downgrade.c:254:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out_fp = fopen(path, "w" )) == NULL) {
data/libsepol-3.1/tests/test-expander.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename[num_modules + 1];
data/libsepol-3.1/tests/test-linker-roles.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *types[2];
data/libsepol-3.1/tests/test-linker-roles.c:103:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *types[3];
data/libsepol-3.1/tests/test-linker-types.c:128:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *types[2];
data/libsepol-3.1/tests/test-linker-types.c:166:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *types[2];
data/libsepol-3.1/tests/test-linker.c:48:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *policies[NUM_POLICIES] = {
data/libsepol-3.1/utils/chkcon.c:24:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/libsepol-3.1/cil/src/cil.c:1399:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
data/libsepol-3.1/cil/src/cil.c:1399:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
data/libsepol-3.1/cil/src/cil.c:1399:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
data/libsepol-3.1/cil/src/cil.c:1399:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen("user ") + strlen(user->datum.fqn) + strlen(" prefix ") + strlen(userprefix->prefix_str) + 2;
data/libsepol-3.1/cil/src/cil.c:1512:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(lvl->sens->datum.fqn);
data/libsepol-3.1/cil/src/cil.c:1527:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
data/libsepol-3.1/cil/src/cil.c:1527:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(cat->datum.fqn) + 1;
data/libsepol-3.1/cil/src/cil.c:1529:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
data/libsepol-3.1/cil/src/cil.c:1529:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
data/libsepol-3.1/cil/src/cil.c:1529:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
data/libsepol-3.1/cil/src/cil.c:1531:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
data/libsepol-3.1/cil/src/cil.c:1531:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
data/libsepol-3.1/cil/src/cil.c:1531:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(str2) + strlen(cat->datum.fqn) + 2;
data/libsepol-3.1/cil/src/cil.c:1542:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1);
data/libsepol-3.1/cil/src/cil.c:1544:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(str2) + 1;
data/libsepol-3.1/cil/src/cil.c:1544:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(str2) + 1;
data/libsepol-3.1/cil/src/cil.c:1546:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(str2) + 1;
data/libsepol-3.1/cil/src/cil.c:1546:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(str1) + strlen(str2) + 1;
data/libsepol-3.1/cil/src/cil.c:1569:13: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
buf_pos = sprintf(str_tmp, ":");
data/libsepol-3.1/cil/src/cil.c:1595:16: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
buf_pos = sprintf(str_tmp, ",");
data/libsepol-3.1/cil/src/cil.c:1638:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
data/libsepol-3.1/cil/src/cil.c:1638:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(selinuxuser->name_str) + strlen(user->datum.fqn) + 1;
data/libsepol-3.1/cil/src/cil.c:1661:14: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
buf_pos = sprintf(str_tmp, ":");
data/libsepol-3.1/cil/src/cil.c:1665:14: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
buf_pos = sprintf(str_tmp, "-");
data/libsepol-3.1/cil/src/cil.c:1671:13: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
buf_pos = sprintf(str_tmp, "\n");
data/libsepol-3.1/cil/src/cil.c:1701:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen(filecon->path_str);
data/libsepol-3.1/cil/src/cil.c:1714:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
data/libsepol-3.1/cil/src/cil.c:1714:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
data/libsepol-3.1/cil/src/cil.c:1714:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += (strlen(user->datum.fqn) + strlen(role->datum.fqn) + strlen(type->datum.fqn) + 3);
data/libsepol-3.1/cil/src/cil.c:1725:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len += strlen("\t<<none>>");
data/libsepol-3.1/cil/src/cil.c:1783:15: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
buf_pos = sprintf(str_tmp, ":");
data/libsepol-3.1/cil/src/cil.c:1789:16: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
buf_pos = sprintf(str_tmp, "-");
data/libsepol-3.1/cil/src/cil.c:1800:13: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
buf_pos = sprintf(str_tmp, "\n");
data/libsepol-3.1/cil/src/cil_fqn.c:57:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = fqn_args->len + strlen(datum->name);
data/libsepol-3.1/cil/src/cil_fqn.c:85:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newlen = fqn_args->len + strlen(datum->name) + 1;
data/libsepol-3.1/cil/src/cil_fqn.c:96:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(child_args.prefix, ".");
data/libsepol-3.1/cil/src/cil_parser.c:158:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tok.value[strlen(tok.value) - 1] = '\0';
data/libsepol-3.1/cil/src/cil_parser.c:252:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tok.value[strlen(tok.value) - 1] = '\0';
data/libsepol-3.1/cil/src/cil_policy.c:346:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(DATUM(db->val_to_user[i])->fqn);
data/libsepol-3.1/cil/src/cil_policy.c:367:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(DATUM(operand->data)->fqn);
data/libsepol-3.1/cil/src/cil_policy.c:376:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(DATUM(operand->data)->fqn);
data/libsepol-3.1/cil/src/cil_policy.c:457:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libsepol-3.1/cil/src/cil_policy.c:530:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o_len = strlen(o_str);
data/libsepol-3.1/cil/src/cil_policy.c:542:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o_len = strlen(o_str);
data/libsepol-3.1/cil/src/cil_policy.c:655:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(DATUM(classperms->class)->fqn) + 1;
data/libsepol-3.1/cil/src/cil_policy.c:657:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(DATUM(i1->data)->fqn) + 1;
data/libsepol-3.1/cil/src/cil_policy.c:666:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(DATUM(classperms->class)->fqn);
data/libsepol-3.1/cil/src/cil_policy.c:674:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(DATUM(i1->data)->fqn);
data/libsepol-3.1/cil/src/cil_post.c:201:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *a_path = cil_malloc(strlen(a_filecon->path_str) + 1);
data/libsepol-3.1/cil/src/cil_post.c:203:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *b_path = cil_malloc(strlen(b_filecon->path_str) + 1);
data/libsepol-3.1/cil/src/cil_strpool.c:56:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(keyp);
data/libsepol-3.1/cil/src/cil_tree.c:412:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(stack[pos-1]) + strlen(op_str) + 4;
data/libsepol-3.1/cil/src/cil_tree.c:412:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(stack[pos-1]) + strlen(op_str) + 4;
data/libsepol-3.1/cil/src/cil_tree.c:423:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(stack[pos-1]) + strlen(stack[pos-2]) + strlen(op_str) + 5;
data/libsepol-3.1/cil/src/cil_tree.c:423:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(stack[pos-1]) + strlen(stack[pos-2]) + strlen(op_str) + 5;
data/libsepol-3.1/cil/src/cil_tree.c:423:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(stack[pos-1]) + strlen(stack[pos-2]) + strlen(op_str) + 5;
data/libsepol-3.1/cil/src/cil_verify.c:61:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/libsepol-3.1/cil/test/unit/CuTest.c:45:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(old);
data/libsepol-3.1/cil/test/unit/CuTest.c:94:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(text);
data/libsepol-3.1/cil/test/unit/CuTest.c:121:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(text);
data/libsepol-3.1/cil/test/unit/test_cil_lexer.c:39:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t str_size = strlen(test_str);
data/libsepol-3.1/cil/test/unit/test_cil_lexer.c:43:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, test_str, str_size);
data/libsepol-3.1/cil/test/unit/test_cil_lexer.c:53:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t str_size = strlen(test_str);
data/libsepol-3.1/src/context.c:26:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(context) + 1, NULL);
data/libsepol-3.1/src/context.c:99:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->p_user_val_to_name[context->user - 1]) + 1;
data/libsepol-3.1/src/context.c:101:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->p_role_val_to_name[context->role - 1]) + 1;
data/libsepol-3.1/src/context.c:102:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scontext_len += strlen(policydb->p_type_val_to_name[context->type - 1]);
data/libsepol-3.1/src/context.c:124:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->p_user_val_to_name[context->user - 1]) + 1 +
data/libsepol-3.1/src/context.c:125:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->p_role_val_to_name[context->role - 1]) + 1 +
data/libsepol-3.1/src/context.c:126:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->p_type_val_to_name[context->type - 1]);
data/libsepol-3.1/src/context_record.c:296:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(con->user), /* user length */
data/libsepol-3.1/src/context_record.c:297:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(con->role), /* role length */
data/libsepol-3.1/src/context_record.c:298:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(con->type), /* type length */
data/libsepol-3.1/src/context_record.c:299:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(con->mls) ? strlen(con->mls) : 0, /* mls length */
data/libsepol-3.1/src/ibendport_record.c:65:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_key->ibdev_name, ibdev_name, IB_DEVICE_NAME_MAX);
data/libsepol-3.1/src/ibendport_record.c:169:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX);
data/libsepol-3.1/src/ibendport_record.c:189:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, ibdev_name, IB_DEVICE_NAME_MAX);
data/libsepol-3.1/src/ibendport_record.c:233:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_ibendport->ibdev_name, ibendport->ibdev_name, IB_DEVICE_NAME_MAX);
data/libsepol-3.1/src/ibendports.c:37:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_ibendport->u.ibendport.dev_name, ibdev_name, IB_DEVICE_NAME_MAX);
data/libsepol-3.1/src/kernel_to_cil.c:1009:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(val_to_name[start]);
data/libsepol-3.1/src/kernel_to_cil.c:1011:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(val_to_name[i-1]) + strlen("(range ) ");
data/libsepol-3.1/src/kernel_to_cil.c:1011:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(val_to_name[i-1]) + strlen("(range ) ");
data/libsepol-3.1/src/kernel_to_cil.c:1013:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(val_to_name[i-1]) + 2;
data/libsepol-3.1/src/kernel_to_common.c:65:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fmt) + 1; /* +1 for '\0' */
data/libsepol-3.1/src/kernel_to_common.c:69:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(s) - 2; /* -2 for each %s in fmt */
data/libsepol-3.1/src/kernel_to_common.c:276:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(strs->list[i]);
data/libsepol-3.1/src/kernel_to_common.c:305:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(strs->list[i]);
data/libsepol-3.1/src/kernel_to_conf.c:1008:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(val_to_name[start]) + 1;
data/libsepol-3.1/src/kernel_to_conf.c:1010:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(val_to_name[i]) + 1;
data/libsepol-3.1/src/kernel_to_conf.c:1507:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(strs->list[i]);
data/libsepol-3.1/src/kernel_to_conf.c:2174:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(types) > 900) {
data/libsepol-3.1/src/mls.c:122:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->
data/libsepol-3.1/src/mls.c:134:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->p_cat_val_to_name[i]) + 1;
data/libsepol-3.1/src/mls.c:139:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->
data/libsepol-3.1/src/mls.c:147:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(policydb->p_cat_val_to_name[i - 1]) + 1;
data/libsepol-3.1/src/mls.c:189:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->
data/libsepol-3.1/src/mls.c:208:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->p_cat_val_to_name[i]);
data/libsepol-3.1/src/mls.c:221:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(policydb->
data/libsepol-3.1/src/mls.c:235:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scontextp += strlen(policydb->p_cat_val_to_name[i - 1]);
data/libsepol-3.1/src/module.c:742:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len != strlen(POLICYDB_MOD_STRING)) {
data/libsepol-3.1/src/module_to_cil.c:758:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pdb->name) + strlen(infix) + num_digits(num_attrs) + 1;
data/libsepol-3.1/src/module_to_cil.c:758:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pdb->name) + strlen(infix) + num_digits(num_attrs) + 1;
data/libsepol-3.1/src/module_to_cil.c:1137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(names[i]);
data/libsepol-3.1/src/module_to_cil.c:1138:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < strlen(names[i])) {
data/libsepol-3.1/src/module_to_cil.c:1275:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val1) + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1329:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val1) + strlen(val2) + strlen(op) + (num_params * 1) + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1329:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val1) + strlen(val2) + strlen(op) + (num_params * 1) + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1329:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val1) + strlen(val2) + strlen(op) + (num_params * 1) + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1765:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(op) + strlen(attr1) + strlen(attr2) + 2 + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1765:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(op) + strlen(attr1) + strlen(attr2) + 2 + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1765:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(op) + strlen(attr1) + strlen(attr2) + 2 + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1802:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(op) + strlen(attr1) + strlen(names) + 2 + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1802:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(op) + strlen(attr1) + strlen(names) + 2 + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1802:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(op) + strlen(attr1) + strlen(names) + 2 + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1859:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val1) + strlen(val2) + strlen(op) + (num_params * 1) + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1859:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val1) + strlen(val2) + strlen(op) + (num_params * 1) + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:1859:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(val1) + strlen(val2) + strlen(op) + (num_params * 1) + 2 + 1;
data/libsepol-3.1/src/module_to_cil.c:3199:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(prefix);
data/libsepol-3.1/src/policydb.c:758:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key = malloc(strlen(OBJECT_R) + 1);
data/libsepol-3.1/src/policydb.c:3070:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(newc->u.name);
data/libsepol-3.1/src/policydb.c:3071:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(c->u.name);
data/libsepol-3.1/src/services.c:713:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b_len = strlen(b);
data/libsepol-3.1/src/services.c:715:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a_len = strlen(a);
data/libsepol-3.1/src/services.c:734:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b_len = strlen(b);
data/libsepol-3.1/src/services.c:2289:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(c->u.name);
data/libsepol-3.1/src/symtab.c:22:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(keyp);
data/libsepol-3.1/src/write.c:460:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/libsepol-3.1/src/write.c:488:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/libsepol-3.1/src/write.c:580:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ft->name);
data/libsepol-3.1/src/write.c:668:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/libsepol-3.1/src/write.c:870:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/libsepol-3.1/src/write.c:895:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/libsepol-3.1/src/write.c:978:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/libsepol-3.1/src/write.c:980:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(cladatum->comkey);
data/libsepol-3.1/src/write.c:1091:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/libsepol-3.1/src/write.c:1166:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/libsepol-3.1/src/write.c:1235:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/libsepol-3.1/src/write.c:1378:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(c->u.name);
data/libsepol-3.1/src/write.c:1431:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(c->u.name);
data/libsepol-3.1/src/write.c:1460:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(c->u.ibendport.dev_name);
data/libsepol-3.1/src/write.c:1497:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(c->u.name);
data/libsepol-3.1/src/write.c:1554:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(genfs->fstype);
data/libsepol-3.1/src/write.c:1570:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(c->u.name);
data/libsepol-3.1/src/write.c:1887:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ftr->name);
data/libsepol-3.1/src/write.c:2049:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t key_len = strlen(key);
data/libsepol-3.1/src/write.c:2152:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(policydb_target_strings[p->target_platform]);
data/libsepol-3.1/src/write.c:2156:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(POLICYDB_MOD_STRING);
data/libsepol-3.1/src/write.c:2191:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p->name);
data/libsepol-3.1/src/write.c:2199:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p->version);
ANALYSIS SUMMARY:
Hits = 355
Lines analyzed = 120746 in approximately 2.72 seconds (44473 lines/second)
Physical Source Lines of Code (SLOC) = 90221
Hits@level = [0] 344 [1] 149 [2] 125 [3] 1 [4] 80 [5] 0
Hits@level+ = [0+] 699 [1+] 355 [2+] 206 [3+] 81 [4+] 80 [5+] 0
Hits/KSLOC@level+ = [0+] 7.74764 [1+] 3.93478 [2+] 2.28328 [3+] 0.897795 [4+] 0.886712 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.