Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsieve-2.2.6/src/sv_interface/message2.c
Examining data/libsieve-2.2.6/src/sv_interface/message2.h
Examining data/libsieve-2.2.6/src/sv_interface/context2.c
Examining data/libsieve-2.2.6/src/sv_interface/context2.h
Examining data/libsieve-2.2.6/src/sv_interface/script.c
Examining data/libsieve-2.2.6/src/sv_interface/script.h
Examining data/libsieve-2.2.6/src/sv_interface/callbacks2.c
Examining data/libsieve-2.2.6/src/sv_interface/callbacks2.h
Examining data/libsieve-2.2.6/src/sv_interface/tree.c
Examining data/libsieve-2.2.6/src/sv_interface/tree.h
Examining data/libsieve-2.2.6/src/sv_interface/message.c
Examining data/libsieve-2.2.6/src/sv_interface/message.h
Examining data/libsieve-2.2.6/src/sv_interface/script2.c
Examining data/libsieve-2.2.6/src/sv_empty.c
Examining data/libsieve-2.2.6/src/sv_test/example.c
Examining data/libsieve-2.2.6/src/sv_test/testcomp.c
Examining data/libsieve-2.2.6/src/sv_util/md5.c
Examining data/libsieve-2.2.6/src/sv_util/util.c
Examining data/libsieve-2.2.6/src/sv_util/util.h
Examining data/libsieve-2.2.6/src/sv_util/exception.c
Examining data/libsieve-2.2.6/src/sv_util/exception.h
Examining data/libsieve-2.2.6/src/sv_parser/sieve-lex.c
Examining data/libsieve-2.2.6/src/sv_parser/addrinc.h
Examining data/libsieve-2.2.6/src/sv_parser/sieve.c
Examining data/libsieve-2.2.6/src/sv_parser/sieve.h
Examining data/libsieve-2.2.6/src/sv_parser/parser.h
Examining data/libsieve-2.2.6/src/sv_parser/header-lex.c
Examining data/libsieve-2.2.6/src/sv_parser/comparator.c
Examining data/libsieve-2.2.6/src/sv_parser/comparator.h
Examining data/libsieve-2.2.6/src/sv_parser/addr.h
Examining data/libsieve-2.2.6/src/sv_parser/addr-lex.c
Examining data/libsieve-2.2.6/src/sv_parser/header.c
Examining data/libsieve-2.2.6/src/sv_parser/header.h
Examining data/libsieve-2.2.6/src/sv_parser/headerinc.h
Examining data/libsieve-2.2.6/src/sv_parser/sieveinc.h
Examining data/libsieve-2.2.6/src/sv_parser/addr.c
Examining data/libsieve-2.2.6/src/sv_regex/regex.c
Examining data/libsieve-2.2.6/src/sv_regex/regex.h
Examining data/libsieve-2.2.6/src/sv_regex/regex_internal.c
Examining data/libsieve-2.2.6/src/sv_regex/regex_internal.h
Examining data/libsieve-2.2.6/src/sv_regex/regcomp.c
Examining data/libsieve-2.2.6/src/sv_regex/regexec.c
Examining data/libsieve-2.2.6/src/sv_include/sieve2.h
Examining data/libsieve-2.2.6/src/sv_include/sieve2_error.h
FINAL RESULTS:
data/libsieve-2.2.6/src/sv_interface/callbacks2.c:296:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(message, 1023, formatstring, argp);
data/libsieve-2.2.6/src/sv_parser/addr.c:697:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/libsieve-2.2.6/src/sv_parser/header.c:629:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/libsieve-2.2.6/src/sv_parser/sieve.c:938:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/libsieve-2.2.6/src/sv_util/util.h:24:49: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINTF_ARGS(X, Y) __attribute__((format(printf, X, Y)))
data/libsieve-2.2.6/src/sv_interface/callbacks2.c:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/libsieve-2.2.6/src/sv_interface/script.c:194:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char countstr[20];
data/libsieve-2.2.6/src/sv_interface/script.c:254:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char countstr[20];
data/libsieve-2.2.6/src/sv_interface/script.c:469:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/libsieve-2.2.6/src/sv_interface/script.c:477:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Automated reply");
data/libsieve-2.2.6/src/sv_interface/script2.c:43:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (char *)sieve2_error_text[code];
data/libsieve-2.2.6/src/sv_parser/addr-lex.c:1861:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, libsieve_addrptr, n);
data/libsieve-2.2.6/src/sv_parser/addr.c:994:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/libsieve-2.2.6/src/sv_parser/addr.c:1011:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/libsieve-2.2.6/src/sv_parser/addr.c:1179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/libsieve-2.2.6/src/sv_parser/comparator.c:179:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TRACE_DEBUG("Testing [%d] [%d] [%d]", atoi(pat), num, atoi(text));
data/libsieve-2.2.6/src/sv_parser/comparator.c:179:67: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TRACE_DEBUG("Testing [%d] [%d] [%d]", atoi(pat), num, atoi(text));
data/libsieve-2.2.6/src/sv_parser/comparator.c:182:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) < atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:182:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) < atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:184:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) <= atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:184:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) <= atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:186:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) > atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:186:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) > atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:188:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) >= atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:188:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) >= atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:190:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) == atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:190:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) == atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:192:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) != atoi(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:192:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(pat) != atoi(text);
data/libsieve-2.2.6/src/sv_parser/header-lex.c:1857:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, libsieve_headerptr, n);
data/libsieve-2.2.6/src/sv_parser/header.c:926:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/libsieve-2.2.6/src/sv_parser/header.c:943:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/libsieve-2.2.6/src/sv_parser/header.c:1111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/libsieve-2.2.6/src/sv_parser/sieve-lex.c:2368:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, libsieve_sieveptr, n);
data/libsieve-2.2.6/src/sv_parser/sieve.c:1235:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/libsieve-2.2.6/src/sv_parser/sieve.c:1252:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/libsieve-2.2.6/src/sv_parser/sieve.c:1420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/libsieve-2.2.6/src/sv_parser/sieve.c:2900:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[100];
data/libsieve-2.2.6/src/sv_regex/regcomp.c:359:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libsieve-2.2.6/src/sv_regex/regcomp.c:505:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (errbuf, msg, errbuf_size - 1);
data/libsieve-2.2.6/src/sv_regex/regcomp.c:510:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (errbuf, msg, msg_size);
data/libsieve-2.2.6/src/sv_regex/regcomp.c:2388:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t cmp_buf[6] = {L'\0', L'\0', L'\0', L'\0', L'\0', L'\0'};
data/libsieve-2.2.6/src/sv_regex/regcomp.c:2844:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char start_name_buf[BRACKET_NAME_BUF_SIZE];
data/libsieve-2.2.6/src/sv_regex/regcomp.c:2845:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char end_name_buf[BRACKET_NAME_BUF_SIZE];
data/libsieve-2.2.6/src/sv_regex/regcomp.c:3126:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char char_buf[2];
data/libsieve-2.2.6/src/sv_regex/regex.h:552:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *__restrict __string, size_t __nmatch,
data/libsieve-2.2.6/src/sv_regex/regex_internal.c:283:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pstr->mbs + byte_idx,
data/libsieve-2.2.6/src/sv_regex/regex_internal.c:629:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems, src->elems, src->nelem * sizeof (int));
data/libsieve-2.2.6/src/sv_regex/regex_internal.c:724:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems + id, src1->elems + i1,
data/libsieve-2.2.6/src/sv_regex/regex_internal.c:730:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems + id, src2->elems + i2,
data/libsieve-2.2.6/src/sv_regex/regex_internal.c:791:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems + di, src->elems + cp_from,
data/libsieve-2.2.6/src/sv_regex/regex_internal.c:801:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems + di, src->elems + si,
data/libsieve-2.2.6/src/sv_regex/regex_internal.c:849:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_array, set->elems, sizeof (int) * (idx));
data/libsieve-2.2.6/src/sv_regex/regex_internal.c:852:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_array + idx + 1, set->elems + idx,
data/libsieve-2.2.6/src/sv_regex/regex_internal.h:126:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src, sizeof (unsigned int) * BITSET_UINTS)
data/libsieve-2.2.6/src/sv_regex/regexec.c:339:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s, string1, length1);
data/libsieve-2.2.6/src/sv_regex/regexec.c:340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s + length1, string2, length2);
data/libsieve-2.2.6/src/sv_regex/regexec.c:1231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fs->stack[num].regs, regs, sizeof (regmatch_t) * nregs);
data/libsieve-2.2.6/src/sv_regex/regexec.c:1246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (regs, fs->stack[num].regs, sizeof (regmatch_t) * nregs);
data/libsieve-2.2.6/src/sv_test/example.c:430:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/libsieve-2.2.6/src/sv_util/md5.c:41:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[64];
data/libsieve-2.2.6/src/sv_util/md5.c:186:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gdm_md5_final(unsigned char digest[16], struct GdmMD5Context *ctx)
data/libsieve-2.2.6/src/sv_util/md5.c:223:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, ctx->buf, 16);
data/libsieve-2.2.6/src/sv_util/md5.c:253:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, len);
data/libsieve-2.2.6/src/sv_util/md5.c:256:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, t);
data/libsieve-2.2.6/src/sv_util/md5.c:266:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, 64);
data/libsieve-2.2.6/src/sv_util/md5.c:275:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, len);
data/libsieve-2.2.6/src/sv_util/md5.c:281:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[16];
data/libsieve-2.2.6/src/sv_util/md5.c:295:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&hash[i * 2], "%02x", result[i]);
data/libsieve-2.2.6/src/sv_util/util.c:204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+pos, str, len);
data/libsieve-2.2.6/src/sv_util/util.c:225:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->str + s->pos, str, len);
data/libsieve-2.2.6/src/sv_interface/callbacks2.c:324:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*scriptlen = strlen(*script);
data/libsieve-2.2.6/src/sv_interface/message.c:96:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
libsieve_strtolower(a->domain,strlen(a->domain));
data/libsieve-2.2.6/src/sv_interface/message2.c:185:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
head = libsieve_strtolower(head, strlen(head));
data/libsieve-2.2.6/src/sv_interface/script.c:489:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, c->u.v.subject, sizeof(buf)-1);
data/libsieve-2.2.6/src/sv_interface/script2.c:299:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return libsieve_strbuf(c->strbuf, ext, strlen(ext), FREEME);
data/libsieve-2.2.6/src/sv_parser/addr-lex.c:625:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( libsieve_addrin )) != EOF && c != '\n'; ++n ) \
data/libsieve-2.2.6/src/sv_parser/addr-lex.c:832:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
libsieve_addrlval = libsieve_strbuf(ml, libsieve_addrtext, strlen(libsieve_addrtext), NOFREE);
data/libsieve-2.2.6/src/sv_parser/addr-lex.c:843:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
libsieve_addrlval = libsieve_strbuf(ml, libsieve_addrtext, strlen(libsieve_addrtext), NOFREE);
data/libsieve-2.2.6/src/sv_parser/addr-lex.c:1600:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return libsieve_addr_scan_bytes(yystr,strlen(yystr) );
data/libsieve-2.2.6/src/sv_parser/addr-lex.c:1859:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(libsieve_addrptr) < max_size ? strlen(libsieve_addrptr) : max_size;
data/libsieve-2.2.6/src/sv_parser/addr-lex.c:1859:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(libsieve_addrptr) < max_size ? strlen(libsieve_addrptr) : max_size;
data/libsieve-2.2.6/src/sv_parser/addr.c:875:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/libsieve-2.2.6/src/sv_parser/addr.c:1523:100: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( "@", (yyvsp[(2) - (2)]), NULL ), strlen((yyvsp[(2) - (2)]))+1, FREEME);
data/libsieve-2.2.6/src/sv_parser/addr.c:1531:111: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( "@", (yyvsp[(2) - (4)]), ",", (yyvsp[(4) - (4)]), NULL ), strlen((yyvsp[(2) - (4)]))+strlen((yyvsp[(4) - (4)]))+2, FREEME);
data/libsieve-2.2.6/src/sv_parser/addr.c:1531:138: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( "@", (yyvsp[(2) - (4)]), ",", (yyvsp[(4) - (4)]), NULL ), strlen((yyvsp[(2) - (4)]))+strlen((yyvsp[(4) - (4)]))+2, FREEME);
data/libsieve-2.2.6/src/sv_parser/addr.c:1544:106: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( (yyvsp[(1) - (3)]), ".", (yyvsp[(3) - (3)]), NULL ), strlen((yyvsp[(1) - (3)]))+strlen((yyvsp[(3) - (3)]))+1, FREEME);
data/libsieve-2.2.6/src/sv_parser/addr.c:1544:133: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( (yyvsp[(1) - (3)]), ".", (yyvsp[(3) - (3)]), NULL ), strlen((yyvsp[(1) - (3)]))+strlen((yyvsp[(3) - (3)]))+1, FREEME);
data/libsieve-2.2.6/src/sv_parser/addr.c:1557:106: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( (yyvsp[(1) - (3)]), ".", (yyvsp[(3) - (3)]), NULL ), strlen((yyvsp[(1) - (3)]))+strlen((yyvsp[(3) - (3)]))+1, FREEME);
data/libsieve-2.2.6/src/sv_parser/addr.c:1557:133: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( (yyvsp[(1) - (3)]), ".", (yyvsp[(3) - (3)]), NULL ), strlen((yyvsp[(1) - (3)]))+strlen((yyvsp[(3) - (3)]))+1, FREEME);
data/libsieve-2.2.6/src/sv_parser/addr.c:1593:106: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( (yyvsp[(1) - (2)]), " ", (yyvsp[(2) - (2)]), NULL ), strlen((yyvsp[(1) - (2)]))+strlen((yyvsp[(2) - (2)]))+1, FREEME);
data/libsieve-2.2.6/src/sv_parser/addr.c:1593:133: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( (yyvsp[(1) - (2)]), " ", (yyvsp[(2) - (2)]), NULL ), strlen((yyvsp[(1) - (2)]))+strlen((yyvsp[(2) - (2)]))+1, FREEME);
data/libsieve-2.2.6/src/sv_parser/comparator.c:52:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(pat);
data/libsieve-2.2.6/src/sv_parser/comparator.c:54:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (sl == strlen(text)) && !memcmp(pat, text, sl);
data/libsieve-2.2.6/src/sv_parser/comparator.c:143:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
N = strlen(text);
data/libsieve-2.2.6/src/sv_parser/comparator.c:144:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
M = strlen(pat);
data/libsieve-2.2.6/src/sv_parser/header-lex.c:607:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( libsieve_headerin )) != EOF && c != '\n'; ++n ) \
data/libsieve-2.2.6/src/sv_parser/header-lex.c:852:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
libsieve_headerlval = libsieve_strbuf(ml, libsieve_headertext, strlen(libsieve_headertext), NOFREE);
data/libsieve-2.2.6/src/sv_parser/header-lex.c:862:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
libsieve_headerlval = libsieve_strbuf(ml, libsieve_headertext, strlen(libsieve_headertext), NOFREE);
data/libsieve-2.2.6/src/sv_parser/header-lex.c:872:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
libsieve_headerlval = libsieve_strbuf(ml, libsieve_headertext, strlen(libsieve_headertext), NOFREE);
data/libsieve-2.2.6/src/sv_parser/header-lex.c:1593:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return libsieve_header_scan_bytes(yystr,strlen(yystr) );
data/libsieve-2.2.6/src/sv_parser/header-lex.c:1855:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(libsieve_headerptr) < max_size ? strlen(libsieve_headerptr) : max_size;
data/libsieve-2.2.6/src/sv_parser/header-lex.c:1855:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(libsieve_headerptr) < max_size ? strlen(libsieve_headerptr) : max_size;
data/libsieve-2.2.6/src/sv_parser/header.c:807:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/libsieve-2.2.6/src/sv_parser/header.c:1391:115: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( (yyvsp[(1) - (2)]), (yyvsp[(2) - (2)]), NULL ), strlen((yyvsp[(1) - (2)]))+strlen((yyvsp[(2) - (2)])), FREEME);
data/libsieve-2.2.6/src/sv_parser/header.c:1391:142: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval) = libsieve_strbuf(ml, libsieve_strconcat( (yyvsp[(1) - (2)]), (yyvsp[(2) - (2)]), NULL ), strlen((yyvsp[(1) - (2)]))+strlen((yyvsp[(2) - (2)])), FREEME);
data/libsieve-2.2.6/src/sv_parser/header.c:1717:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(name);
data/libsieve-2.2.6/src/sv_parser/sieve-lex.c:826:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( libsieve_sievein )) != EOF && c != '\n'; ++n ) \
data/libsieve-2.2.6/src/sv_parser/sieve-lex.c:2109:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return libsieve_sieve_scan_bytes(yystr,strlen(yystr) );
data/libsieve-2.2.6/src/sv_parser/sieve-lex.c:2366:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(libsieve_sieveptr) < (size_t)max_size ? strlen(libsieve_sieveptr) : max_size;
data/libsieve-2.2.6/src/sv_parser/sieve-lex.c:2366:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(libsieve_sieveptr) < (size_t)max_size ? strlen(libsieve_sieveptr) : max_size;
data/libsieve-2.2.6/src/sv_parser/sieve.c:1116:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/libsieve-2.2.6/src/sv_regex/regcomp.c:447:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = re_compile_internal (preg, pattern, strlen (pattern), syntax);
data/libsieve-2.2.6/src/sv_regex/regcomp.c:496:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_size = strlen (msg) + 1; /* Includes the null. */
data/libsieve-2.2.6/src/sv_regex/regcomp.c:642:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = re_compile_internal (&re_comp_buf, s, strlen (s), libsieve_re_syntax_options);
data/libsieve-2.2.6/src/sv_regex/regcomp.c:710:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dfa->re_str, pattern, length + 1);
data/libsieve-2.2.6/src/sv_regex/regcomp.c:2380:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen ((char *) start_elem->opr.name) > 1)
data/libsieve-2.2.6/src/sv_regex/regcomp.c:2382:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen ((char *) end_elem->opr.name) > 1), 0))
data/libsieve-2.2.6/src/sv_regex/regcomp.c:2480:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen ((const char *) name);
data/libsieve-2.2.6/src/sv_regex/regcomp.c:2569:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sym_name_len = strlen ((char *) br_elem->opr.name);
data/libsieve-2.2.6/src/sv_regex/regcomp.c:2711:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen ((const char *) name);
data/libsieve-2.2.6/src/sv_regex/regcomp.c:3142:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (BE (idx1 == 0 || cp < name + strlen ((const char *) name), 0))
data/libsieve-2.2.6/src/sv_regex/regcomp.c:3188:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (BE (strlen ((const char *) name) != 1, 0))
data/libsieve-2.2.6/src/sv_regex/regexec.c:219:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen (string);
data/libsieve-2.2.6/src/sv_test/example.c:126:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
yn = getchar();
data/libsieve-2.2.6/src/sv_test/example.c:278:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) && strlen(name)) {
data/libsieve-2.2.6/src/sv_test/example.c:278:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) && strlen(name)) {
data/libsieve-2.2.6/src/sv_test/example.c:282:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(path) && !strlen(name)) {
data/libsieve-2.2.6/src/sv_test/example.c:282:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(path) && !strlen(name)) {
data/libsieve-2.2.6/src/sv_test/example.c:445:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f_buf[f_pos] = fgetc(f);
data/libsieve-2.2.6/src/sv_util/md5.c:286:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdm_md5_update(&mycontext, (unsigned char *)s1, strlen(s1));
data/libsieve-2.2.6/src/sv_util/md5.c:287:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdm_md5_update(&mycontext, (unsigned char *)s2, strlen(s2));
data/libsieve-2.2.6/src/sv_util/util.c:156:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/libsieve-2.2.6/src/sv_util/util.c:161:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, str, len);
data/libsieve-2.2.6/src/sv_util/util.c:177:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, str, len);
data/libsieve-2.2.6/src/sv_util/util.c:199:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
ANALYSIS SUMMARY:
Hits = 136
Lines analyzed = 28806 in approximately 0.73 seconds (39287 lines/second)
Physical Source Lines of Code (SLOC) = 20543
Hits@level = [0] 77 [1] 65 [2] 66 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 213 [1+] 136 [2+] 71 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 10.3685 [1+] 6.62026 [2+] 3.45617 [3+] 0.243392 [4+] 0.243392 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.