Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsylph-1.1.0/examples/libsylph-compose.c
Examining data/libsylph-1.1.0/examples/libsylph-createmailbox.c
Examining data/libsylph-1.1.0/examples/libsylph-listfolder.c
Examining data/libsylph-1.1.0/examples/libsylph-listprefs.c
Examining data/libsylph-1.1.0/examples/libsylph-listsummary.c
Examining data/libsylph-1.1.0/examples/libsylph-pop.c
Examining data/libsylph-1.1.0/examples/libsylph-send.c
Examining data/libsylph-1.1.0/examples/libsylph-template.c
Examining data/libsylph-1.1.0/libsylph/account.c
Examining data/libsylph-1.1.0/libsylph/base64.c
Examining data/libsylph-1.1.0/libsylph/codeconv.c
Examining data/libsylph-1.1.0/libsylph/compose.c
Examining data/libsylph-1.1.0/libsylph/customheader.c
Examining data/libsylph-1.1.0/libsylph/displayheader.c
Examining data/libsylph-1.1.0/libsylph/filter.c
Examining data/libsylph-1.1.0/libsylph/folder.c
Examining data/libsylph-1.1.0/libsylph/html.c
Examining data/libsylph-1.1.0/libsylph/imap.c
Examining data/libsylph-1.1.0/libsylph/mbox.c
Examining data/libsylph-1.1.0/libsylph/md5.c
Examining data/libsylph-1.1.0/libsylph/md5_hmac.c
Examining data/libsylph-1.1.0/libsylph/news.c
Examining data/libsylph-1.1.0/libsylph/nntp.c
Examining data/libsylph-1.1.0/libsylph/pop.c
Examining data/libsylph-1.1.0/libsylph/prefs.c
Examining data/libsylph-1.1.0/libsylph/prefs_account.c
Examining data/libsylph-1.1.0/libsylph/prefs_common.c
Examining data/libsylph-1.1.0/libsylph/procheader.c
Examining data/libsylph-1.1.0/libsylph/procmime.c
Examining data/libsylph-1.1.0/libsylph/procmsg.c
Examining data/libsylph-1.1.0/libsylph/quoted-printable.c
Examining data/libsylph-1.1.0/libsylph/recv.c
Examining data/libsylph-1.1.0/libsylph/session.c
Examining data/libsylph-1.1.0/libsylph/smtp.c
Examining data/libsylph-1.1.0/libsylph/socket.c
Examining data/libsylph-1.1.0/libsylph/ssl.c
Examining data/libsylph-1.1.0/libsylph/stringtable.c
Examining data/libsylph-1.1.0/libsylph/sylmain.c
Examining data/libsylph-1.1.0/libsylph/unmime.c
Examining data/libsylph-1.1.0/libsylph/utils.c
Examining data/libsylph-1.1.0/libsylph/uuencode.c
Examining data/libsylph-1.1.0/libsylph/virtual.c
Examining data/libsylph-1.1.0/libsylph/xml.c
Examining data/libsylph-1.1.0/libsylph/enums.h
Examining data/libsylph-1.1.0/libsylph/account.h
Examining data/libsylph-1.1.0/libsylph/base64.h
Examining data/libsylph-1.1.0/libsylph/codeconv.h
Examining data/libsylph-1.1.0/libsylph/compose.h
Examining data/libsylph-1.1.0/libsylph/customheader.h
Examining data/libsylph-1.1.0/libsylph/displayheader.h
Examining data/libsylph-1.1.0/libsylph/filter.h
Examining data/libsylph-1.1.0/libsylph/folder.h
Examining data/libsylph-1.1.0/libsylph/html.h
Examining data/libsylph-1.1.0/libsylph/imap.h
Examining data/libsylph-1.1.0/libsylph/mbox.h
Examining data/libsylph-1.1.0/libsylph/md5.h
Examining data/libsylph-1.1.0/libsylph/md5_hmac.h
Examining data/libsylph-1.1.0/libsylph/mh.h
Examining data/libsylph-1.1.0/libsylph/news.h
Examining data/libsylph-1.1.0/libsylph/nntp.h
Examining data/libsylph-1.1.0/libsylph/pop.h
Examining data/libsylph-1.1.0/libsylph/prefs.h
Examining data/libsylph-1.1.0/libsylph/prefs_account.h
Examining data/libsylph-1.1.0/libsylph/prefs_common.h
Examining data/libsylph-1.1.0/libsylph/procheader.h
Examining data/libsylph-1.1.0/libsylph/procmime.h
Examining data/libsylph-1.1.0/libsylph/procmsg.h
Examining data/libsylph-1.1.0/libsylph/quoted-printable.h
Examining data/libsylph-1.1.0/libsylph/recv.h
Examining data/libsylph-1.1.0/libsylph/session.h
Examining data/libsylph-1.1.0/libsylph/smtp.h
Examining data/libsylph-1.1.0/libsylph/socket.h
Examining data/libsylph-1.1.0/libsylph/ssl.h
Examining data/libsylph-1.1.0/libsylph/stringtable.h
Examining data/libsylph-1.1.0/libsylph/sylmain.h
Examining data/libsylph-1.1.0/libsylph/unmime.h
Examining data/libsylph-1.1.0/libsylph/utils.h
Examining data/libsylph-1.1.0/libsylph/uuencode.h
Examining data/libsylph-1.1.0/libsylph/virtual.h
Examining data/libsylph-1.1.0/libsylph/xml.h
Examining data/libsylph-1.1.0/libsylph/defs.h
Examining data/libsylph-1.1.0/libsylph/mh.c
FINAL RESULTS:
data/libsylph-1.1.0/libsylph/utils.c:138:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
retval = chmod(cp_path, mode);
data/libsylph-1.1.0/libsylph/utils.c:147:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod(path, mode);
data/libsylph-1.1.0/libsylph/utils.h:61:18: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define g_chmod chmod
data/libsylph-1.1.0/libsylph/filter.c:808:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(match_type,
data/libsylph-1.1.0/libsylph/filter.c:813:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(match_type,
data/libsylph-1.1.0/libsylph/filter.c:818:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(match_type,
data/libsylph-1.1.0/libsylph/imap.c:3254:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, user);
data/libsylph-1.1.0/libsylph/imap.c:3256:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, user);
data/libsylph-1.1.0/libsylph/imap.c:3258:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, pass);
data/libsylph-1.1.0/libsylph/mbox.c:91:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(from_line, buf);
data/libsylph-1.1.0/libsylph/mbox.c:145:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(from_line, buf);
data/libsylph-1.1.0/libsylph/nntp.c:330:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(argbuf, buf);
data/libsylph-1.1.0/libsylph/pop.c:495:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "%s\t%ld", uidl, &recv_time) != 2) {
data/libsylph-1.1.0/libsylph/pop.c:496:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "%s", uidl) != 1)
data/libsylph-1.1.0/libsylph/procheader.c:732:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, str);
data/libsylph-1.1.0/libsylph/procmsg.c:1442:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/libsylph-1.1.0/libsylph/smtp.c:341:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, session->user);
data/libsylph-1.1.0/libsylph/smtp.c:343:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, session->pass);
data/libsylph-1.1.0/libsylph/utils.c:1567:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ap, p);
data/libsylph-1.1.0/libsylph/utils.h:123:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__tmp, str); \
data/libsylph-1.1.0/libsylph/compose.c:1380:6: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_random_int(), addr);
data/libsylph-1.1.0/libsylph/utils.c:2002:14: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home_dir = g_get_home_dir();
data/libsylph-1.1.0/libsylph/utils.c:2009:9: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_get_home_dir();
data/libsylph-1.1.0/libsylph/utils.c:3320:21: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
buf_uniq[i] = tbl[g_random_int_range(0, sizeof(tbl) - 1)];
data/libsylph-1.1.0/libsylph/account.c:238:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp_ac = account_find_from_id(atoi(str));
data/libsylph-1.1.0/libsylph/base64.c:156:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(decoder->buf, buf, sizeof(buf));
data/libsylph-1.1.0/libsylph/filter.c:1208:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cond->int_value = atoi(value);
data/libsylph-1.1.0/libsylph/filter.c:1238:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
action->int_value = atoi(str);
data/libsylph-1.1.0/libsylph/folder.c:1287:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new = atoi(attr->value);
data/libsylph-1.1.0/libsylph/folder.c:1289:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unread = atoi(attr->value);
data/libsylph-1.1.0/libsylph/folder.c:1291:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
total = atoi(attr->value);
data/libsylph-1.1.0/libsylph/folder.c:1333:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
account = account_find_from_id(atoi(attr->value));
data/libsylph-1.1.0/libsylph/folder.c:1443:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
account = account_find_from_id(atoi(attr->value));
data/libsylph-1.1.0/libsylph/html.c:572:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ch = atoi(symbol_name + 2);
data/libsylph-1.1.0/libsylph/imap.c:2322:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(seq_set, "1:*");
data/libsylph-1.1.0/libsylph/imap.c:2728:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(buf);
data/libsylph-1.1.0/libsylph/imap.c:2751:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, cur_pos, MIN(len, dest_len - 1));
data/libsylph-1.1.0/libsylph/imap.c:2778:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(buf);
data/libsylph-1.1.0/libsylph/imap.c:2904:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msgnum = atoi(buf);
data/libsylph-1.1.0/libsylph/imap.c:3621:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_num = atol(size_str);
data/libsylph-1.1.0/libsylph/imap.c:3833:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(obuf);
data/libsylph-1.1.0/libsylph/imap.c:3943:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, MIN(tmp - src, len - 1));
data/libsylph-1.1.0/libsylph/mbox.c:298:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((lockfd = open(base, O_RDONLY)) < 0) {
data/libsylph-1.1.0/libsylph/mbox.c:300:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((lockfd = open(base, O_RDWR)) < 0) {
data/libsylph-1.1.0/libsylph/md5.c:426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (md52->digest, md5->digest, sizeof(md5->digest));
data/libsylph-1.1.0/libsylph/md5_hmac.c:59:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_ipad, s_gnet_md5_get_digest(tmd5),
data/libsylph-1.1.0/libsylph/md5_hmac.c:61:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_opad, s_gnet_md5_get_digest(tmd5),
data/libsylph-1.1.0/libsylph/md5_hmac.c:65:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_ipad, key, key_len);
data/libsylph-1.1.0/libsylph/md5_hmac.c:66:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_opad, key, key_len);
data/libsylph-1.1.0/libsylph/md5_hmac.c:95:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, s_gnet_md5_get_digest(md5), S_GNET_MD5_HASH_LENGTH);
data/libsylph-1.1.0/libsylph/md5_hmac.c:119:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, s_gnet_md5_get_digest(md5), S_GNET_MD5_HASH_LENGTH);
data/libsylph-1.1.0/libsylph/mh.c:1330:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msginfo->msgnum = atoi(file);
data/libsylph-1.1.0/libsylph/news.c:960:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(xover_str);
data/libsylph-1.1.0/libsylph/news.c:961:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_int = atoi(size);
data/libsylph-1.1.0/libsylph/news.c:962:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
line_int = atoi(line);
data/libsylph-1.1.0/libsylph/news.c:1005:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(xhdr_str);
data/libsylph-1.1.0/libsylph/nntp.c:361:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "\r\n");
data/libsylph-1.1.0/libsylph/pop.c:262:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, buf_len);
data/libsylph-1.1.0/libsylph/pop.c:315:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, buf_len);
data/libsylph-1.1.0/libsylph/prefs.c:174:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((gint *)param->data) = (gint)atoi(value);
data/libsylph-1.1.0/libsylph/prefs.c:181:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((DummyEnum *)param->data) = (DummyEnum)atoi(value);
data/libsylph-1.1.0/libsylph/prefs.c:184:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((gushort *)param->data) = (gushort)atoi(value);
data/libsylph-1.1.0/libsylph/prefs.c:463:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(gint)atoi(param[i].defval);
data/libsylph-1.1.0/libsylph/prefs.c:473:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(param[i].defval) ? TRUE : FALSE;
data/libsylph-1.1.0/libsylph/prefs.c:480:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(DummyEnum)atoi(param[i].defval);
data/libsylph-1.1.0/libsylph/prefs.c:487:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(gushort)atoi(param[i].defval);
data/libsylph-1.1.0/libsylph/prefs_account.c:186:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(p);
data/libsylph-1.1.0/libsylph/procmime.c:523:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(next);
data/libsylph-1.1.0/libsylph/session.c:590:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, session->read_buf_p, line_len);
data/libsylph-1.1.0/libsylph/smtp.c:347:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outbuf, "AUTH PLAIN ");
data/libsylph-1.1.0/libsylph/socket.c:673:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inp, &inaddr, sizeof(inaddr));
data/libsylph-1.1.0/libsylph/socket.c:706:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ad.sin_addr, hp->h_addr, hp->h_length);
data/libsylph-1.1.0/libsylph/socket.c:1190:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ad.sin_addr, *addr_list_p, hp->h_length);
data/libsylph-1.1.0/libsylph/socket.c:1510:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str + cur_offset, buf, len + 1);
data/libsylph-1.1.0/libsylph/socket.c:1536:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str + cur_offset, buf, len + 1);
data/libsylph-1.1.0/libsylph/unmime.c:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(charset, eword_begin_p + 2, len);
data/libsylph-1.1.0/libsylph/utils.c:252:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(nstr);
data/libsylph-1.1.0/libsylph/utils.c:1981:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t path[MAX_PATH + 1];
data/libsylph-1.1.0/libsylph/utils.c:3494:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
return tmpfile());
data/libsylph-1.1.0/libsylph/utils.c:3496:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname, tmpdir, tmplen);
data/libsylph-1.1.0/libsylph/utils.c:3498:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname + tmplen + 1, progname, proglen);
data/libsylph-1.1.0/libsylph/utils.c:3499:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname + tmplen + 1 + proglen, suffix, sizeof(suffix));
data/libsylph-1.1.0/libsylph/utils.c:3503:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
return tmpfile();
data/libsylph-1.1.0/libsylph/utils.c:4009:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(offset_string, "%c%02d%02d", sign, off / 60, off % 60);
data/libsylph-1.1.0/libsylph/utils.h:44:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define g_open open
data/libsylph-1.1.0/libsylph/utils.h:52:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define g_fopen fopen
data/libsylph-1.1.0/libsylph/utils.h:154:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(__tmp, str1, len1); \
data/libsylph-1.1.0/libsylph/utils.h:155:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(__tmp + len1, str2, len2 + 1); \
data/libsylph-1.1.0/libsylph/uuencode.c:25:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char uudigit[64] =
data/libsylph-1.1.0/libsylph/account.c:69:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(buf, buf + 1, strlen(buf));
data/libsylph-1.1.0/libsylph/account.c:70:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf) - 1] = '\0';
data/libsylph-1.1.0/libsylph/account.c:232:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = buf + strlen(hentry[hnum].name);
data/libsylph-1.1.0/libsylph/codeconv.c:192:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_malloc(strlen(inbuf) * 2 + 1);
data/libsylph-1.1.0/libsylph/codeconv.c:277:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_malloc(strlen(inbuf) * 2 + 1);
data/libsylph-1.1.0/libsylph/codeconv.c:457:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_malloc(strlen(inbuf) * 3 + 4);
data/libsylph-1.1.0/libsylph/codeconv.c:594:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_malloc(strlen(inbuf) * 5 + 4);
data/libsylph-1.1.0/libsylph/codeconv.c:692:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_malloc(strlen(inbuf) * 2 + 1);
data/libsylph-1.1.0/libsylph/codeconv.c:1024:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + 1, strlen(p));
data/libsylph-1.1.0/libsylph/codeconv.c:1067:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + 1, strlen(p));
data/libsylph-1.1.0/libsylph/codeconv.c:1081:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + 1, strlen(p));
data/libsylph-1.1.0/libsylph/codeconv.c:1114:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libsylph-1.1.0/libsylph/codeconv.c:1505:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_size = strlen(inbuf);
data/libsylph-1.1.0/libsylph/codeconv.c:1922:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(locale_table[i].locale))) {
data/libsylph-1.1.0/libsylph/codeconv.c:1927:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur_locale) == 2 &&
data/libsylph-1.1.0/libsylph/codeconv.c:1994:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(locale_table[i].locale))) {
data/libsylph-1.1.0/libsylph/codeconv.c:1999:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur_locale) == 2 &&
data/libsylph-1.1.0/libsylph/codeconv.c:2179:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mimestr_len = strlen(MIMESEP_BEGIN) + strlen(mimesep_enc) +
data/libsylph-1.1.0/libsylph/codeconv.c:2179:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mimestr_len = strlen(MIMESEP_BEGIN) + strlen(mimesep_enc) +
data/libsylph-1.1.0/libsylph/codeconv.c:2180:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(MIMESEP_END);
data/libsylph-1.1.0/libsylph/codeconv.c:2257:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_str_len = strlen(out_str);
data/libsylph-1.1.0/libsylph/codeconv.c:2268:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mimestr_len + strlen(block_encoding) + out_enc_str_len <= left) {
data/libsylph-1.1.0/libsylph/codeconv.c:2295:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_str_len = strlen(out_str);
data/libsylph-1.1.0/libsylph/codeconv.c:2316:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(block_encoding) +
data/libsylph-1.1.0/libsylph/codeconv.c:2317:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(enc_str);
data/libsylph-1.1.0/libsylph/codeconv.c:2358:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp = out = g_malloc(strlen(str) * 3 + 1);
data/libsylph-1.1.0/libsylph/codeconv.c:2394:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(param_name);
data/libsylph-1.1.0/libsylph/codeconv.c:2408:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(enc_str) <= max_linelen) {
data/libsylph-1.1.0/libsylph/compose.c:284:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen((gchar *)cur->data) + 5;
data/libsylph-1.1.0/libsylph/compose.c:543:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(compose->body_text);
data/libsylph-1.1.0/libsylph/compose.c:561:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outlen = strlen(outbuf);
data/libsylph-1.1.0/libsylph/compose.c:627:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Return-Path:")) == 0 ||
data/libsylph-1.1.0/libsylph/compose.c:629:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Delivered-To:")) == 0 ||
data/libsylph-1.1.0/libsylph/compose.c:631:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Received:")) == 0 ||
data/libsylph-1.1.0/libsylph/compose.c:633:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Subject:")) == 0 ||
data/libsylph-1.1.0/libsylph/compose.c:635:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("X-UIDL:")) == 0)
data/libsylph-1.1.0/libsylph/compose.c:642:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_ascii_strncasecmp(buf, "From:", strlen("From:")) == 0) {
data/libsylph-1.1.0/libsylph/compose.c:648:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(" (by way of "),
data/libsylph-1.1.0/libsylph/compose.c:965:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 3; \
data/libsylph-1.1.0/libsylph/compose.c:986:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(header) + 2, TRUE, header_encoding); \
data/libsylph-1.1.0/libsylph/compose.c:1020:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("From: "), TRUE, header_encoding);
data/libsylph-1.1.0/libsylph/compose.c:1049:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Newsgroups: "),
data/libsylph-1.1.0/libsylph/compose.c:1075:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Subject: "), FALSE,
data/libsylph-1.1.0/libsylph/compose.c:1103:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Followup-To: "),
data/libsylph-1.1.0/libsylph/compose.c:1115:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Reply-To: "),
data/libsylph-1.1.0/libsylph/compose.c:1126:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Organization: "), FALSE,
data/libsylph-1.1.0/libsylph/compose.c:1168:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(chdr->name) + 2, FALSE,
data/libsylph-1.1.0/libsylph/compose.c:1220:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Resent-From: "), TRUE, NULL);
data/libsylph-1.1.0/libsylph/compose.c:1255:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Newsgroups: "),
data/libsylph-1.1.0/libsylph/compose.c:1270:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Subject: "), FALSE,
data/libsylph-1.1.0/libsylph/compose.c:1290:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Followup-To: "),
data/libsylph-1.1.0/libsylph/compose.c:1303:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Resent-Reply-To: "), TRUE,
data/libsylph-1.1.0/libsylph/filter.c:1266:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oldpathlen = strlen(old_path);
data/libsylph-1.1.0/libsylph/filter.c:1303:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathlen = strlen(path);
data/libsylph-1.1.0/libsylph/imap.c:68:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 3; \
data/libsylph-1.1.0/libsylph/imap.c:1897:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(buf, "%*d %16s", buf) < 1 ||
data/libsylph-1.1.0/libsylph/imap.c:2637:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(tmp_path, name, strlen(name)) == 0)
data/libsylph-1.1.0/libsylph/imap.c:3231:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
capability += strlen("CAPABILITY ");
data/libsylph-1.1.0/libsylph/imap.c:3253:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = response = g_malloc(strlen(user) * 2 + 2 + strlen(pass) + 1);
data/libsylph-1.1.0/libsylph/imap.c:3253:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = response = g_malloc(strlen(user) * 2 + 2 + strlen(pass) + 1);
data/libsylph-1.1.0/libsylph/imap.c:3255:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(user) + 1;
data/libsylph-1.1.0/libsylph/imap.c:3257:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(user) + 1;
data/libsylph-1.1.0/libsylph/imap.c:3259:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(pass);
data/libsylph-1.1.0/libsylph/imap.c:3285:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
challenge = g_malloc(strlen(challenge64 + 2) + 1);
data/libsylph-1.1.0/libsylph/imap.c:3291:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(guchar *)pass, strlen(pass));
data/libsylph-1.1.0/libsylph/imap.c:3296:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response64 = g_malloc((strlen(response) + 3) * 2 + 1);
data/libsylph-1.1.0/libsylph/imap.c:3297:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base64_encode(response64, (guchar *)response, strlen(response));
data/libsylph-1.1.0/libsylph/imap.c:3639:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[0] == '\0' || buf[strlen(buf) - 1] != ')') {
data/libsylph-1.1.0/libsylph/imap.c:3905:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sock_write_all(SESSION(session)->sock, buf, strlen(buf));
data/libsylph-1.1.0/libsylph/imap.c:3993:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libsylph-1.1.0/libsylph/imap.c:4079:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to_len = strlen(mutf7_str) * 5;
data/libsylph-1.1.0/libsylph/imap.c:4123:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from_len = strlen(from);
data/libsylph-1.1.0/libsylph/imap.c:4344:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oldpathlen = strlen(oldpath);
data/libsylph-1.1.0/libsylph/mbox.c:157:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_memmove(buf, buf + 1, strlen(buf));
data/libsylph-1.1.0/libsylph/md5.c:361:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_return_val_if_fail (strlen(str) >= (S_GNET_MD5_HASH_LENGTH * 2), NULL);
data/libsylph-1.1.0/libsylph/mh.c:1606:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oldpathlen = strlen(oldpath);
data/libsylph-1.1.0/libsylph/nntp.c:282:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sock_write_all(SESSION(session)->sock, msg, strlen(msg)) < 0) {
data/libsylph-1.1.0/libsylph/nntp.c:324:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) < 3)
data/libsylph-1.1.0/libsylph/nntp.c:362:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sock_write_all(sock, buf, strlen(buf)) < 0) {
data/libsylph-1.1.0/libsylph/pop.c:176:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5 = s_gnet_md5_new((guchar *)apop_str, strlen(apop_str));
data/libsylph-1.1.0/libsylph/pop.c:569:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libsylph-1.1.0/libsylph/prefs.c:100:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(conv_str, block_label, strlen(block_label));
data/libsylph-1.1.0/libsylph/prefs.c:103:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = strncmp(buf, block_label, strlen(block_label));
data/libsylph-1.1.0/libsylph/prefs.c:237:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = strncmp(buf, block_label, strlen(block_label));
data/libsylph-1.1.0/libsylph/procheader.c:61:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(hp->name)))
data/libsylph-1.1.0/libsylph/procheader.c:73:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *bufp = buf + strlen(buf);
data/libsylph-1.1.0/libsylph/procheader.c:81:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nexthead = fgetc(fp);
data/libsylph-1.1.0/libsylph/procheader.c:105:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufp += strlen(bufp);
data/libsylph-1.1.0/libsylph/procheader.c:123:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nexthead = fgetc(fp);
data/libsylph-1.1.0/libsylph/procheader.c:125:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/libsylph-1.1.0/libsylph/procheader.c:159:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufp = buf + strlen(buf);
data/libsylph-1.1.0/libsylph/procheader.c:167:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nexthead = fgetc(fp);
data/libsylph-1.1.0/libsylph/procheader.c:191:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufp += strlen(bufp);
data/libsylph-1.1.0/libsylph/procheader.c:476:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen(hp->name);
data/libsylph-1.1.0/libsylph/procheader.c:600:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hp = buf + strlen(hentry[hnum].name);
data/libsylph-1.1.0/libsylph/procheader.c:757:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%10s %d %9s %d %2d:%2d:%2d %5s",
data/libsylph-1.1.0/libsylph/procheader.c:761:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%3s,%d %9s %d %2d:%2d:%2d %5s",
data/libsylph-1.1.0/libsylph/procheader.c:765:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%d %9s %d %2d:%2d:%2d %5s",
data/libsylph-1.1.0/libsylph/procheader.c:770:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%10s %d %9s %d %2d:%2d:%2d",
data/libsylph-1.1.0/libsylph/procheader.c:774:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%d %9s %d %2d:%2d:%2d",
data/libsylph-1.1.0/libsylph/procheader.c:779:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%10s %d %9s %d %2d:%2d %5s",
data/libsylph-1.1.0/libsylph/procheader.c:783:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%d %9s %d %2d:%2d %5s",
data/libsylph-1.1.0/libsylph/procheader.c:788:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%10s %d %9s %d %2d:%2d",
data/libsylph-1.1.0/libsylph/procheader.c:792:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
result = sscanf(str, "%d %9s %d %2d:%2d",
data/libsylph-1.1.0/libsylph/procmime.c:228:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
boundary_len = strlen(boundary);
data/libsylph-1.1.0/libsylph/procmime.c:239:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
boundary_len = strlen(boundary);
data/libsylph-1.1.0/libsylph/procmime.c:322:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libsylph-1.1.0/libsylph/procmime.c:335:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fpos - partinfo->sub->fpos - strlen(buf);
data/libsylph-1.1.0/libsylph/procmime.c:596:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dec_value = g_malloc(strlen(begin) + 1);
data/libsylph-1.1.0/libsylph/procmime.c:622:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dec_value = g_malloc(strlen(begin) + 1);
data/libsylph-1.1.0/libsylph/procmime.c:774:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(mimeinfo, buf + strlen(hp->name));
data/libsylph-1.1.0/libsylph/procmime.c:777:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(mimeinfo, buf + strlen(hp->name));
data/libsylph-1.1.0/libsylph/procmime.c:780:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(mimeinfo, buf + strlen(hp->name));
data/libsylph-1.1.0/libsylph/procmime.c:821:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
boundary_len = strlen(boundary);
data/libsylph-1.1.0/libsylph/procmime.c:1681:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_len = strlen(str);
data/libsylph-1.1.0/libsylph/procmsg.c:1441:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf) - 1] != '&') strcat(buf, "&");
data/libsylph-1.1.0/libsylph/procmsg.c:1441:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (buf[strlen(buf) - 1] != '&') strcat(buf, "&");
data/libsylph-1.1.0/libsylph/procmsg.h:156:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(data); \
data/libsylph-1.1.0/libsylph/recv.c:145:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libsylph-1.1.0/libsylph/session.c:396:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
session->write_buf_len = strlen(msg) + 2;
data/libsylph-1.1.0/libsylph/session.c:670:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
terminator_len = strlen(session->read_data_terminator);
data/libsylph-1.1.0/libsylph/session.c:782:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
terminator_len = strlen(session->read_data_terminator);
data/libsylph-1.1.0/libsylph/smtp.c:174:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(session->user));
data/libsylph-1.1.0/libsylph/smtp.c:196:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
challenge = g_malloc(strlen(msg + 4) + 1);
data/libsylph-1.1.0/libsylph/smtp.c:203:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(guchar *)buf, strlen(buf));
data/libsylph-1.1.0/libsylph/smtp.c:210:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response64 = g_malloc((strlen(response) + 3) * 2 + 1);
data/libsylph-1.1.0/libsylph/smtp.c:212:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(response));
data/libsylph-1.1.0/libsylph/smtp.c:245:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(session->pass));
data/libsylph-1.1.0/libsylph/smtp.c:335:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authlen = 1 + strlen(session->user) + 1 + strlen(session->pass);
data/libsylph-1.1.0/libsylph/smtp.c:335:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
authlen = 1 + strlen(session->user) + 1 + strlen(session->pass);
data/libsylph-1.1.0/libsylph/smtp.c:342:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/libsylph-1.1.0/libsylph/smtp.c:348:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = outbuf + strlen(outbuf);
data/libsylph-1.1.0/libsylph/smtp.c:465:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(msg) < 4) {
data/libsylph-1.1.0/libsylph/socket.c:288:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1);
data/libsylph-1.1.0/libsylph/socket.c:324:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1);
data/libsylph-1.1.0/libsylph/socket.c:1247:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sock_write_all(sock, buf, strlen(buf));
data/libsylph-1.1.0/libsylph/socket.c:1284:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd, buf, len);
data/libsylph-1.1.0/libsylph/socket.c:1567:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ret = sock_write_all(sock, buf, strlen(buf))) < 0)
data/libsylph-1.1.0/libsylph/stringtable.c:152:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*totals += strlen(key) * (entry->ref_count - 1);
data/libsylph-1.1.0/libsylph/unmime.c:49:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outbuf = g_string_sized_new(strlen(encoded_str) * 2);
data/libsylph-1.1.0/libsylph/utils.c:307:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(s1);
data/libsylph-1.1.0/libsylph/utils.c:308:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(s2);
data/libsylph-1.1.0/libsylph/utils.c:334:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = str + strlen(str) - 1;
data/libsylph-1.1.0/libsylph/utils.c:350:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = str + strlen(str) - 1; s >= str && *s == tail_char; s--)
data/libsylph-1.1.0/libsylph/utils.c:363:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = str + strlen(str) - 1;
data/libsylph-1.1.0/libsylph/utils.c:377:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
haystack_len = strlen(haystack);
data/libsylph-1.1.0/libsylph/utils.c:378:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen(needle);
data/libsylph-1.1.0/libsylph/utils.c:442:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libsylph-1.1.0/libsylph/utils.c:443:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_len = strlen(suffix);
data/libsylph-1.1.0/libsylph/utils.c:553:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(str, srcp, strlen(srcp) + 1);
data/libsylph-1.1.0/libsylph/utils.c:566:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(str, srcp, strlen(srcp) + 1);
data/libsylph-1.1.0/libsylph/utils.c:603:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp, strlen(srcp) + 1);
data/libsylph-1.1.0/libsylph/utils.c:626:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp, strlen(srcp) + 1);
data/libsylph-1.1.0/libsylph/utils.c:640:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp + 1, strlen(srcp));
data/libsylph-1.1.0/libsylph/utils.c:699:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp + 1, strlen(srcp));
data/libsylph-1.1.0/libsylph/utils.c:728:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp, strlen(srcp) + 1);
data/libsylph-1.1.0/libsylph/utils.c:781:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp, strlen(srcp) + 1);
data/libsylph-1.1.0/libsylph/utils.c:804:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(destp, srcp, strlen(srcp) + 1);
data/libsylph-1.1.0/libsylph/utils.c:828:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = str + strlen(str) - 1;
data/libsylph-1.1.0/libsylph/utils.c:1089:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + 1, strlen(p));
data/libsylph-1.1.0/libsylph/utils.c:1105:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + spc, strlen(p + spc) + 1);
data/libsylph-1.1.0/libsylph/utils.c:1123:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p + spc, strlen(p + spc) + 1);
data/libsylph-1.1.0/libsylph/utils.c:1284:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/libsylph-1.1.0/libsylph/utils.c:1299:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
haystack_len = strlen(haystack);
data/libsylph-1.1.0/libsylph/utils.c:1300:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen(needle);
data/libsylph-1.1.0/libsylph/utils.c:1386:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_string, str, len);
data/libsylph-1.1.0/libsylph/utils.c:1433:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint delimiter_len = strlen(delim);
data/libsylph-1.1.0/libsylph/utils.c:1455:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libsylph-1.1.0/libsylph/utils.c:1517:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libsylph-1.1.0/libsylph/utils.c:1557:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = group + strlen(group);
data/libsylph-1.1.0/libsylph/utils.c:1558:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
abbrev_group = ap = g_malloc(strlen(group) + 1);
data/libsylph-1.1.0/libsylph/utils.c:1584:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) <= len)
data/libsylph-1.1.0/libsylph/utils.c:1611:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((new_len = strlen(str)) <= len)
data/libsylph-1.1.0/libsylph/utils.c:1671:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file, p, q - p + 1);
data/libsylph-1.1.0/libsylph/utils.c:1834:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp = enc = g_malloc(strlen(filename) * 3 + 1);
data/libsylph-1.1.0/libsylph/utils.c:1854:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp = enc = g_malloc(strlen(mailto) * 3 + 1);
data/libsylph-1.1.0/libsylph/utils.c:1915:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*subject = g_malloc(strlen(value) + 1);
data/libsylph-1.1.0/libsylph/utils.c:1919:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*body = g_malloc(strlen(value) + 1);
data/libsylph-1.1.0/libsylph/utils.c:2203:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(buf) + 2;
data/libsylph-1.1.0/libsylph/utils.c:2675:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n_read = read(srcfd, buf, sizeof(buf))) > 0) {
data/libsylph-1.1.0/libsylph/utils.c:2895:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libsylph-1.1.0/libsylph/utils.c:2983:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libsylph-1.1.0/libsylph/utils.c:3121:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = outp = g_malloc(strlen(str) + 1);
data/libsylph-1.1.0/libsylph/utils.c:3141:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = outp = g_malloc(strlen(str) + 1);
data/libsylph-1.1.0/libsylph/utils.c:3148:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outp, p, last - p);
data/libsylph-1.1.0/libsylph/utils.c:3152:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outp, newline - 1, 2);
data/libsylph-1.1.0/libsylph/utils.c:3160:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (last = p + strlen(p);
data/libsylph-1.1.0/libsylph/utils.c:3163:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outp, p, last - p);
data/libsylph-1.1.0/libsylph/utils.c:3192:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
next = fgetc(fp);
data/libsylph-1.1.0/libsylph/utils.c:3254:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
next = fgetc(fp);
data/libsylph-1.1.0/libsylph/utils.c:3488:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(tmpdir);
data/libsylph-1.1.0/libsylph/utils.c:3492:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
proglen = strlen(progname);
data/libsylph-1.1.0/libsylph/utils.c:3528:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libsylph-1.1.0/libsylph/utils.c:3559:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libsylph-1.1.0/libsylph/utils.c:3888:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zone3, zone, 3);
data/libsylph-1.1.0/libsylph/utils.c:3900:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(zone3) == 3) {
data/libsylph-1.1.0/libsylph/utils.c:3910:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(zone3) == 1) {
data/libsylph-1.1.0/libsylph/utils.c:4024:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(asctime(lt), "%3s %3s %d %d:%d:%d %d\n",
data/libsylph-1.1.0/libsylph/utils.h:119:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((__tmp = alloca(strlen(str) + 1)) == NULL) { \
data/libsylph-1.1.0/libsylph/utils.h:136:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(__tmp, str, len); \
data/libsylph-1.1.0/libsylph/utils.h:148:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(str1); \
data/libsylph-1.1.0/libsylph/utils.h:149:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(str2); \
data/libsylph-1.1.0/libsylph/xml.c:220:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libsylph-1.1.0/libsylph/xml.c:226:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) == 0) {
data/libsylph-1.1.0/libsylph/xml.c:516:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(start + 1, end + 1, strlen(end + 1) + 1);
ANALYSIS SUMMARY:
Hits = 294
Lines analyzed = 39263 in approximately 0.82 seconds (47748 lines/second)
Physical Source Lines of Code (SLOC) = 30577
Hits@level = [0] 134 [1] 205 [2] 65 [3] 4 [4] 17 [5] 3
Hits@level+ = [0+] 428 [1+] 294 [2+] 89 [3+] 24 [4+] 20 [5+] 3
Hits/KSLOC@level+ = [0+] 13.9974 [1+] 9.61507 [2+] 2.91068 [3+] 0.784904 [4+] 0.654086 [5+] 0.098113
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.