Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mimelib1-1.1.4/mimelib/attach.h
Examining data/mimelib1-1.1.4/mimelib/uuencode.cpp
Examining data/mimelib1-1.1.4/mimelib/bodypart.cpp
Examining data/mimelib1-1.1.4/mimelib/datetime.cpp
Examining data/mimelib1-1.1.4/mimelib/tests/test_boyermor.cpp
Examining data/mimelib1-1.1.4/mimelib/tests/exampl02.cpp
Examining data/mimelib1-1.1.4/mimelib/tests/exampl05.cpp
Examining data/mimelib1-1.1.4/mimelib/tests/exampl01.cpp
Examining data/mimelib1-1.1.4/mimelib/tests/exampl04.cpp
Examining data/mimelib1-1.1.4/mimelib/tests/exampl03.cpp
Examining data/mimelib1-1.1.4/mimelib/field.cpp
Examining data/mimelib1-1.1.4/mimelib/fieldbdy.cpp
Examining data/mimelib1-1.1.4/mimelib/dw_mime.cpp
Examining data/mimelib1-1.1.4/mimelib/message.cpp
Examining data/mimelib1-1.1.4/mimelib/multipar.h
Examining data/mimelib1-1.1.4/mimelib/msgcmp.cpp
Examining data/mimelib1-1.1.4/mimelib/disptype.cpp
Examining data/mimelib1-1.1.4/mimelib/binhex.cpp
Examining data/mimelib1-1.1.4/mimelib/multipar.cpp
Examining data/mimelib1-1.1.4/mimelib/address.cpp
Examining data/mimelib1-1.1.4/mimelib/dwstring.cpp
Examining data/mimelib1-1.1.4/mimelib/headers.cpp
Examining data/mimelib1-1.1.4/mimelib/entity.cpp
Examining data/mimelib1-1.1.4/mimelib/mediatyp.cpp
Examining data/mimelib1-1.1.4/mimelib/boyermor.cpp
Examining data/mimelib1-1.1.4/mimelib/nntp.cpp
Examining data/mimelib1-1.1.4/mimelib/msgid.cpp
Examining data/mimelib1-1.1.4/mimelib/param.cpp
Examining data/mimelib1-1.1.4/mimelib/body.cpp
Examining data/mimelib1-1.1.4/mimelib/mechansm.cpp
Examining data/mimelib1-1.1.4/mimelib/basicmsg.cpp
Examining data/mimelib1-1.1.4/mimelib/addrlist.cpp
Examining data/mimelib1-1.1.4/mimelib/protocol.cpp
Examining data/mimelib1-1.1.4/mimelib/pop.cpp
Examining data/mimelib1-1.1.4/mimelib/mailbox.cpp
Examining data/mimelib1-1.1.4/mimelib/text.cpp
Examining data/mimelib1-1.1.4/mimelib/token.cpp
Examining data/mimelib1-1.1.4/mimelib/mimelib/disptype.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/field.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/text.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/msgcmp.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/token.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/uuencode.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/entity.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/msgid.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/nntp.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/mailbox.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/utility.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/mechansm.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/group.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/addrlist.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/protocol.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/fieldbdy.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/pop.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/param.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/mboxlist.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/debug.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/string.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/boyermor.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/enum.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/mediatyp.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/mimepp.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/binhex.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/headers.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/datetime.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/address.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/config.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/bodypart.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/body.h
Examining data/mimelib1-1.1.4/mimelib/mimelib/message.h
Examining data/mimelib1-1.1.4/mimelib/basicmsg.h
Examining data/mimelib1-1.1.4/mimelib/attach.cpp
Examining data/mimelib1-1.1.4/mimelib/group.cpp
Examining data/mimelib1-1.1.4/mimelib/dw_date.cpp
Examining data/mimelib1-1.1.4/mimelib/mboxlist.cpp
Examining data/mimelib1-1.1.4/mimelib/dw_cte.cpp
FINAL RESULTS:
data/mimelib1-1.1.4/mimelib/msgid.cpp:345:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hostname, DwMsgId::sHostName);
data/mimelib1-1.1.4/mimelib/protocol.cpp:131:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mServerName, aServer);
data/mimelib1-1.1.4/mimelib/uuencode.cpp:125:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ascBuf, ascSize, "begin %o %s" DW_EOL, mMode, mFileName);
data/mimelib1-1.1.4/mimelib/uuencode.cpp:135:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&ascBuf[ascPos], DW_EOL);
data/mimelib1-1.1.4/mimelib/uuencode.cpp:200:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&ascBuf[ascPos], DW_EOL);
data/mimelib1-1.1.4/mimelib/uuencode.cpp:206:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&ascBuf[ascPos], "end" DW_EOL);
data/mimelib1-1.1.4/mimelib/dw_date.cpp:667:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(100);
data/mimelib1-1.1.4/mimelib/uuencode.cpp:432:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/mimelib1-1.1.4/mimelib/attach.cpp:216:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(aFilename, "rb");
data/mimelib1-1.1.4/mimelib/binhex.cpp:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mScratch[8]; // for 8-bit to ASCII conversion
data/mimelib1-1.1.4/mimelib/binhex.cpp:315:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[4];
data/mimelib1-1.1.4/mimelib/binhex.cpp:456:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mFileType, aType, 4);
data/mimelib1-1.1.4/mimelib/binhex.cpp:462:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aBuf, mFileType, 4);
data/mimelib1-1.1.4/mimelib/binhex.cpp:468:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mFileCreator, aCreator, 4);
data/mimelib1-1.1.4/mimelib/binhex.cpp:473:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aBuf, mFileCreator, 4);
data/mimelib1-1.1.4/mimelib/datetime.cpp:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lWeekDay[7][4]
data/mimelib1-1.1.4/mimelib/datetime.cpp:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lMonth[12][4]
data/mimelib1-1.1.4/mimelib/datetime.cpp:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/mimelib1-1.1.4/mimelib/datetime.cpp:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/mimelib1-1.1.4/mimelib/dw_cte.cpp:359:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char base64idx[128] = {
data/mimelib1-1.1.4/mimelib/dw_date.cpp:664:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], sgn;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:862:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table[256];
data/mimelib1-1.1.4/mimelib/dwstring.cpp:897:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table[256];
data/mimelib1-1.1.4/mimelib/dwstring.cpp:932:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table[256];
data/mimelib1-1.1.4/mimelib/dwstring.cpp:967:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table[256];
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1277:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, mRep->mBuffer + mStart, pos1);
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1279:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, aBuf, len2);
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1281:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, mRep->mBuffer + mStart + pos1 + len1, mLength - pos1 - len1);
data/mimelib1-1.1.4/mimelib/mediatyp.cpp:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/mimelib1-1.1.4/mimelib/mediatyp.cpp:237:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Boundary-");
data/mimelib1-1.1.4/mimelib/mimelib/binhex.h:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mFileName[64];
data/mimelib1-1.1.4/mimelib/mimelib/binhex.h:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mFileType[8];
data/mimelib1-1.1.4/mimelib/mimelib/binhex.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mFileCreator[8];
data/mimelib1-1.1.4/mimelib/mimelib/boyermor.h:78:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mSkipAmt[256];
data/mimelib1-1.1.4/mimelib/mimelib/boyermor.h:79:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mCiSkipAmt[256]; // case insensitive skip table
data/mimelib1-1.1.4/mimelib/mimelib/uuencode.h:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mFileName[256];
data/mimelib1-1.1.4/mimelib/msgid.cpp:232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[80];
data/mimelib1-1.1.4/mimelib/msgid.cpp:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[80];
data/mimelib1-1.1.4/mimelib/msgid.cpp:348:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostname, "noname");
data/mimelib1-1.1.4/mimelib/msgid.cpp:365:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "noname");
data/mimelib1-1.1.4/mimelib/nntp.cpp:115:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "ARTICLE\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:139:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "ARTICLE ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:141:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, "\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:164:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "HEAD\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:187:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "HEAD ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:189:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, "\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:212:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "BODY\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:235:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "BODY ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:237:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, "\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:260:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "STAT\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:280:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "STAT ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:282:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, "\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:301:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "GROUP ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:303:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, "\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:319:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "HELP\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:338:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "LAST\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:354:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "LIST\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:374:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "NEWGROUPS ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:379:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, " GMT");
data/mimelib1-1.1.4/mimelib/nntp.cpp:385:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, "\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:405:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "NEWNEWS ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:412:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, " GMT");
data/mimelib1-1.1.4/mimelib/nntp.cpp:419:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, "\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:438:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "NEXT\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:454:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "POST\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:470:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "QUIT\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:486:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "SLAVE\r\n");
data/mimelib1-1.1.4/mimelib/nntp.cpp:610:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
DBG_NNTP_STMT(char buffer[256];)
data/mimelib1-1.1.4/mimelib/pop.cpp:109:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "USER ");
data/mimelib1-1.1.4/mimelib/pop.cpp:111:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, "\r\n");
data/mimelib1-1.1.4/mimelib/pop.cpp:127:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "PASS ");
data/mimelib1-1.1.4/mimelib/pop.cpp:129:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, "\r\n");
data/mimelib1-1.1.4/mimelib/pop.cpp:145:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "QUIT\r\n");
data/mimelib1-1.1.4/mimelib/pop.cpp:161:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "STAT\r\n");
data/mimelib1-1.1.4/mimelib/pop.cpp:177:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "LIST\r\n");
data/mimelib1-1.1.4/mimelib/pop.cpp:247:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "NOOP\r\n");
data/mimelib1-1.1.4/mimelib/pop.cpp:263:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "RSET\r\n");
data/mimelib1-1.1.4/mimelib/pop.cpp:279:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "LAST\r\n");
data/mimelib1-1.1.4/mimelib/pop.cpp:295:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "APOP ");
data/mimelib1-1.1.4/mimelib/pop.cpp:299:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mSendBuffer, "\r\n");
data/mimelib1-1.1.4/mimelib/pop.cpp:334:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mSendBuffer, "UIDL\r\n");
data/mimelib1-1.1.4/mimelib/pop.cpp:377:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
DBG_POP_STMT(char buffer[256];)
data/mimelib1-1.1.4/mimelib/protocol.cpp:178:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&serverAddr.sin_addr.s_addr, in_addrp, sizeof(struct in_addr));
data/mimelib1-1.1.4/mimelib/attach.cpp:224:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = getc(fp);
data/mimelib1-1.1.4/mimelib/binhex.cpp:443:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mFileName, aName, 64);
data/mimelib1-1.1.4/mimelib/binhex.cpp:540:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ (mDataFork.length()+2)/3*4 + 27 + strlen(mFileName);
data/mimelib1-1.1.4/mimelib/binhex.cpp:548:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fileNameLen = strlen(mFileName);
data/mimelib1-1.1.4/mimelib/boyermor.cpp:35:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(aCstr);
data/mimelib1-1.1.4/mimelib/boyermor.cpp:69:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(aCstr);
data/mimelib1-1.1.4/mimelib/boyermor.cpp:89:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mPat, aPat, mPatLen);
data/mimelib1-1.1.4/mimelib/datetime.cpp:274:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, mString.data(), mString.length());
data/mimelib1-1.1.4/mimelib/dw_cte.cpp:124:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
destSize += strlen(DW_EOL)*destSize/72 + 2;
data/mimelib1-1.1.4/mimelib/dw_cte.cpp:403:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outSize += strlen(DW_EOL)*outSize/MAXLINE + 2; /* Space for newlines and NUL */
data/mimelib1-1.1.4/mimelib/dw_date.cpp:728:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/mimelib1-1.1.4/mimelib/dwstring.cpp:402:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(aCstr);
data/mimelib1-1.1.4/mimelib/dwstring.cpp:559:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:612:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:661:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:717:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:788:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(aCstr);
data/mimelib1-1.1.4/mimelib/dwstring.cpp:833:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:879:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(aCstr);
data/mimelib1-1.1.4/mimelib/dwstring.cpp:915:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(aCstr);
data/mimelib1-1.1.4/mimelib/dwstring.cpp:949:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(aCstr);
data/mimelib1-1.1.4/mimelib/dwstring.cpp:985:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(aCstr);
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1038:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1516:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1527:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1554:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1565:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1592:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1603:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1630:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1641:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1668:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1679:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1706:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1717:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1774:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1783:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1809:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1819:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1844:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1853:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1879:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/dwstring.cpp:1889:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = (aCstr) ? strlen(aCstr) : 0;
data/mimelib1-1.1.4/mimelib/mediatyp.cpp:238:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pos = strlen(buf);
data/mimelib1-1.1.4/mimelib/msgid.cpp:361:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, DwMsgId::sHostName, bufLen);
data/mimelib1-1.1.4/mimelib/nntp.cpp:118:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:140:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aMsgId, 80);
data/mimelib1-1.1.4/mimelib/nntp.cpp:143:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:167:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:188:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aMsgId, 80);
data/mimelib1-1.1.4/mimelib/nntp.cpp:191:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:215:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:236:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aMsgId, 80);
data/mimelib1-1.1.4/mimelib/nntp.cpp:239:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:263:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:281:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aMsgId, 80);
data/mimelib1-1.1.4/mimelib/nntp.cpp:284:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:302:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aNewsgroupName, SEND_BUFFER_SIZE-32);
data/mimelib1-1.1.4/mimelib/nntp.cpp:305:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:321:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:340:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:356:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:375:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aDate, 16);
data/mimelib1-1.1.4/mimelib/nntp.cpp:376:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mSendBuffer, " ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:377:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aTime, 16);
data/mimelib1-1.1.4/mimelib/nntp.cpp:382:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mSendBuffer, " ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:383:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aDistribution, SEND_BUFFER_SIZE-64);
data/mimelib1-1.1.4/mimelib/nntp.cpp:387:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:406:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aNewsgroups, SEND_BUFFER_SIZE-64);
data/mimelib1-1.1.4/mimelib/nntp.cpp:407:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mSendBuffer, " ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:408:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aDate, 16);
data/mimelib1-1.1.4/mimelib/nntp.cpp:409:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mSendBuffer, " ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:410:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aTime, 16);
data/mimelib1-1.1.4/mimelib/nntp.cpp:415:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mSendBuffer, " ");
data/mimelib1-1.1.4/mimelib/nntp.cpp:416:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:417:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aDistribution, SEND_BUFFER_SIZE-n-4);
data/mimelib1-1.1.4/mimelib/nntp.cpp:421:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:440:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:456:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:472:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:488:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/nntp.cpp:611:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
DBG_NNTP_STMT(strncpy(buffer, ptr, len);)
data/mimelib1-1.1.4/mimelib/pop.cpp:110:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aName, SEND_BUFFER_SIZE-32);
data/mimelib1-1.1.4/mimelib/pop.cpp:113:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:128:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aPasswd, SEND_BUFFER_SIZE-32);
data/mimelib1-1.1.4/mimelib/pop.cpp:131:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:147:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:163:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:179:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:198:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:214:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:233:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:249:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:265:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:281:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:296:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aName, 256);
data/mimelib1-1.1.4/mimelib/pop.cpp:297:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mSendBuffer, " ");
data/mimelib1-1.1.4/mimelib/pop.cpp:298:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mSendBuffer, aDigest, 256);
data/mimelib1-1.1.4/mimelib/pop.cpp:301:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:317:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:336:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:355:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufferLen = strlen(mSendBuffer);
data/mimelib1-1.1.4/mimelib/pop.cpp:378:22: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
DBG_POP_STMT(strncpy(buffer, ptr, len);)
data/mimelib1-1.1.4/mimelib/protocol.cpp:130:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mServerName = new char[strlen(aServer)+1];
data/mimelib1-1.1.4/mimelib/uuencode.cpp:54:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mFileName, aName, n);
data/mimelib1-1.1.4/mimelib/uuencode.cpp:115:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ ((binLen+44)/45+1)*(strlen(DW_EOL)+1)
data/mimelib1-1.1.4/mimelib/uuencode.cpp:116:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(mFileName)
data/mimelib1-1.1.4/mimelib/uuencode.cpp:117:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 13 + 2*strlen(DW_EOL)
data/mimelib1-1.1.4/mimelib/uuencode.cpp:126:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ascPos = strlen(ascBuf);
data/mimelib1-1.1.4/mimelib/uuencode.cpp:136:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ascPos += strlen(DW_EOL);
data/mimelib1-1.1.4/mimelib/uuencode.cpp:201:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ascPos += strlen(DW_EOL);
data/mimelib1-1.1.4/mimelib/uuencode.cpp:207:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ascPos += 3 + strlen(DW_EOL);
ANALYSIS SUMMARY:
Hits = 195
Lines analyzed = 24623 in approximately 0.51 seconds (48756 lines/second)
Physical Source Lines of Code (SLOC) = 15174
Hits@level = [0] 22 [1] 112 [2] 75 [3] 2 [4] 6 [5] 0
Hits@level+ = [0+] 217 [1+] 195 [2+] 83 [3+] 8 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 14.3008 [1+] 12.8509 [2+] 5.46988 [3+] 0.527218 [4+] 0.395413 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.