Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mimelib1-1.1.4/mimelib/attach.h Examining data/mimelib1-1.1.4/mimelib/uuencode.cpp Examining data/mimelib1-1.1.4/mimelib/bodypart.cpp Examining data/mimelib1-1.1.4/mimelib/datetime.cpp Examining data/mimelib1-1.1.4/mimelib/tests/test_boyermor.cpp Examining data/mimelib1-1.1.4/mimelib/tests/exampl02.cpp Examining data/mimelib1-1.1.4/mimelib/tests/exampl05.cpp Examining data/mimelib1-1.1.4/mimelib/tests/exampl01.cpp Examining data/mimelib1-1.1.4/mimelib/tests/exampl04.cpp Examining data/mimelib1-1.1.4/mimelib/tests/exampl03.cpp Examining data/mimelib1-1.1.4/mimelib/field.cpp Examining data/mimelib1-1.1.4/mimelib/fieldbdy.cpp Examining data/mimelib1-1.1.4/mimelib/dw_mime.cpp Examining data/mimelib1-1.1.4/mimelib/message.cpp Examining data/mimelib1-1.1.4/mimelib/multipar.h Examining data/mimelib1-1.1.4/mimelib/msgcmp.cpp Examining data/mimelib1-1.1.4/mimelib/disptype.cpp Examining data/mimelib1-1.1.4/mimelib/binhex.cpp Examining data/mimelib1-1.1.4/mimelib/multipar.cpp Examining data/mimelib1-1.1.4/mimelib/address.cpp Examining data/mimelib1-1.1.4/mimelib/dwstring.cpp Examining data/mimelib1-1.1.4/mimelib/headers.cpp Examining data/mimelib1-1.1.4/mimelib/entity.cpp Examining data/mimelib1-1.1.4/mimelib/mediatyp.cpp Examining data/mimelib1-1.1.4/mimelib/boyermor.cpp Examining data/mimelib1-1.1.4/mimelib/nntp.cpp Examining data/mimelib1-1.1.4/mimelib/msgid.cpp Examining data/mimelib1-1.1.4/mimelib/param.cpp Examining data/mimelib1-1.1.4/mimelib/body.cpp Examining data/mimelib1-1.1.4/mimelib/mechansm.cpp Examining data/mimelib1-1.1.4/mimelib/basicmsg.cpp Examining data/mimelib1-1.1.4/mimelib/addrlist.cpp Examining data/mimelib1-1.1.4/mimelib/protocol.cpp Examining data/mimelib1-1.1.4/mimelib/pop.cpp Examining data/mimelib1-1.1.4/mimelib/mailbox.cpp Examining data/mimelib1-1.1.4/mimelib/text.cpp Examining data/mimelib1-1.1.4/mimelib/token.cpp Examining data/mimelib1-1.1.4/mimelib/mimelib/disptype.h Examining data/mimelib1-1.1.4/mimelib/mimelib/field.h Examining data/mimelib1-1.1.4/mimelib/mimelib/text.h Examining data/mimelib1-1.1.4/mimelib/mimelib/msgcmp.h Examining data/mimelib1-1.1.4/mimelib/mimelib/token.h Examining data/mimelib1-1.1.4/mimelib/mimelib/uuencode.h Examining data/mimelib1-1.1.4/mimelib/mimelib/entity.h Examining data/mimelib1-1.1.4/mimelib/mimelib/msgid.h Examining data/mimelib1-1.1.4/mimelib/mimelib/nntp.h Examining data/mimelib1-1.1.4/mimelib/mimelib/mailbox.h Examining data/mimelib1-1.1.4/mimelib/mimelib/utility.h Examining data/mimelib1-1.1.4/mimelib/mimelib/mechansm.h Examining data/mimelib1-1.1.4/mimelib/mimelib/group.h Examining data/mimelib1-1.1.4/mimelib/mimelib/addrlist.h Examining data/mimelib1-1.1.4/mimelib/mimelib/protocol.h Examining data/mimelib1-1.1.4/mimelib/mimelib/fieldbdy.h Examining data/mimelib1-1.1.4/mimelib/mimelib/pop.h Examining data/mimelib1-1.1.4/mimelib/mimelib/param.h Examining data/mimelib1-1.1.4/mimelib/mimelib/mboxlist.h Examining data/mimelib1-1.1.4/mimelib/mimelib/debug.h Examining data/mimelib1-1.1.4/mimelib/mimelib/string.h Examining data/mimelib1-1.1.4/mimelib/mimelib/boyermor.h Examining data/mimelib1-1.1.4/mimelib/mimelib/enum.h Examining data/mimelib1-1.1.4/mimelib/mimelib/mediatyp.h Examining data/mimelib1-1.1.4/mimelib/mimelib/mimepp.h Examining data/mimelib1-1.1.4/mimelib/mimelib/binhex.h Examining data/mimelib1-1.1.4/mimelib/mimelib/headers.h Examining data/mimelib1-1.1.4/mimelib/mimelib/datetime.h Examining data/mimelib1-1.1.4/mimelib/mimelib/address.h Examining data/mimelib1-1.1.4/mimelib/mimelib/config.h Examining data/mimelib1-1.1.4/mimelib/mimelib/bodypart.h Examining data/mimelib1-1.1.4/mimelib/mimelib/body.h Examining data/mimelib1-1.1.4/mimelib/mimelib/message.h Examining data/mimelib1-1.1.4/mimelib/basicmsg.h Examining data/mimelib1-1.1.4/mimelib/attach.cpp Examining data/mimelib1-1.1.4/mimelib/group.cpp Examining data/mimelib1-1.1.4/mimelib/dw_date.cpp Examining data/mimelib1-1.1.4/mimelib/mboxlist.cpp Examining data/mimelib1-1.1.4/mimelib/dw_cte.cpp FINAL RESULTS: data/mimelib1-1.1.4/mimelib/msgid.cpp:345:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hostname, DwMsgId::sHostName); data/mimelib1-1.1.4/mimelib/protocol.cpp:131:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mServerName, aServer); data/mimelib1-1.1.4/mimelib/uuencode.cpp:125:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ascBuf, ascSize, "begin %o %s" DW_EOL, mMode, mFileName); data/mimelib1-1.1.4/mimelib/uuencode.cpp:135:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&ascBuf[ascPos], DW_EOL); data/mimelib1-1.1.4/mimelib/uuencode.cpp:200:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&ascBuf[ascPos], DW_EOL); data/mimelib1-1.1.4/mimelib/uuencode.cpp:206:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&ascBuf[ascPos], "end" DW_EOL); data/mimelib1-1.1.4/mimelib/dw_date.cpp:667:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(100); data/mimelib1-1.1.4/mimelib/uuencode.cpp:432:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); data/mimelib1-1.1.4/mimelib/attach.cpp:216:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fp = fopen(aFilename, "rb"); data/mimelib1-1.1.4/mimelib/binhex.cpp:122:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mScratch[8]; // for 8-bit to ASCII conversion data/mimelib1-1.1.4/mimelib/binhex.cpp:315:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cc[4]; data/mimelib1-1.1.4/mimelib/binhex.cpp:456:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mFileType, aType, 4); data/mimelib1-1.1.4/mimelib/binhex.cpp:462:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aBuf, mFileType, 4); data/mimelib1-1.1.4/mimelib/binhex.cpp:468:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mFileCreator, aCreator, 4); data/mimelib1-1.1.4/mimelib/binhex.cpp:473:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aBuf, mFileCreator, 4); data/mimelib1-1.1.4/mimelib/datetime.cpp:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lWeekDay[7][4] data/mimelib1-1.1.4/mimelib/datetime.cpp:37:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lMonth[12][4] data/mimelib1-1.1.4/mimelib/datetime.cpp:261:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/mimelib1-1.1.4/mimelib/datetime.cpp:314:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/mimelib1-1.1.4/mimelib/dw_cte.cpp:359:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char base64idx[128] = { data/mimelib1-1.1.4/mimelib/dw_date.cpp:664:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100], sgn; data/mimelib1-1.1.4/mimelib/dwstring.cpp:862:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table[256]; data/mimelib1-1.1.4/mimelib/dwstring.cpp:897:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table[256]; data/mimelib1-1.1.4/mimelib/dwstring.cpp:932:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table[256]; data/mimelib1-1.1.4/mimelib/dwstring.cpp:967:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table[256]; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1277:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, mRep->mBuffer + mStart, pos1); data/mimelib1-1.1.4/mimelib/dwstring.cpp:1279:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, aBuf, len2); data/mimelib1-1.1.4/mimelib/dwstring.cpp:1281:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, mRep->mBuffer + mStart + pos1 + len1, mLength - pos1 - len1); data/mimelib1-1.1.4/mimelib/mediatyp.cpp:236:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/mimelib1-1.1.4/mimelib/mediatyp.cpp:237:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Boundary-"); data/mimelib1-1.1.4/mimelib/mimelib/binhex.h:148:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mFileName[64]; data/mimelib1-1.1.4/mimelib/mimelib/binhex.h:149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mFileType[8]; data/mimelib1-1.1.4/mimelib/mimelib/binhex.h:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mFileCreator[8]; data/mimelib1-1.1.4/mimelib/mimelib/boyermor.h:78:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mSkipAmt[256]; data/mimelib1-1.1.4/mimelib/mimelib/boyermor.h:79:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mCiSkipAmt[256]; // case insensitive skip table data/mimelib1-1.1.4/mimelib/mimelib/uuencode.h:114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mFileName[256]; data/mimelib1-1.1.4/mimelib/msgid.cpp:232:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[80]; data/mimelib1-1.1.4/mimelib/msgid.cpp:236:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scratch[80]; data/mimelib1-1.1.4/mimelib/msgid.cpp:348:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(hostname, "noname"); data/mimelib1-1.1.4/mimelib/msgid.cpp:365:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "noname"); data/mimelib1-1.1.4/mimelib/nntp.cpp:115:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "ARTICLE\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:139:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "ARTICLE "); data/mimelib1-1.1.4/mimelib/nntp.cpp:141:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, "\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:164:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "HEAD\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:187:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "HEAD "); data/mimelib1-1.1.4/mimelib/nntp.cpp:189:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, "\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:212:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "BODY\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:235:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "BODY "); data/mimelib1-1.1.4/mimelib/nntp.cpp:237:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, "\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:260:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "STAT\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:280:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "STAT "); data/mimelib1-1.1.4/mimelib/nntp.cpp:282:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, "\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:301:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "GROUP "); data/mimelib1-1.1.4/mimelib/nntp.cpp:303:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, "\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:319:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "HELP\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:338:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "LAST\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:354:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "LIST\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:374:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "NEWGROUPS "); data/mimelib1-1.1.4/mimelib/nntp.cpp:379:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, " GMT"); data/mimelib1-1.1.4/mimelib/nntp.cpp:385:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, "\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:405:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "NEWNEWS "); data/mimelib1-1.1.4/mimelib/nntp.cpp:412:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, " GMT"); data/mimelib1-1.1.4/mimelib/nntp.cpp:419:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, "\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:438:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "NEXT\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:454:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "POST\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:470:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "QUIT\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:486:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "SLAVE\r\n"); data/mimelib1-1.1.4/mimelib/nntp.cpp:610:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DBG_NNTP_STMT(char buffer[256];) data/mimelib1-1.1.4/mimelib/pop.cpp:109:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "USER "); data/mimelib1-1.1.4/mimelib/pop.cpp:111:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, "\r\n"); data/mimelib1-1.1.4/mimelib/pop.cpp:127:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "PASS "); data/mimelib1-1.1.4/mimelib/pop.cpp:129:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, "\r\n"); data/mimelib1-1.1.4/mimelib/pop.cpp:145:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "QUIT\r\n"); data/mimelib1-1.1.4/mimelib/pop.cpp:161:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "STAT\r\n"); data/mimelib1-1.1.4/mimelib/pop.cpp:177:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "LIST\r\n"); data/mimelib1-1.1.4/mimelib/pop.cpp:247:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "NOOP\r\n"); data/mimelib1-1.1.4/mimelib/pop.cpp:263:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "RSET\r\n"); data/mimelib1-1.1.4/mimelib/pop.cpp:279:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "LAST\r\n"); data/mimelib1-1.1.4/mimelib/pop.cpp:295:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "APOP "); data/mimelib1-1.1.4/mimelib/pop.cpp:299:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mSendBuffer, "\r\n"); data/mimelib1-1.1.4/mimelib/pop.cpp:334:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mSendBuffer, "UIDL\r\n"); data/mimelib1-1.1.4/mimelib/pop.cpp:377:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DBG_POP_STMT(char buffer[256];) data/mimelib1-1.1.4/mimelib/protocol.cpp:178:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&serverAddr.sin_addr.s_addr, in_addrp, sizeof(struct in_addr)); data/mimelib1-1.1.4/mimelib/attach.cpp:224:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int ch = getc(fp); data/mimelib1-1.1.4/mimelib/binhex.cpp:443:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mFileName, aName, 64); data/mimelib1-1.1.4/mimelib/binhex.cpp:540:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (mDataFork.length()+2)/3*4 + 27 + strlen(mFileName); data/mimelib1-1.1.4/mimelib/binhex.cpp:548:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t fileNameLen = strlen(mFileName); data/mimelib1-1.1.4/mimelib/boyermor.cpp:35:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(aCstr); data/mimelib1-1.1.4/mimelib/boyermor.cpp:69:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(aCstr); data/mimelib1-1.1.4/mimelib/boyermor.cpp:89:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mPat, aPat, mPatLen); data/mimelib1-1.1.4/mimelib/datetime.cpp:274:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, mString.data(), mString.length()); data/mimelib1-1.1.4/mimelib/dw_cte.cpp:124:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). destSize += strlen(DW_EOL)*destSize/72 + 2; data/mimelib1-1.1.4/mimelib/dw_cte.cpp:403:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outSize += strlen(DW_EOL)*outSize/MAXLINE + 2; /* Space for newlines and NUL */ data/mimelib1-1.1.4/mimelib/dw_date.cpp:728:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str); data/mimelib1-1.1.4/mimelib/dwstring.cpp:402:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(aCstr); data/mimelib1-1.1.4/mimelib/dwstring.cpp:559:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:612:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:661:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:717:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:788:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(aCstr); data/mimelib1-1.1.4/mimelib/dwstring.cpp:833:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:879:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(aCstr); data/mimelib1-1.1.4/mimelib/dwstring.cpp:915:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(aCstr); data/mimelib1-1.1.4/mimelib/dwstring.cpp:949:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(aCstr); data/mimelib1-1.1.4/mimelib/dwstring.cpp:985:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(aCstr); data/mimelib1-1.1.4/mimelib/dwstring.cpp:1038:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1516:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1527:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1554:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1565:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1592:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1603:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1630:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1641:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1668:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1679:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1706:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1717:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1774:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1783:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1809:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1819:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1844:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1853:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1879:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/dwstring.cpp:1889:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = (aCstr) ? strlen(aCstr) : 0; data/mimelib1-1.1.4/mimelib/mediatyp.cpp:238:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int pos = strlen(buf); data/mimelib1-1.1.4/mimelib/msgid.cpp:361:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, DwMsgId::sHostName, bufLen); data/mimelib1-1.1.4/mimelib/nntp.cpp:118:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:140:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aMsgId, 80); data/mimelib1-1.1.4/mimelib/nntp.cpp:143:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:167:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:188:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aMsgId, 80); data/mimelib1-1.1.4/mimelib/nntp.cpp:191:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:215:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:236:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aMsgId, 80); data/mimelib1-1.1.4/mimelib/nntp.cpp:239:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:263:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:281:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aMsgId, 80); data/mimelib1-1.1.4/mimelib/nntp.cpp:284:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:302:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aNewsgroupName, SEND_BUFFER_SIZE-32); data/mimelib1-1.1.4/mimelib/nntp.cpp:305:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:321:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:340:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:356:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:375:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aDate, 16); data/mimelib1-1.1.4/mimelib/nntp.cpp:376:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mSendBuffer, " "); data/mimelib1-1.1.4/mimelib/nntp.cpp:377:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aTime, 16); data/mimelib1-1.1.4/mimelib/nntp.cpp:382:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mSendBuffer, " "); data/mimelib1-1.1.4/mimelib/nntp.cpp:383:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aDistribution, SEND_BUFFER_SIZE-64); data/mimelib1-1.1.4/mimelib/nntp.cpp:387:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:406:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aNewsgroups, SEND_BUFFER_SIZE-64); data/mimelib1-1.1.4/mimelib/nntp.cpp:407:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mSendBuffer, " "); data/mimelib1-1.1.4/mimelib/nntp.cpp:408:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aDate, 16); data/mimelib1-1.1.4/mimelib/nntp.cpp:409:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mSendBuffer, " "); data/mimelib1-1.1.4/mimelib/nntp.cpp:410:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aTime, 16); data/mimelib1-1.1.4/mimelib/nntp.cpp:415:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mSendBuffer, " "); data/mimelib1-1.1.4/mimelib/nntp.cpp:416:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:417:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aDistribution, SEND_BUFFER_SIZE-n-4); data/mimelib1-1.1.4/mimelib/nntp.cpp:421:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:440:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:456:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:472:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:488:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/nntp.cpp:611:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). DBG_NNTP_STMT(strncpy(buffer, ptr, len);) data/mimelib1-1.1.4/mimelib/pop.cpp:110:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aName, SEND_BUFFER_SIZE-32); data/mimelib1-1.1.4/mimelib/pop.cpp:113:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:128:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aPasswd, SEND_BUFFER_SIZE-32); data/mimelib1-1.1.4/mimelib/pop.cpp:131:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:147:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:163:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:179:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:198:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:214:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:233:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:249:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:265:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:281:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:296:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aName, 256); data/mimelib1-1.1.4/mimelib/pop.cpp:297:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mSendBuffer, " "); data/mimelib1-1.1.4/mimelib/pop.cpp:298:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(mSendBuffer, aDigest, 256); data/mimelib1-1.1.4/mimelib/pop.cpp:301:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:317:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:336:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:355:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufferLen = strlen(mSendBuffer); data/mimelib1-1.1.4/mimelib/pop.cpp:378:22: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). DBG_POP_STMT(strncpy(buffer, ptr, len);) data/mimelib1-1.1.4/mimelib/protocol.cpp:130:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mServerName = new char[strlen(aServer)+1]; data/mimelib1-1.1.4/mimelib/uuencode.cpp:54:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mFileName, aName, n); data/mimelib1-1.1.4/mimelib/uuencode.cpp:115:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + ((binLen+44)/45+1)*(strlen(DW_EOL)+1) data/mimelib1-1.1.4/mimelib/uuencode.cpp:116:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(mFileName) data/mimelib1-1.1.4/mimelib/uuencode.cpp:117:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + 13 + 2*strlen(DW_EOL) data/mimelib1-1.1.4/mimelib/uuencode.cpp:126:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ascPos = strlen(ascBuf); data/mimelib1-1.1.4/mimelib/uuencode.cpp:136:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ascPos += strlen(DW_EOL); data/mimelib1-1.1.4/mimelib/uuencode.cpp:201:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ascPos += strlen(DW_EOL); data/mimelib1-1.1.4/mimelib/uuencode.cpp:207:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ascPos += 3 + strlen(DW_EOL); ANALYSIS SUMMARY: Hits = 195 Lines analyzed = 24623 in approximately 0.51 seconds (48756 lines/second) Physical Source Lines of Code (SLOC) = 15174 Hits@level = [0] 22 [1] 112 [2] 75 [3] 2 [4] 6 [5] 0 Hits@level+ = [0+] 217 [1+] 195 [2+] 83 [3+] 8 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 14.3008 [1+] 12.8509 [2+] 5.46988 [3+] 0.527218 [4+] 0.395413 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.