Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mksh-59c/edit.c
Examining data/mksh-59c/emacsfn.h
Examining data/mksh-59c/eval.c
Examining data/mksh-59c/exec.c
Examining data/mksh-59c/expr.c
Examining data/mksh-59c/exprtok.h
Examining data/mksh-59c/funcs.c
Examining data/mksh-59c/histrap.c
Examining data/mksh-59c/jehanne.c
Examining data/mksh-59c/jobs.c
Examining data/mksh-59c/lalloc.c
Examining data/mksh-59c/lex.c
Examining data/mksh-59c/main.c
Examining data/mksh-59c/mirhash.h
Examining data/mksh-59c/misc.c
Examining data/mksh-59c/os2.c
Examining data/mksh-59c/sh.h
Examining data/mksh-59c/shf.c
Examining data/mksh-59c/strlcpy.c
Examining data/mksh-59c/syn.c
Examining data/mksh-59c/tree.c
Examining data/mksh-59c/ulimit.c
Examining data/mksh-59c/var.c
Examining data/mksh-59c/var_spec.h
Examining data/mksh-59c/debian/printf.c
FINAL RESULTS:
data/mksh-59c/histrap.c:830:8: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(nhname, sb.st_uid, sb.st_gid)) {
data/mksh-59c/misc.c:1823:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
llen = readlink(Xstring(xs, xp), ldest, pathlen);
data/mksh-59c/debian/printf.c:139:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ufprintf fprintf
data/mksh-59c/debian/printf.c:140:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define uprintf printf
data/mksh-59c/exec.c:1287:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fn, mode) < 0) {
data/mksh-59c/expr.c:862:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access_ex(access, fn, mode));
data/mksh-59c/expr.c:867:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((rv = access(fn, mode)) == 0 && (mode & X_OK) &&
data/mksh-59c/funcs.c:258:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (p && access(p, R_OK) < 0)
data/mksh-59c/funcs.c:2751:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define test_access(name,mode) access_ex(access, (name), (mode))
data/mksh-59c/funcs.c:2755:32: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define test_access(name,mode) access((name), (mode))
data/mksh-59c/os2.c:270:1: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access(const char *name, int mode)
data/mksh-59c/var.c:1392:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (mksh_abspath(s) && access(s, W_OK|X_OK) == 0 &&
data/mksh-59c/main.c:1500:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((lfp = getenv("SDMKSH_PATH")) == NULL) {
data/mksh-59c/main.c:1501:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((lfp = getenv("HOME")) == NULL || !mksh_abspath(lfp))
data/mksh-59c/debian/printf.c:541:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (atoi(*gargv++));
data/mksh-59c/debian/printf.c:640:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[4];
data/mksh-59c/edit.c:828:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, pat, patlen);
data/mksh-59c/edit.c:959:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char (*x_tab)[X_TABSZ]; /* key definition */
data/mksh-59c/edit.c:961:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *(*x_atab)[X_TABSZ]; /* macro definitions */
data/mksh-59c/edit.c:963:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char x_bound[(X_TABSZ * X_NTABS + 7) / 8];
data/mksh-59c/edit.c:965:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *killstack[KILLSIZE];
data/mksh-59c/edit.c:973:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *wbuf[2]; /* window buffers */
data/mksh-59c/edit.c:1313:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[4];
data/mksh-59c/edit.c:1721:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4];
data/mksh-59c/edit.c:1787:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[1], *cp = tmp;
data/mksh-59c/edit.c:1891:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[80 + 1]; /* pattern buffer */
data/mksh-59c/edit.c:2949:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf_tmp[3];
data/mksh-59c/edit.c:3471:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char classify[128] = {
data/mksh-59c/edit.c:3545:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lastcmd[MAXVICMD]; /* last non-move command */
data/mksh-59c/edit.c:3548:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char srchpat[SRCHLEN]; /* last search pattern */
data/mksh-59c/edit.c:3669:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, vs->cbuf, vs->linelen);
data/mksh-59c/edit.c:3679:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char curcmd[MAXVICMD], locpat[SRCHLEN];
data/mksh-59c/edit.c:3837:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(srchpat, locpat, srchlen + 1);
data/mksh-59c/edit.c:3914:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(srchpat + 1, vs->cbuf, vs->cursor);
data/mksh-59c/edit.c:4196:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nbuf, ap->val.s, nlen);
data/mksh-59c/edit.c:4199:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nbuf + nlen, macro.p, olen);
data/mksh-59c/edit.c:4870:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(news->cbuf, old->cbuf, old->linelen);
data/mksh-59c/edit.c:4881:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(news->cbuf, old->cbuf, old->linelen);
data/mksh-59c/edit.c:5622:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wds + 1, cmd, len);
data/mksh-59c/edit.c:5680:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xmp, cp, newlen);
data/mksh-59c/eval.c:642:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + n1, rrep, rreplen);
data/mksh-59c/eval.c:1863:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, name, len);
data/mksh-59c/eval.c:2080:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(news, start, l1);
data/mksh-59c/eval.c:2081:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(news + l1, field_start, l2);
data/mksh-59c/eval.c:2082:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(news + l1 + l2, brace_end, l3);
data/mksh-59c/exec.c:874:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[68];
data/mksh-59c/exec.c:1352:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, sp, p - sp);
data/mksh-59c/exec.c:1360:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, name, namelen);
data/mksh-59c/exec.c:1769:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strlcpy(buf, ((const char * const *)arg)[i], buflen);
data/mksh-59c/exec.c:1819:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/mksh-59c/expr.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[2];
data/mksh-59c/expr.c:618:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tvar + 2, es->tokp + 1, c - 2);
data/mksh-59c/expr.c:669:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vp->name, vname, vsize);
data/mksh-59c/funcs.c:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[4];
data/mksh-59c/funcs.c:523:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, co.shf->buf, w);
data/mksh-59c/funcs.c:711:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, xcwd, xlen);
data/mksh-59c/funcs.c:715:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp + xlen, tp->val.s, clen);
data/mksh-59c/funcs.c:1216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/mksh-59c/funcs.c:1405:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[18], *p;
data/mksh-59c/histrap.c:113:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(editor, p, len);
data/mksh-59c/histrap.c:114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(editor + len, Tspdollaru, 4);
data/mksh-59c/histrap.c:207:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, s, len);
data/mksh-59c/histrap.c:210:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, rep, rep_len);
data/mksh-59c/histrap.c:219:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, s, len);
data/mksh-59c/histrap.c:674:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(enqueued + nenq + 1, c, ncmd + 1);
data/mksh-59c/histrap.c:719:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sprinkle[2] = { HMAGIC1, HMAGIC2 };
data/mksh-59c/histrap.c:1015:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[5];
data/mksh-59c/jobs.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[128];
data/mksh-59c/jobs.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256 - (ALLOC_OVERHEAD +
data/mksh-59c/jobs.c:588:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
((forksleep = open("/dev/null", 0)) > 0)) {
data/mksh-59c/jobs.c:1274:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vq->name, vp_pipest->name, 11);
data/mksh-59c/jobs.c:1547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/mksh-59c/jobs.c:1574:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "Running", 8);
data/mksh-59c/jobs.c:1589:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "Done", 5);
data/mksh-59c/lalloc.c:74:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *)lp) + 8192, ((char *)lold) + 8192,
data/mksh-59c/lex.c:412:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wp, sp, cz);
data/mksh-59c/lex.c:599:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[4];
data/mksh-59c/lex.c:655:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wp, sp + 1, cz);
data/mksh-59c/main.c:605:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&l->argv[1], &argv[argi], l->argc * sizeof(void *));
data/mksh-59c/main.c:660:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(baseline_flags, shell_flags, sizeof(shell_flags));
data/mksh-59c/main.c:1229:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(T_devtty, O_RDWR, 0)) >= 0) {
data/mksh-59c/main.c:1506:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((shl_dbg_fd = open(lfp, O_WRONLY | O_APPEND | O_CREAT, 0600)) < 0)
data/mksh-59c/main.c:1756:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, dir, len);
data/mksh-59c/main.c:1758:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, "/shXXXXXX.tmp", 14);
data/mksh-59c/main.c:1920:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->name, n, len);
data/mksh-59c/main.c:2077:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, dent->d_name, n);
data/mksh-59c/mirhash.h:191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(BAFHHost_v.as_u8, BAFHUpdate_p, BAFHHost_z); \
data/mksh-59c/misc.c:48:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chtypes[UCHAR_MAX + 1];
data/mksh-59c/misc.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(sname)]; \
data/mksh-59c/misc.c:107:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define OFF(i) (((const unsigned char *)options[i])[-1])
data/mksh-59c/misc.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, m[(int)FNFLAGS + 1];
data/mksh-59c/misc.c:696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[64];
data/mksh-59c/misc.c:1781:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, tp, len);
data/mksh-59c/misc.c:1984:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, cwd, len);
data/mksh-59c/misc.c:1993:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, plist, plen);
data/mksh-59c/misc.c:2004:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp, file, len);
data/mksh-59c/misc.c:2246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dir, current_wd, ilen);
data/mksh-59c/misc.c:2247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dir + ilen, wp[1], nlen);
data/mksh-59c/misc.c:2248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dir + ilen + nlen, current_wd + ilen + olen, elen);
data/mksh-59c/misc.c:2463:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, len);
data/mksh-59c/os2.c:97:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
!(f = fopen(old_argv[i] + 1, "rt")))
data/mksh-59c/os2.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[512];
data/mksh-59c/os2.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nodots[namelen];
data/mksh-59c/os2.c:260:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nodots, name, namelen);
data/mksh-59c/os2.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nodots[namelen];
data/mksh-59c/os2.c:282:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nodots, name, namelen);
data/mksh-59c/os2.c:379:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(rsp_name)) == -1)
data/mksh-59c/os2.c:404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sign[2];
data/mksh-59c/os2.c:432:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(exec_name, "rb")))
data/mksh-59c/os2.c:469:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rsp_argv[3] = { argv[0], rsp_name_arg, NULL };
data/mksh-59c/os2.c:519:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tp->tffn, name, strlen(name) + 1);
data/mksh-59c/sh.h:285:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define cta(name,expr) struct cta_ ## name { char t[(expr) ? 1 : -1]; }
data/mksh-59c/sh.h:476:30: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memmove(dst,src,len) bcopy((src), (dst), (len))
data/mksh-59c/sh.h:703:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strdup_dst, strdup_src, strdup_len); \
data/mksh-59c/sh.h:714:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strdup_dst, strdup_src, strndup_len); \
data/mksh-59c/sh.h:727:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strdup_dst, strdup_src, strndup_len); \
data/mksh-59c/sh.h:728:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strdup_dst + strndup_len, strdup_app, strndup_ln2); \
data/mksh-59c/sh.h:739:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strdup_dst, strdup_src, strndup_len); \
data/mksh-59c/sh.h:742:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strdup_dst + strndup_len, strdup_app, \
data/mksh-59c/sh.h:805:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[8192 - sizeof(struct lalloc_common *) - sizeof(size_t)];
data/mksh-59c/sh.h:1322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tffn[3];
data/mksh-59c/sh.h:1562:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN unsigned char ebcdic_rtt_toascii[256];
data/mksh-59c/sh.h:1563:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN unsigned char ebcdic_rtt_fromascii[256];
data/mksh-59c/sh.h:1629:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2]; /* for bad option OPTARG value */
data/mksh-59c/sh.h:1786:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4];
data/mksh-59c/sh.h:2211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ugbuf[2];
data/mksh-59c/sh.h:2362:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN char ident[IDENT + 1];
data/mksh-59c/sh.h:2799:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char op_text[4];
data/mksh-59c/sh.h:2848:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int binopen2_fd = open((path), (flags) | O_BINARY); \
data/mksh-59c/sh.h:2854:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int binopen3_fd = open((path), (flags) | O_BINARY, (mode)); \
data/mksh-59c/sh.h:2860:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define binopen2(path,flags) open((path), (flags) | O_BINARY)
data/mksh-59c/sh.h:2861:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define binopen3(path,flags,mode) open((path), (flags) | O_BINARY, (mode))
data/mksh-59c/shf.c:473:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, shf->rp, ncopy);
data/mksh-59c/shf.c:520:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, (char *) shf->rp, ncopy);
data/mksh-59c/shf.c:674:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shf->wp, buf, ncopy);
data/mksh-59c/shf.c:720:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shf->wp, buf, nbytes);
data/mksh-59c/shf.c:798:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[(8 * sizeof(long) + 2) / 3 + 1 + /* NUL */ 1];
data/mksh-59c/shf.c:1112:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuf[15 + 1 + (8 * sizeof(int) + 2) / 3 + 1];
data/mksh-59c/shf.c:1223:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ksh_ctypes, tpl_ctypes, sizeof(tpl_ctypes));
data/mksh-59c/syn.c:515:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->ioact, iops, iopn * sizeof(struct ioword *));
data/mksh-59c/syn.c:847:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redir[8];
data/mksh-59c/syn.c:1148:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ys->old_heres, heres, sizeof(heres));
data/mksh-59c/tree.c:607:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return (memcpy(alloc(len, ap), wp, len));
data/mksh-59c/ulimit.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1];
data/mksh-59c/ulimit.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(lname)]; \
data/mksh-59c/ulimit.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof(lname)]; \
data/mksh-59c/var.c:218:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, p + 1, len);
data/mksh-59c/var.c:224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, n, tmplen);
data/mksh-59c/var.c:406:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[1 + 2 + 1 + 8 * sizeof(mksh_uari_t) + 1];
data/mksh-59c/var.c:493:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vq->val.s, s, n);
data/mksh-59c/var.c:701:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, s, n);
data/mksh-59c/var.c:724:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, s, strlen(s) + 1);
data/mksh-59c/var.c:752:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vp->val.s, vp->name, namelen);
data/mksh-59c/var.c:772:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tvar, tvarbuf[32];
data/mksh-59c/var.c:822:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tvar, var, len);
data/mksh-59c/var.c:831:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tvar, var, len);
data/mksh-59c/var.c:842:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tvar, var, len);
data/mksh-59c/var.c:1032:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vp->val.s + len, val, tlen);
data/mksh-59c/var.c:1288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[18];
data/mksh-59c/var.c:1574:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(news->name, vp->name, len);
data/mksh-59c/debian/printf.c:495:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 2;
data/mksh-59c/edit.c:715:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(words[0]);
data/mksh-59c/edit.c:801:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen(pat);
data/mksh-59c/edit.c:842:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(words[j] + pathlen) + 1);
data/mksh-59c/edit.c:1400:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x_do_ins(s, strlen(s)) < 0)
data/mksh-59c/edit.c:1978:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t patlen = strlen(pat);
data/mksh-59c/edit.c:2036:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ((strncmp(str, pat + 1, strlen(pat + 1)) == 0) ? 0 : -1);
data/mksh-59c/edit.c:2304:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(killstack[killtp]);
data/mksh-59c/edit.c:2584:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = ms = alloc(strlen(ccp) + 1, AEDIT);
data/mksh-59c/edit.c:2761:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x_escape(words[i], strlen(words[i]), x_do_ins) < 0 ||
data/mksh-59c/edit.c:2820:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
completed = !strncmp(words[0], unescaped, strlen(unescaped));
data/mksh-59c/edit.c:3193:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcp = &cp[strlen(cp) - 1];
data/mksh-59c/edit.c:3748:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(KSH_VERSION), false);
data/mksh-59c/edit.c:4188:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(ap->val.s) + 1;
data/mksh-59c/edit.c:4424:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vs->linelen = strlen(vs->cbuf);
data/mksh-59c/edit.c:5105:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((vs->linelen = strlen(hptr)) >= vs->cbufsize)
data/mksh-59c/edit.c:5139:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((vs->linelen = strlen(hptr)) >= vs->cbufsize)
data/mksh-59c/edit.c:5356:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x_escape(words[i], strlen(words[i]), x_vi_putbuf) != 0) {
data/mksh-59c/edit.c:5444:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match_len = strlen(match);
data/mksh-59c/edit.c:5670:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen(cp);
data/mksh-59c/eval.c:106:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(s);
data/mksh-59c/eval.c:522:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rreplen = strlen(rrep);
data/mksh-59c/eval.c:609:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rreplen = strlen(rrep);
data/mksh-59c/eval.c:792:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dp) + 1;
data/mksh-59c/eval.c:807:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
debunk(dp, dp, strlen(dp) + 1));
data/mksh-59c/eval.c:1082:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cp) + 1));
data/mksh-59c/eval.c:1716:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XPput(*wp, debunk(cp, cp, strlen(cp) + 1));
data/mksh-59c/eval.c:1861:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(d->d_name) + 1;
data/mksh-59c/exec.c:898:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, buf, sizeof(buf) - 1);
data/mksh-59c/exec.c:1342:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name) + 1;
data/mksh-59c/exec.c:1743:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(*pp);
data/mksh-59c/exec.c:1780:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(*pp);
data/mksh-59c/expr.c:667:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsize = strlen(vname) + 1;
data/mksh-59c/expr.c:734:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(s));
data/mksh-59c/funcs.c:707:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t xlen = strlen(xcwd);
data/mksh-59c/funcs.c:708:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t clen = strlen(tp->val.s) + 1;
data/mksh-59c/funcs.c:1159:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = strlen(sigtraps[j].name);
data/mksh-59c/funcs.c:1162:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = strlen(sigtraps[j].mess);
data/mksh-59c/funcs.c:1254:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user_opt.p > strlen(wp[user_opt.optind - 1]))) {
data/mksh-59c/funcs.c:1402:15: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask((mode_t)0);
data/mksh-59c/funcs.c:1403:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/mksh-59c/funcs.c:1440:16: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask((mode_t)0);
data/mksh-59c/funcs.c:1442:4: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/mksh-59c/funcs.c:1515:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(new_umask);
data/mksh-59c/funcs.c:2305:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(id);
data/mksh-59c/funcs.c:2530:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
oldmode = umask((mode_t)0);
data/mksh-59c/funcs.c:2571:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oldmode);
data/mksh-59c/histrap.c:109:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(p);
data/mksh-59c/histrap.c:198:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pat_len = strlen(pat);
data/mksh-59c/histrap.c:199:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rep_len = strlen(rep);
data/mksh-59c/histrap.c:217:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s) + 1;
data/mksh-59c/histrap.c:488:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/mksh-59c/histrap.c:670:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nenq = strlen(enqueued);
data/mksh-59c/histrap.c:671:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ncmd = strlen(c);
data/mksh-59c/histrap.c:1022:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(cmd) + 1;
data/mksh-59c/jobs.c:1481:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
coproc_readw_close(coproc.read);
data/mksh-59c/jobs.c:1744:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cp);
data/mksh-59c/lex.c:409:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cz = strlen(sp) + 1;
data/mksh-59c/lex.c:653:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cz = strlen(sp) - 2;
data/mksh-59c/lex.c:1491:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shf = shf_sopen(NULL, strlen(ps1) * 2,
data/mksh-59c/main.c:1656:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (coproc.read >= 0 && fd == coproc.read) {
data/mksh-59c/main.c:1656:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (coproc.read >= 0 && fd == coproc.read) {
data/mksh-59c/main.c:1658:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
close(coproc.read);
data/mksh-59c/main.c:1670:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (coproc.readw >= 0 && coproc.read >= 0 && fd == coproc.read) {
data/mksh-59c/main.c:1670:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (coproc.readw >= 0 && coproc.read >= 0 && fd == coproc.read) {
data/mksh-59c/main.c:1696:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int fd = (mode & R_OK) ? coproc.read : coproc.write;
data/mksh-59c/main.c:1713:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!reuse || coproc.readw < 0 || coproc.read < 0) {
data/mksh-59c/main.c:1714:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (coproc.read >= 0) {
data/mksh-59c/main.c:1715:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
close(coproc.read);
data/mksh-59c/main.c:1741:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dir);
data/mksh-59c/main.c:1911:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(n);
data/mksh-59c/main.c:2074:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(dent->d_name);
data/mksh-59c/misc.c:196:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(OFN(i)))) {
data/mksh-59c/misc.c:609:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = alloc(strlen((const void *)sp) + 1, ATEMP);
data/mksh-59c/misc.c:639:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(dp, sp, strlen((const void *)sp) + 1);
data/mksh-59c/misc.c:1640:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ret = read(fd, buf, nbytes)) < 0) {
data/mksh-59c/misc.c:1740:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Xinit(xs, xp, strlen(ip = ipath) + 1, ATEMP);
data/mksh-59c/misc.c:1982:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cwd);
data/mksh-59c/misc.c:2002:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(file) + 1;
data/mksh-59c/misc.c:2242:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
olen = strlen(wp[0]);
data/mksh-59c/misc.c:2243:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(wp[1]);
data/mksh-59c/misc.c:2244:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elen = strlen(current_wd + ilen + olen) + 1;
data/mksh-59c/misc.c:2444:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(l);
data/mksh-59c/misc.c:2472:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (src == NULL ? NULL : strndup_i(src, strlen(src), ap));
data/mksh-59c/os2.c:257:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(name) + 1;
data/mksh-59c/os2.c:272:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(name) + 1;
data/mksh-59c/os2.c:299:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t x_namelen = strlen(name) + MAX_X_SUFFIX_LEN + 1;
data/mksh-59c/os2.c:384:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, argv[i], strlen(argv[i]));
data/mksh-59c/os2.c:518:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp = alloc(offsetof(struct temp, tffn[0]) + strlen(name) + 1, APERM);
data/mksh-59c/os2.c:519:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(tp->tffn, name, strlen(name) + 1);
data/mksh-59c/sh.h:681:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strnul(s) ((s) + strlen((const void *)s))
data/mksh-59c/sh.h:701:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strdup_len = strlen(strdup_src) + 1; \
data/mksh-59c/sh.h:723:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strndup_len = strlen(strdup_src); \
data/mksh-59c/sh.h:724:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strndup_ln2 = strlen(strdup_app) + 1; \
data/mksh-59c/sh.h:734:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strndup_len = strlen(strdup_src) + 1; \
data/mksh-59c/sh.h:736:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(strdup_app) + 1 : 0; \
data/mksh-59c/sh.h:1642:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read; /* pipe from co-process's stdout */
data/mksh-59c/shf.c:653:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (shf_write(s, strlen(s), shf));
data/mksh-59c/ulimit.c:83:23: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
# error nonsensical m ulimit
data/mksh-59c/ulimit.c:87:23: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
# error nonsensical v ulimit
data/mksh-59c/ulimit.c:134:13: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
extern long ulimit(int, long);
data/mksh-59c/ulimit.c:317:6: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
if (ulimit(l->wesource, val) != -1L)
data/mksh-59c/ulimit.c:336:13: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
if ((val = ulimit(l->resource, 0)) < 0)
data/mksh-59c/var.c:474:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursz = strlen(vq->val.s) + 1;
data/mksh-59c/var.c:490:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(s) + 1;
data/mksh-59c/var.c:724:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(p, s, strlen(s) + 1);
data/mksh-59c/var.c:744:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(vp->name);
data/mksh-59c/var.c:745:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t vallen = strlen(val) + 1;
data/mksh-59c/var.c:840:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(var);
data/mksh-59c/var.c:1029:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(vp->val.s);
data/mksh-59c/var.c:1030:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(val) + 1;
data/mksh-59c/var.c:1571:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(vp->name);
data/mksh-59c/var.c:1641:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(var);
ANALYSIS SUMMARY:
Hits = 273
Lines analyzed = 35877 in approximately 0.86 seconds (41512 lines/second)
Physical Source Lines of Code (SLOC) = 27474
Hits@level = [0] 2 [1] 113 [2] 146 [3] 2 [4] 10 [5] 2
Hits@level+ = [0+] 275 [1+] 273 [2+] 160 [3+] 14 [4+] 12 [5+] 2
Hits/KSLOC@level+ = [0+] 10.0095 [1+] 9.93667 [2+] 5.82369 [3+] 0.509573 [4+] 0.436777 [5+] 0.0727961
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.