Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/nagios4-4.4.6/base/broker.c Examining data/nagios4-4.4.6/base/checks.c Examining data/nagios4-4.4.6/base/commands.c Examining data/nagios4-4.4.6/base/config.c Examining data/nagios4-4.4.6/base/events.c Examining data/nagios4-4.4.6/base/flapping.c Examining data/nagios4-4.4.6/base/logging.c Examining data/nagios4-4.4.6/base/nagios.c Examining data/nagios4-4.4.6/base/nagiostats.c Examining data/nagios4-4.4.6/base/nebmods.c Examining data/nagios4-4.4.6/base/nerd.c Examining data/nagios4-4.4.6/base/netutils.c Examining data/nagios4-4.4.6/base/notifications.c Examining data/nagios4-4.4.6/base/perfdata.c Examining data/nagios4-4.4.6/base/query-handler.c Examining data/nagios4-4.4.6/base/sehandlers.c Examining data/nagios4-4.4.6/base/sretention.c Examining data/nagios4-4.4.6/base/utils.c Examining data/nagios4-4.4.6/base/workers.c Examining data/nagios4-4.4.6/base/wp-phash.c Examining data/nagios4-4.4.6/base/wpres-phash.h Examining data/nagios4-4.4.6/cgi/archivejson.c Examining data/nagios4-4.4.6/cgi/archiveutils.c Examining data/nagios4-4.4.6/cgi/avail.c Examining data/nagios4-4.4.6/cgi/cgiauth.c Examining data/nagios4-4.4.6/cgi/cmd.c Examining data/nagios4-4.4.6/cgi/config.c Examining data/nagios4-4.4.6/cgi/extcmd_list.c Examining data/nagios4-4.4.6/cgi/extinfo.c Examining data/nagios4-4.4.6/cgi/getcgi.c Examining data/nagios4-4.4.6/cgi/histogram.c Examining data/nagios4-4.4.6/cgi/history.c Examining data/nagios4-4.4.6/cgi/jsonutils.c Examining data/nagios4-4.4.6/cgi/notifications.c Examining data/nagios4-4.4.6/cgi/objectjson.c Examining data/nagios4-4.4.6/cgi/outages.c Examining data/nagios4-4.4.6/cgi/showlog.c Examining data/nagios4-4.4.6/cgi/status.c Examining data/nagios4-4.4.6/cgi/statusjson.c Examining data/nagios4-4.4.6/cgi/statusmap.c Examining data/nagios4-4.4.6/cgi/statuswml.c Examining data/nagios4-4.4.6/cgi/statuswrl.c Examining data/nagios4-4.4.6/cgi/summary.c Examining data/nagios4-4.4.6/cgi/tac.c Examining data/nagios4-4.4.6/cgi/trends.c Examining data/nagios4-4.4.6/cgi/cgiutils.c Examining data/nagios4-4.4.6/common/comments.c Examining data/nagios4-4.4.6/common/downtime.c Examining data/nagios4-4.4.6/common/macros.c Examining data/nagios4-4.4.6/common/objects.c Examining data/nagios4-4.4.6/common/shared.c Examining data/nagios4-4.4.6/common/statusdata.c Examining data/nagios4-4.4.6/contrib/convertcfg.c Examining data/nagios4-4.4.6/contrib/daemonchk.c Examining data/nagios4-4.4.6/contrib/nagios-worker.c Examining data/nagios4-4.4.6/include/archivejson.h Examining data/nagios4-4.4.6/include/archiveutils.h Examining data/nagios4-4.4.6/include/broker.h Examining data/nagios4-4.4.6/include/cgiauth.h Examining data/nagios4-4.4.6/include/cgiutils.h Examining data/nagios4-4.4.6/include/comments.h Examining data/nagios4-4.4.6/include/common.h Examining data/nagios4-4.4.6/include/config_pwd.h Examining data/nagios4-4.4.6/include/defaults.h Examining data/nagios4-4.4.6/include/downtime.h Examining data/nagios4-4.4.6/include/getcgi.h Examining data/nagios4-4.4.6/include/jsonutils.h Examining data/nagios4-4.4.6/include/logging.h Examining data/nagios4-4.4.6/include/macros.h Examining data/nagios4-4.4.6/include/nagios.h Examining data/nagios4-4.4.6/include/nebcallbacks.h Examining data/nagios4-4.4.6/include/neberrors.h Examining data/nagios4-4.4.6/include/nebmods.h Examining data/nagios4-4.4.6/include/nebmodules.h Examining data/nagios4-4.4.6/include/nebstructs.h Examining data/nagios4-4.4.6/include/netutils.h Examining data/nagios4-4.4.6/include/objectjson.h Examining data/nagios4-4.4.6/include/objects.h Examining data/nagios4-4.4.6/include/perfdata.h Examining data/nagios4-4.4.6/include/shared.h Examining data/nagios4-4.4.6/include/sretention.h Examining data/nagios4-4.4.6/include/statusdata.h Examining data/nagios4-4.4.6/include/statusjson.h Examining data/nagios4-4.4.6/include/workers.h Examining data/nagios4-4.4.6/lib/bitmap.c Examining data/nagios4-4.4.6/lib/bitmap.h Examining data/nagios4-4.4.6/lib/dkhash.c Examining data/nagios4-4.4.6/lib/dkhash.h Examining data/nagios4-4.4.6/lib/fanout.c Examining data/nagios4-4.4.6/lib/fanout.h Examining data/nagios4-4.4.6/lib/iobroker.c Examining data/nagios4-4.4.6/lib/iocache.c Examining data/nagios4-4.4.6/lib/iocache.h Examining data/nagios4-4.4.6/lib/kvvec.c Examining data/nagios4-4.4.6/lib/kvvec.h Examining data/nagios4-4.4.6/lib/libnagios.h Examining data/nagios4-4.4.6/lib/lnag-utils.h Examining data/nagios4-4.4.6/lib/nsock.c Examining data/nagios4-4.4.6/lib/nsock.h Examining data/nagios4-4.4.6/lib/nspath.c Examining data/nagios4-4.4.6/lib/nspath.h Examining data/nagios4-4.4.6/lib/nsutils.c Examining data/nagios4-4.4.6/lib/nsutils.h Examining data/nagios4-4.4.6/lib/nwrite.h Examining data/nagios4-4.4.6/lib/pqueue.c Examining data/nagios4-4.4.6/lib/pqueue.h Examining data/nagios4-4.4.6/lib/runcmd.c Examining data/nagios4-4.4.6/lib/runcmd.h Examining data/nagios4-4.4.6/lib/skiplist.c Examining data/nagios4-4.4.6/lib/skiplist.h Examining data/nagios4-4.4.6/lib/snprintf.c Examining data/nagios4-4.4.6/lib/squeue.c Examining data/nagios4-4.4.6/lib/squeue.h Examining data/nagios4-4.4.6/lib/t-utils.c Examining data/nagios4-4.4.6/lib/t-utils.h Examining data/nagios4-4.4.6/lib/test-bitmap.c Examining data/nagios4-4.4.6/lib/test-dkhash.c Examining data/nagios4-4.4.6/lib/test-fanout.c Examining data/nagios4-4.4.6/lib/test-iobroker.c Examining data/nagios4-4.4.6/lib/test-iocache.c Examining data/nagios4-4.4.6/lib/test-kvvec.c Examining data/nagios4-4.4.6/lib/test-nsutils.c Examining data/nagios4-4.4.6/lib/test-runcmd.c Examining data/nagios4-4.4.6/lib/test-squeue.c Examining data/nagios4-4.4.6/lib/worker.c Examining data/nagios4-4.4.6/lib/worker.h Examining data/nagios4-4.4.6/lib/wproc.c Examining data/nagios4-4.4.6/module/helloworld.c Examining data/nagios4-4.4.6/t-tap/stub_broker.c Examining data/nagios4-4.4.6/t-tap/stub_checks.c Examining data/nagios4-4.4.6/t-tap/stub_commands.c Examining data/nagios4-4.4.6/t-tap/stub_comments.c Examining data/nagios4-4.4.6/t-tap/stub_downtime.c Examining data/nagios4-4.4.6/t-tap/stub_events.c Examining data/nagios4-4.4.6/t-tap/stub_flapping.c Examining data/nagios4-4.4.6/t-tap/stub_iobroker.c Examining data/nagios4-4.4.6/t-tap/stub_logging.c Examining data/nagios4-4.4.6/t-tap/stub_macros.c Examining data/nagios4-4.4.6/t-tap/stub_nebmods.c Examining data/nagios4-4.4.6/t-tap/stub_netutils.c Examining data/nagios4-4.4.6/t-tap/stub_notifications.c Examining data/nagios4-4.4.6/t-tap/stub_nsock.c Examining data/nagios4-4.4.6/t-tap/stub_objects.c Examining data/nagios4-4.4.6/t-tap/stub_perfdata.c Examining data/nagios4-4.4.6/t-tap/stub_sehandlers.c Examining data/nagios4-4.4.6/t-tap/stub_shared.c Examining data/nagios4-4.4.6/t-tap/stub_sretention.c Examining data/nagios4-4.4.6/t-tap/stub_statusdata.c Examining data/nagios4-4.4.6/t-tap/stub_utils.c Examining data/nagios4-4.4.6/t-tap/stub_workers.c Examining data/nagios4-4.4.6/t-tap/stub_xdddefault.c Examining data/nagios4-4.4.6/t-tap/stub_xodtemplate.c Examining data/nagios4-4.4.6/t-tap/test-stubs.c Examining data/nagios4-4.4.6/t-tap/test_checks.c Examining data/nagios4-4.4.6/t-tap/test_commands.c Examining data/nagios4-4.4.6/t-tap/test_downtime.c Examining data/nagios4-4.4.6/t-tap/test_events.c Examining data/nagios4-4.4.6/t-tap/test_logging.c Examining data/nagios4-4.4.6/t-tap/test_macros.c Examining data/nagios4-4.4.6/t-tap/test_nagios_config.c Examining data/nagios4-4.4.6/t-tap/test_timeperiods.c Examining data/nagios4-4.4.6/t-tap/test_xsddefault.c Examining data/nagios4-4.4.6/tap/src/tap.c Examining data/nagios4-4.4.6/tap/src/tap.h Examining data/nagios4-4.4.6/tap/tests/diag/test.c Examining data/nagios4-4.4.6/tap/tests/fail/test.c Examining data/nagios4-4.4.6/tap/tests/ok/ok-hash/test.c Examining data/nagios4-4.4.6/tap/tests/ok/ok-numeric/test.c Examining data/nagios4-4.4.6/tap/tests/ok/ok/test.c Examining data/nagios4-4.4.6/tap/tests/pass/test.c Examining data/nagios4-4.4.6/tap/tests/plan/no-tests/test.c Examining data/nagios4-4.4.6/tap/tests/plan/no_plan/test.c Examining data/nagios4-4.4.6/tap/tests/plan/not-enough-tests/test.c Examining data/nagios4-4.4.6/tap/tests/plan/sane/test.c Examining data/nagios4-4.4.6/tap/tests/plan/skip_all/test.c Examining data/nagios4-4.4.6/tap/tests/plan/too-many-plans/test.c Examining data/nagios4-4.4.6/tap/tests/plan/too-many-tests/test.c Examining data/nagios4-4.4.6/tap/tests/skip/test.c Examining data/nagios4-4.4.6/tap/tests/todo/test.c Examining data/nagios4-4.4.6/worker/ping/worker-ping.c Examining data/nagios4-4.4.6/xdata/xcddefault.c Examining data/nagios4-4.4.6/xdata/xcddefault.h Examining data/nagios4-4.4.6/xdata/xodtemplate.c Examining data/nagios4-4.4.6/xdata/xodtemplate.h Examining data/nagios4-4.4.6/xdata/xpddefault.c Examining data/nagios4-4.4.6/xdata/xpddefault.h Examining data/nagios4-4.4.6/xdata/xrddefault.c Examining data/nagios4-4.4.6/xdata/xrddefault.h Examining data/nagios4-4.4.6/xdata/xsddefault.c Examining data/nagios4-4.4.6/xdata/xsddefault.h FINAL RESULTS: data/nagios4-4.4.6/base/logging.c:441:3: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(log_file, log_file_stat.st_mode); data/nagios4-4.4.6/base/logging.c:442:3: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown(log_file, log_file_stat.st_uid, log_file_stat.st_gid); data/nagios4-4.4.6/base/logging.c:540:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(debug_file_fp, fmt, ap); data/nagios4-4.4.6/base/nagios.c:109:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access(program, mode); data/nagios4-4.4.6/base/nagios.c:123:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. ret = access(path, mode); data/nagios4-4.4.6/base/notifications.c:2126:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mac->x[MACRO_NOTIFICATIONRECIPIENTS], cntct->name); data/nagios4-4.4.6/base/utils.c:621:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = (FILE *)popen(cmd, "r"); data/nagios4-4.4.6/base/utils.c:2972:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(db->buf, buf); data/nagios4-4.4.6/cgi/avail.c:2668:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_subject->host_name, hn); data/nagios4-4.4.6/cgi/avail.c:2679:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_subject->service_description, sd); data/nagios4-4.4.6/cgi/avail.c:2801:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_as->state_info, state_info); data/nagios4-4.4.6/cgi/cgiauth.c:75:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(authinfo->username, temp_ptr); data/nagios4-4.4.6/cgi/cgiauth.c:104:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(authinfo->username, temp_ptr); data/nagios4-4.4.6/cgi/cgiutils.c:175:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(log_archive_path, DEFAULT_LOG_ARCHIVE_PATH); data/nagios4-4.4.6/cgi/cgiutils.c:178:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(command_file, get_cmd_file_location()); data/nagios4-4.4.6/cgi/cgiutils.c:938:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, new_buffer); data/nagios4-4.4.6/cgi/cgiutils.c:1087:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str, temp_expansion); data/nagios4-4.4.6/cgi/cgiutils.c:1115:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outcp, entity); data/nagios4-4.4.6/cgi/cgiutils.c:1884:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. call_return = system(filename); data/nagios4-4.4.6/cgi/cmd.c:575:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(plugin_output, variables[x]); data/nagios4-4.4.6/cgi/cmd.c:592:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(performance_data, variables[x]); data/nagios4-4.4.6/cgi/cmd.c:648:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(start_time_string, variables[x]); data/nagios4-4.4.6/cgi/cmd.c:663:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(end_time_string, variables[x]); data/nagios4-4.4.6/cgi/cmd.c:1923:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 2, 3))) data/nagios4-4.4.6/cgi/cmd.c:1946:10: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len2 = vsnprintf(cmd + len, sizeof(cmd) - len, fmt, ap); data/nagios4-4.4.6/cgi/jsonutils.c:620:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(node, path); data/nagios4-4.4.6/cgi/jsonutils.c:664:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(node, path); data/nagios4-4.4.6/cgi/jsonutils.c:799:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, a_list); data/nagios4-4.4.6/cgi/jsonutils.c:1389:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(date, "%s %d %d", buf, &day, &year); data/nagios4-4.4.6/cgi/showlog.c:333:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, START_ICON); data/nagios4-4.4.6/cgi/showlog.c:334:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, START_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:337:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, STOP_ICON); data/nagios4-4.4.6/cgi/showlog.c:338:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, STOP_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:341:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, STOP_ICON); data/nagios4-4.4.6/cgi/showlog.c:342:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, STOP_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:345:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, RESTART_ICON); data/nagios4-4.4.6/cgi/showlog.c:346:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, RESTART_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:349:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, HOST_DOWN_ICON); data/nagios4-4.4.6/cgi/showlog.c:350:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, HOST_DOWN_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:353:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, HOST_UNREACHABLE_ICON); data/nagios4-4.4.6/cgi/showlog.c:354:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, HOST_UNREACHABLE_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:357:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, HOST_UP_ICON); data/nagios4-4.4.6/cgi/showlog.c:358:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, HOST_UP_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:361:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, HOST_NOTIFICATION_ICON); data/nagios4-4.4.6/cgi/showlog.c:362:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, HOST_NOTIFICATION_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:365:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, CRITICAL_ICON); data/nagios4-4.4.6/cgi/showlog.c:366:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, CRITICAL_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:369:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, WARNING_ICON); data/nagios4-4.4.6/cgi/showlog.c:370:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, WARNING_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:373:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, UNKNOWN_ICON); data/nagios4-4.4.6/cgi/showlog.c:374:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, UNKNOWN_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:377:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, OK_ICON); data/nagios4-4.4.6/cgi/showlog.c:378:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, OK_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:381:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, NOTIFICATION_ICON); data/nagios4-4.4.6/cgi/showlog.c:382:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, NOTIFICATION_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:385:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, SERVICE_EVENT_ICON); data/nagios4-4.4.6/cgi/showlog.c:386:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, SERVICE_EVENT_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:389:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, HOST_EVENT_ICON); data/nagios4-4.4.6/cgi/showlog.c:390:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, HOST_EVENT_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:393:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, EXTERNAL_COMMAND_ICON); data/nagios4-4.4.6/cgi/showlog.c:394:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, EXTERNAL_COMMAND_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:397:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, PASSIVE_ICON); data/nagios4-4.4.6/cgi/showlog.c:401:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, PASSIVE_ICON); data/nagios4-4.4.6/cgi/showlog.c:405:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, LOG_ROTATION_ICON); data/nagios4-4.4.6/cgi/showlog.c:406:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, LOG_ROTATION_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:409:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, ACTIVE_ICON); data/nagios4-4.4.6/cgi/showlog.c:410:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, ACTIVE_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:413:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, STANDBY_ICON); data/nagios4-4.4.6/cgi/showlog.c:414:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, STANDBY_ICON_ALT); data/nagios4-4.4.6/cgi/showlog.c:417:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, FLAPPING_ICON); data/nagios4-4.4.6/cgi/showlog.c:421:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, FLAPPING_ICON); data/nagios4-4.4.6/cgi/showlog.c:425:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, FLAPPING_ICON); data/nagios4-4.4.6/cgi/showlog.c:429:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, FLAPPING_ICON); data/nagios4-4.4.6/cgi/showlog.c:433:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, FLAPPING_ICON); data/nagios4-4.4.6/cgi/showlog.c:437:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, FLAPPING_ICON); data/nagios4-4.4.6/cgi/showlog.c:441:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, SCHEDULED_DOWNTIME_ICON); data/nagios4-4.4.6/cgi/showlog.c:445:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, SCHEDULED_DOWNTIME_ICON); data/nagios4-4.4.6/cgi/showlog.c:449:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, SCHEDULED_DOWNTIME_ICON); data/nagios4-4.4.6/cgi/showlog.c:453:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, SCHEDULED_DOWNTIME_ICON); data/nagios4-4.4.6/cgi/showlog.c:457:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, SCHEDULED_DOWNTIME_ICON); data/nagios4-4.4.6/cgi/showlog.c:461:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, SCHEDULED_DOWNTIME_ICON); data/nagios4-4.4.6/cgi/showlog.c:465:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image, INFO_ICON); data/nagios4-4.4.6/cgi/showlog.c:466:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(image_alt, INFO_ICON_ALT); data/nagios4-4.4.6/cgi/status.c:241:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(host_name, host_name + i); data/nagios4-4.4.6/cgi/statusmap.c:2374:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_layer->layer_name, group_name); data/nagios4-4.4.6/cgi/statuswml.c:1291:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(buffer, "r"); data/nagios4-4.4.6/cgi/statuswml.c:1360:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(buffer, "r"); data/nagios4-4.4.6/cgi/summary.c:1544:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_event->host_name, host_name); data/nagios4-4.4.6/cgi/summary.c:1553:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_event->service_description, svc_description); data/nagios4-4.4.6/cgi/summary.c:1562:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_event->event_info, event_info); data/nagios4-4.4.6/cgi/summary.c:2602:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_producer->host_name, host_name); data/nagios4-4.4.6/cgi/summary.c:2611:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_producer->service_description, service_description); data/nagios4-4.4.6/cgi/trends.c:2403:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_as->state_info, state_info); data/nagios4-4.4.6/common/macros.c:161:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output_buffer, temp_buffer); data/nagios4-4.4.6/common/macros.c:199:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output_buffer, temp_buffer); data/nagios4-4.4.6/common/macros.c:231:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output_buffer, cleaned_macro); data/nagios4-4.4.6/common/macros.c:245:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output_buffer, selected_macro); data/nagios4-4.4.6/common/macros.c:612:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, arg[1]); data/nagios4-4.4.6/common/macros.c:613:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, temp_buffer); data/nagios4-4.4.6/common/macros.c:807:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, arg2); data/nagios4-4.4.6/common/macros.c:808:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, temp_buffer); data/nagios4-4.4.6/common/macros.c:959:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, arg2); data/nagios4-4.4.6/common/macros.c:960:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, temp_buffer); data/nagios4-4.4.6/common/macros.c:1051:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, arg2); data/nagios4-4.4.6/common/macros.c:1052:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, temp_buffer); data/nagios4-4.4.6/common/macros.c:1370:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, arg2); data/nagios4-4.4.6/common/macros.c:1371:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, temp_buffer); data/nagios4-4.4.6/common/macros.c:1429:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, arg2); data/nagios4-4.4.6/common/macros.c:1430:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, temp_buffer); data/nagios4-4.4.6/common/macros.c:1484:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, arg2); data/nagios4-4.4.6/common/macros.c:1485:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, temp_buffer); data/nagios4-4.4.6/common/macros.c:1958:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, temp_hostsmember->host_name); data/nagios4-4.4.6/common/macros.c:1960:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, temp_hostsmember->host_ptr->address); data/nagios4-4.4.6/common/macros.c:2302:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. init_len += sprintf(temp_buffer, "%s,%s", temp_servicesmember->host_name, temp_servicesmember->service_description); data/nagios4-4.4.6/common/macros.c:2305:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. init_len += sprintf(temp_buffer, ",%s,%s", temp_servicesmember->host_name, temp_servicesmember->service_description); data/nagios4-4.4.6/common/macros.c:2452:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*output, temp_contactsmember->contact_name); data/nagios4-4.4.6/common/shared.c:98:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/nagios4-4.4.6/common/shared.c:375:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, stripped); data/nagios4-4.4.6/contrib/daemonchk.c:95:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (fp = popen(proc_file, "r")) != NULL) { data/nagios4-4.4.6/contrib/daemonchk.c:106:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (fp = popen(proc_file, "r")) != NULL) { data/nagios4-4.4.6/contrib/daemonchk.c:119:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (fp = popen(proc_file, "r")) != NULL) { data/nagios4-4.4.6/contrib/daemonchk.c:248:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nchars = vsnprintf(str, size, fmt, ap); data/nagios4-4.4.6/contrib/daemonchk.c:273:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/nagios4-4.4.6/lib/nsock.c:109:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(stack_buf, sizeof(stack_buf), fmt, ap_dup); data/nagios4-4.4.6/lib/nsutils.c:91:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(ret, sizeof(buf[0]), fmt, ap); data/nagios4-4.4.6/lib/runcmd.c:482:3: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(argv[i], argv + i); data/nagios4-4.4.6/lib/snprintf.c:1207:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf smb_vsnprintf data/nagios4-4.4.6/lib/snprintf.c:1222:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(str, count, fmt, ap); data/nagios4-4.4.6/lib/snprintf.c:1226:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf smb_snprintf data/nagios4-4.4.6/lib/snprintf.c:1238:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(NULL, 0, format, ap2); data/nagios4-4.4.6/lib/snprintf.c:1246:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(*ptr, ret + 1, format, ap2); data/nagios4-4.4.6/lib/snprintf.c:1269:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. int sprintf(char *str, const char *fmt, ...); data/nagios4-4.4.6/lib/snprintf.c:1338:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. l1 = snprintf(NULL, 0, fp_fmt[x], fp_nums[y]); data/nagios4-4.4.6/lib/snprintf.c:1339:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. l2 = snprintf(buf1, sizeof(buf1), fp_fmt[x], fp_nums[y]); data/nagios4-4.4.6/lib/snprintf.c:1340:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf2, fp_fmt[x], fp_nums[y]); data/nagios4-4.4.6/lib/snprintf.c:1354:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. l1 = snprintf(NULL, 0, int_fmt[x], int_nums[y]); data/nagios4-4.4.6/lib/snprintf.c:1355:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. l2 = snprintf(buf1, sizeof(buf1), int_fmt[x], int_nums[y]); data/nagios4-4.4.6/lib/snprintf.c:1356:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf2, int_fmt[x], int_nums[y]); data/nagios4-4.4.6/lib/snprintf.c:1370:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. l1 = snprintf(NULL, 0, str_fmt[x], str_vals[y]); data/nagios4-4.4.6/lib/snprintf.c:1371:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. l2 = snprintf(buf1, sizeof(buf1), str_fmt[x], str_vals[y]); data/nagios4-4.4.6/lib/snprintf.c:1372:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf2, str_fmt[x], str_vals[y]); data/nagios4-4.4.6/lib/t-utils.c:45:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, ap); data/nagios4-4.4.6/lib/t-utils.c:75:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, ap); data/nagios4-4.4.6/lib/t-utils.c:121:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, ap); data/nagios4-4.4.6/lib/t-utils.c:168:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/nagios4-4.4.6/lib/worker.c:96:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(lmsg + LOG_KEY_LEN, sizeof(lmsg) - LOG_KEY_LEN - MSG_DELIM_LEN, fmt, ap); data/nagios4-4.4.6/lib/worker.c:129:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(msg, sizeof(msg), fmt, ap); data/nagios4-4.4.6/lib/worker.c:460:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "job %d (pid=%ld): Failed to read(): %s", cp->id, (long)cp->ei->pid, strerror(errno)); data/nagios4-4.4.6/lib/worker.c:859:8: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = execvp(path, argv); data/nagios4-4.4.6/t-tap/stub_nsock.c:7:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(buf, sizeof(buf) - 2, fmt, ap); data/nagios4-4.4.6/t-tap/test_logging.c:98:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ok(system("cp var/nagios.log.dummy var/nagios.log") == 0, "Copied in dummy nagios.log for archiving"); data/nagios4-4.4.6/t-tap/test_logging.c:102:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("diff var/nagios.log var/nagios.log.expected > var/nagios.log.diff"); data/nagios4-4.4.6/t-tap/test_logging.c:103:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ok(system("diff var/nagios.log.diff var/nagios.log.diff.expected > /dev/null") == 0, "Got correct contents of nagios.log"); data/nagios4-4.4.6/t-tap/test_logging.c:107:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ok(system(temp_command) == 0, "nagios log archived correctly"); data/nagios4-4.4.6/t-tap/test_logging.c:111:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ok(system("chmod 777 var/nagios.log") == 0, "Changed mode of nagios.log"); data/nagios4-4.4.6/t-tap/test_xsddefault.c:59:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ok(system("cat var/status.dat > var/status-generated.dat") == 0, "New status.dat file"); data/nagios4-4.4.6/t-tap/test_xsddefault.c:60:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ok(system("bin/generate_downtimes 10 >> var/status-generated.dat") == 0, "Generated 10 downtimes"); data/nagios4-4.4.6/tap/src/tap.c:275:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/nagios4-4.4.6/xdata/xodtemplate.c:1452:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp_contactgroup->members, value); data/nagios4-4.4.6/xdata/xodtemplate.c:1468:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp_contactgroup->contactgroup_members, value); data/nagios4-4.4.6/xdata/xodtemplate.c:1548:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp_hostgroup->members, value); data/nagios4-4.4.6/xdata/xodtemplate.c:1564:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp_hostgroup->hostgroup_members, value); data/nagios4-4.4.6/xdata/xodtemplate.c:1666:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp_servicegroup->members, value); data/nagios4-4.4.6/xdata/xodtemplate.c:1682:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp_servicegroup->servicegroup_members, value); data/nagios4-4.4.6/xdata/xodtemplate.c:3737:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(input, var); data/nagios4-4.4.6/xdata/xodtemplate.c:3739:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(input, val); data/nagios4-4.4.6/xdata/xodtemplate.c:9932:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, this_list->name1); data/nagios4-4.4.6/xdata/xodtemplate.c:9937:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, this_list->name1); data/nagios4-4.4.6/xdata/xodtemplate.c:10108:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, this_list->name1); data/nagios4-4.4.6/xdata/xodtemplate.c:10113:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, this_list->name1); data/nagios4-4.4.6/xdata/xodtemplate.c:10284:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, this_list->name1); data/nagios4-4.4.6/xdata/xodtemplate.c:10289:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, this_list->name1); data/nagios4-4.4.6/xdata/xodtemplate.c:10450:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, *template_value); data/nagios4-4.4.6/xdata/xodtemplate.c:10452:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, *this_value + 1); data/nagios4-4.4.6/xdata/xpddefault.c:511:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(template, tempbuf); data/nagios4-4.4.6/base/config.c:1235:34: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!temp_path && !(temp_path = getenv("TMPDIR")) && !(temp_path = getenv("TMP"))) { data/nagios4-4.4.6/base/config.c:1235:69: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!temp_path && !(temp_path = getenv("TMPDIR")) && !(temp_path = getenv("TMP"))) { data/nagios4-4.4.6/base/events.c:96:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((now.tv_sec << 10) ^ now.tv_usec); data/nagios4-4.4.6/base/nagios.c:108:39: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (program[0] == '/' || !(envpath = getenv("PATH"))) data/nagios4-4.4.6/base/nagios.c:251:9: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. #define getopt(argc, argv, o) getopt_long(argc, argv, o, long_options, &option_index) data/nagios4-4.4.6/base/nagios.c:251:31: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. #define getopt(argc, argv, o) getopt_long(argc, argv, o, long_options, &option_index) data/nagios4-4.4.6/base/nagios.c:263:7: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt(argc, argv, "+hVvdspuxTW"); data/nagios4-4.4.6/base/nagiostats.c:219:9: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. #define getopt(argc, argv, OPTSTR) getopt_long(argc, argv, OPTSTR, long_options, &option_index) data/nagios4-4.4.6/base/nagiostats.c:219:36: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. #define getopt(argc, argv, OPTSTR) getopt_long(argc, argv, OPTSTR, long_options, &option_index) data/nagios4-4.4.6/base/nagiostats.c:228:7: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt(argc, argv, "+hVLc:ms:d:D:"); data/nagios4-4.4.6/base/utils.c:1891:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. homedir = getenv("HOME"); data/nagios4-4.4.6/base/utils.c:3245:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(rand_seed); data/nagios4-4.4.6/cgi/cgiauth.c:61:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. temp_ptr = getenv("SSL_CLIENT_S_DN_CN"); data/nagios4-4.4.6/cgi/cgiauth.c:64:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. temp_ptr = getenv("REMOTE_USER"); data/nagios4-4.4.6/cgi/cgiutils.c:251:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. cgiloc = getenv("NAGIOS_CGI_CONFIG"); data/nagios4-4.4.6/cgi/cgiutils.c:265:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. cmdloc = getenv("NAGIOS_COMMAND_FILE"); data/nagios4-4.4.6/cgi/getcgi.c:127:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. accept_lang = getenv("HTTP_ACCEPT_LANGUAGE"); data/nagios4-4.4.6/cgi/getcgi.c:132:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. request_method = getenv("REQUEST_METHOD"); data/nagios4-4.4.6/cgi/getcgi.c:139:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(getenv("QUERY_STRING") == NULL) { data/nagios4-4.4.6/cgi/getcgi.c:145:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. cgiinput = strdup(getenv("QUERY_STRING")); data/nagios4-4.4.6/cgi/getcgi.c:157:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. content_type = getenv("CONTENT_TYPE"); data/nagios4-4.4.6/cgi/getcgi.c:166:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. content_length_string = getenv("CONTENT_LENGTH"); data/nagios4-4.4.6/cgi/getcgi.c:243:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. cookies = getenv("HTTP_COOKIE"); data/nagios4-4.4.6/cgi/statuswml.c:992:81: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. printf("<input name='name' value='%s' /><br/>\n", ((use_ssl_authentication) ? (getenv("SSL_CLIENT_S_DN_CN")) : (getenv("REMOTE_USER")))); data/nagios4-4.4.6/cgi/statuswml.c:992:114: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. printf("<input name='name' value='%s' /><br/>\n", ((use_ssl_authentication) ? (getenv("SSL_CLIENT_S_DN_CN")) : (getenv("REMOTE_USER")))); data/nagios4-4.4.6/cgi/statuswml.c:1208:81: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. printf("<input name='name' value='%s' /><br/>\n", ((use_ssl_authentication) ? (getenv("SSL_CLIENT_S_DN_CN")) : (getenv("REMOTE_USER")))); data/nagios4-4.4.6/cgi/statuswml.c:1208:114: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. printf("<input name='name' value='%s' /><br/>\n", ((use_ssl_authentication) ? (getenv("SSL_CLIENT_S_DN_CN")) : (getenv("REMOTE_USER")))); data/nagios4-4.4.6/contrib/daemonchk.c:47:5: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(getenv("REQUEST_METHOD")) { data/nagios4-4.4.6/contrib/daemonchk.c:52:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((c = getopt(argc, argv, "+c:w:s:l:")) != EOF) { data/nagios4-4.4.6/lib/nspath.c:173:8: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. ret = realpath(abspath, NULL); data/nagios4-4.4.6/lib/t-utils.c:68:54: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (fmt && (!success || t_verbose || (t_verbose = !!getenv("TEST_VERBOSE")))) { data/nagios4-4.4.6/lib/test-squeue.c:68:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((int)now.tv_sec); data/nagios4-4.4.6/lib/test-squeue.c:111:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(tv.tv_usec ^ tv.tv_sec); data/nagios4-4.4.6/worker/ping/worker-ping.c:108:9: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. #define getopt( argc, argv, o) getopt_long( argc, argv, o, long_options, &option_index) data/nagios4-4.4.6/worker/ping/worker-ping.c:108:32: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. #define getopt( argc, argv, o) getopt_long( argc, argv, o, long_options, &option_index) data/nagios4-4.4.6/worker/ping/worker-ping.c:113:7: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt( argc, argv, "+:hVdW:u:g:"); data/nagios4-4.4.6/worker/ping/worker-ping.c:354:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. homedir = getenv( "HOME"); data/nagios4-4.4.6/base/commands.c:91:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). command_file_fd = open(command_file, O_RDWR | O_NONBLOCK); data/nagios4-4.4.6/base/commands.c:1359:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buf[2] = {NULL, NULL}; data/nagios4-4.4.6/base/commands.c:1465:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). intval = atoi(str); data/nagios4-4.4.6/base/commands.c:1476:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). intval = atoi(str); data/nagios4-4.4.6/base/commands.c:1634:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buf[2] = {NULL, NULL}; data/nagios4-4.4.6/base/commands.c:1702:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). intval = atoi(str); data/nagios4-4.4.6/base/commands.c:1713:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). intval = atoi(str); data/nagios4-4.4.6/base/commands.c:2035:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). persistent = atoi(temp_ptr); data/nagios4-4.4.6/base/commands.c:2335:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return_code = atoi(temp_ptr); data/nagios4-4.4.6/base/commands.c:2449:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return_code = atoi(temp_ptr); data/nagios4-4.4.6/base/commands.c:2561:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). type = atoi(temp_ptr); data/nagios4-4.4.6/base/commands.c:2566:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify = (atoi(temp_ptr) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/commands.c:2571:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). persistent = (atoi(temp_ptr) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/commands.c:2724:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fixed = atoi(temp_ptr); data/nagios4-4.4.6/base/commands.c:3816:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(temp_ptr) == 0) data/nagios4-4.4.6/base/config.c:191:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_check_workers = atoi(value); data/nagios4-4.4.6/base/config.c:210:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug_level = atoi(value); data/nagios4-4.4.6/base/config.c:213:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug_verbosity = atoi(value); data/nagios4-4.4.6/base/config.c:345:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_syslog = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:356:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_notifications = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:367:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_service_retries = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:378:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_host_retries = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:389:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_event_handlers = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:400:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_external_commands = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:411:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_passive_checks = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:422:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_initial_states = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:433:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_current_states = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:444:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). retain_state_information = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:449:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). retention_update_interval = atoi(value); data/nagios4-4.4.6/base/config.c:465:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_retained_program_state = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:476:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_retained_scheduling_info = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:481:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). retention_scheduling_horizon = atoi(value); data/nagios4-4.4.6/base/config.c:491:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). additional_freshness_latency = atoi(value); data/nagios4-4.4.6/base/config.c:519:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). obsess_over_services = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:530:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). obsess_over_hosts = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:541:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). translate_passive_host_checks = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:545:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). passive_host_checks_are_soft = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:549:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). service_check_timeout = atoi(value); data/nagios4-4.4.6/base/config.c:578:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). host_check_timeout = atoi(value); data/nagios4-4.4.6/base/config.c:589:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). event_handler_timeout = atoi(value); data/nagios4-4.4.6/base/config.c:600:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notification_timeout = atoi(value); data/nagios4-4.4.6/base/config.c:611:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ocsp_timeout = atoi(value); data/nagios4-4.4.6/base/config.c:622:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ochp_timeout = atoi(value); data/nagios4-4.4.6/base/config.c:639:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_aggressive_host_checking = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:646:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_predictive_host_dependency_checks = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:652:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_predictive_service_dependency_checks = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:661:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). soft_state_dependencies = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:695:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_event_handlers = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:698:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_notifications = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:701:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). execute_service_checks = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:704:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). accept_passive_service_checks = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:707:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). execute_host_checks = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:710:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). accept_passive_host_checks = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:732:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_service_check_spread = atoi(value); data/nagios4-4.4.6/base/config.c:761:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_host_check_spread = atoi(value); data/nagios4-4.4.6/base/config.c:774:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). scheduling_info.service_interleave_factor = atoi(value); data/nagios4-4.4.6/base/config.c:782:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_parallel_service_checks = atoi(value); data/nagios4-4.4.6/base/config.c:792:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_reaper_interval = atoi(value); data/nagios4-4.4.6/base/config.c:802:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_check_reaper_time = atoi(value); data/nagios4-4.4.6/base/config.c:816:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). interval_length = atoi(value); data/nagios4-4.4.6/base/config.c:832:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_external_commands = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:848:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_orphaned_services = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:859:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_orphaned_hosts = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:870:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_service_freshness = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:881:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_host_freshness = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:886:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). service_freshness_check_interval = atoi(value); data/nagios4-4.4.6/base/config.c:896:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). host_freshness_check_interval = atoi(value); data/nagios4-4.4.6/base/config.c:911:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). auto_reschedule_checks = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:916:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). auto_rescheduling_interval = atoi(value); data/nagios4-4.4.6/base/config.c:926:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). auto_rescheduling_window = atoi(value); data/nagios4-4.4.6/base/config.c:936:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). status_update_interval = atoi(value); data/nagios4-4.4.6/base/config.c:946:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time_change_threshold = atoi(value); data/nagios4-4.4.6/base/config.c:956:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). process_performance_data = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:959:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_flap_detection = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1052:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_regexp_matches = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1055:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_true_regexp_matching = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1065:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). daemon_dumps_core = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1076:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_large_installation_tweaks = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1080:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_environment_macros = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1083:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). free_child_process_memory = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1086:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). child_processes_fork_twice = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1103:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_for_updates = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1106:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bare_update_check = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1117:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). perfdata_timeout = atoi(value); data/nagios4-4.4.6/base/config.c:1158:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). host_perfdata_process_empty_results = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1160:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). service_perfdata_process_empty_results = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1176:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). allow_empty_hostgroup_assignment = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/config.c:1186:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). service_skip_check_dependency_status = atoi(value); data/nagios4-4.4.6/base/config.c:1194:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). service_skip_check_parent_status = atoi(value); data/nagios4-4.4.6/base/config.c:1202:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). service_skip_check_host_down_status = atoi(value); data/nagios4-4.4.6/base/config.c:1210:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). host_skip_check_dependency_status = atoi(value); data/nagios4-4.4.6/base/config.c:1389:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). user_index = atoi(variable + 5) - 1; data/nagios4-4.4.6/base/config.c:1500:21: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). if((temp_path_fd = mkstemp(buf)) == -1) { data/nagios4-4.4.6/base/config.c:1512:21: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). if((temp_path_fd = mkstemp(buf)) == -1) { data/nagios4-4.4.6/base/config.c:2222:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ary[2]; data/nagios4-4.4.6/base/events.c:773:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char run_time_string[MAX_DATETIME_LENGTH] = ""; data/nagios4-4.4.6/base/events.c:1465:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp_pqueue->d, nagios_squeue->d, temp_pqueue->size * sizeof(void*)); data/nagios4-4.4.6/base/logging.c:121:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fh = open(log_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) { data/nagios4-4.4.6/base/logging.c:375:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char method_string[16] = ""; data/nagios4-4.4.6/base/logging.c:388:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(method_string, "HOURLY"); data/nagios4-4.4.6/base/logging.c:390:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(method_string, "DAILY"); data/nagios4-4.4.6/base/logging.c:392:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(method_string, "WEEKLY"); data/nagios4-4.4.6/base/logging.c:394:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(method_string, "MONTHLY"); data/nagios4-4.4.6/base/logging.c:485:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fh = open(debug_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR)) == -1) data/nagios4-4.4.6/base/nagios.c:151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char response[128]; data/nagios4-4.4.6/base/nagios.c:200:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(log_file, "a+"); data/nagios4-4.4.6/base/nagios.c:228:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datestring[256]; data/nagios4-4.4.6/base/nagiostats.c:829:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/base/nagiostats.c:841:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(main_config_file, "r"); data/nagios4-4.4.6/base/nagiostats.c:874:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/base/nagiostats.c:897:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(status_file, "r"); data/nagios4-4.4.6/base/nagiostats.c:1195:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_scheduled_host_checks_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1197:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_scheduled_host_checks_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1199:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_scheduled_host_checks_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1203:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_ondemand_host_checks_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1205:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_ondemand_host_checks_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1207:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_ondemand_host_checks_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1211:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_cached_host_checks_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1213:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_cached_host_checks_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1215:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_cached_host_checks_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1219:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). passive_host_checks_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1221:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). passive_host_checks_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1223:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). passive_host_checks_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1227:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_scheduled_service_checks_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1229:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_scheduled_service_checks_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1231:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_scheduled_service_checks_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1235:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_ondemand_service_checks_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1237:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_ondemand_service_checks_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1239:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_ondemand_service_checks_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1243:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_cached_service_checks_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1245:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_cached_service_checks_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1247:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). active_cached_service_checks_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1251:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). passive_service_checks_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1253:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). passive_service_checks_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1255:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). passive_service_checks_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1259:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). external_commands_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1261:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). external_commands_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1263:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). external_commands_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1267:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). parallel_host_checks_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1269:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). parallel_host_checks_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1271:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). parallel_host_checks_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1275:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). serial_host_checks_last_1min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1277:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). serial_host_checks_last_5min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1279:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). serial_host_checks_last_15min = atoi(temp_ptr); data/nagios4-4.4.6/base/nagiostats.c:1291:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_type = atoi(val); data/nagios4-4.4.6/base/nagiostats.c:1293:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). current_state = atoi(val); data/nagios4-4.4.6/base/nagiostats.c:1295:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). is_flapping = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/nagiostats.c:1297:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). downtime_depth = atoi(val); data/nagios4-4.4.6/base/nagiostats.c:1301:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). has_been_checked = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/nagiostats.c:1303:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). should_be_scheduled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/nagiostats.c:1314:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_type = atoi(val); data/nagios4-4.4.6/base/nagiostats.c:1316:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). current_state = atoi(val); data/nagios4-4.4.6/base/nagiostats.c:1318:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). is_flapping = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/nagiostats.c:1320:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). downtime_depth = atoi(val); data/nagios4-4.4.6/base/nagiostats.c:1324:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). has_been_checked = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/nagiostats.c:1326:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). should_be_scheduled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/nerd.c:306:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret + pos, ppart, strlen(ppart)); data/nagios4-4.4.6/base/netutils.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_str[6]; data/nagios4-4.4.6/base/utils.c:485:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). loadctl.jobs_max = atoi(kv->value); data/nagios4-4.4.6/base/utils.c:487:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). loadctl.jobs_min = atoi(kv->value); data/nagios4-4.4.6/base/utils.c:489:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). loadctl.jobs_limit = atoi(kv->value); data/nagios4-4.4.6/base/utils.c:497:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). loadctl.backoff_change = atoi(kv->value); data/nagios4-4.4.6/base/utils.c:499:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). loadctl.rampup_change = atoi(kv->value); data/nagios4-4.4.6/base/utils.c:527:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/base/utils.c:796:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_arg[MAX_COMMAND_BUFFER] = ""; data/nagios4-4.4.6/base/utils.c:1710:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *sigs[35] = {"EXIT", "HUP", "INT", "QUIT", "ILL", "TRAP", "ABRT", "BUS", "FPE", "KILL", "USR1", "SEGV", "USR2", "PIPE", "ALRM", "TERM", "STKFLT", "CHLD", "CONT", "STOP", "TSTP", "TTIN", "TTOU", "URG", "XCPU", "XFSZ", "VTALRM", "PROF", "WINCH", "IO", "PWR", "UNUSED", "ZERR", "DEBUG", (char *)NULL}; data/nagios4-4.4.6/base/utils.c:1879:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256] = { 0 }; data/nagios4-4.4.6/base/utils.c:1926:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open("/dev/null", O_RDONLY); data/nagios4-4.4.6/base/utils.c:1927:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open("/dev/null", O_WRONLY); data/nagios4-4.4.6/base/utils.c:1928:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open("/dev/null", O_WRONLY); data/nagios4-4.4.6/base/utils.c:1930:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lockfile = open(lock_file, O_RDWR | O_CREAT, S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH); data/nagios4-4.4.6/base/utils.c:2046:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d\n", (int)getpid()); data/nagios4-4.4.6/base/utils.c:2092:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gid = (gid_t)atoi(group); data/nagios4-4.4.6/base/utils.c:2109:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uid = (uid_t)atoi(user); data/nagios4-4.4.6/base/utils.c:2170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/base/utils.c:2436:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cr.check_type = atoi(val); data/nagios4-4.4.6/base/utils.c:2439:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cr.check_options = atoi(val); data/nagios4-4.4.6/base/utils.c:2442:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cr.scheduled_check = atoi(val); data/nagios4-4.4.6/base/utils.c:2445:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cr.reschedule_check = atoi(val); data/nagios4-4.4.6/base/utils.c:2472:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cr.early_timeout = atoi(val); data/nagios4-4.4.6/base/utils.c:2475:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cr.exited_ok = atoi(val); data/nagios4-4.4.6/base/utils.c:2478:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cr.return_code = atoi(val); data/nagios4-4.4.6/base/utils.c:2805:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((source_fd = open(source, O_RDONLY, 0644)) < 0) { data/nagios4-4.4.6/base/utils.c:2893:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((dest_fd = open(dest, O_WRONLY | O_TRUNC | O_CREAT | O_APPEND, 0644)) < 0) { data/nagios4-4.4.6/base/utils.c:3330:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recv_buf[1024]; data/nagios4-4.4.6/base/utils.c:3413:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). update_available = atoi(val); data/nagios4-4.4.6/base/workers.c:244:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd_name, cmd, namelen); data/nagios4-4.4.6/base/workers.c:657:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wpres->job_id = atoi(value); data/nagios4-4.4.6/base/workers.c:660:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wpres->type = atoi(value); data/nagios4-4.4.6/base/workers.c:666:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wpres->timeout = atoi(value); data/nagios4-4.4.6/base/workers.c:669:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wpres->wait_status = atoi(value); data/nagios4-4.4.6/base/workers.c:684:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wpres->exited_ok = atoi(value); data/nagios4-4.4.6/base/workers.c:692:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wpres->error_code = atoi(value); data/nagios4-4.4.6/base/workers.c:962:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). worker->pid = atoi(kv->value); data/nagios4-4.4.6/base/workers.c:965:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). worker->max_jobs = atoi(kv->value); data/nagios4-4.4.6/base/wp-phash.c:58:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char asso_values[256] = data/nagios4-4.4.6/cgi/archivejson.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/archivejson.c:982:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/archiveutils.c:228:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/archiveutils.c:564:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_host_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/archiveutils.c:565:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_svc_description[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/archiveutils.c:766:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_host_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/archiveutils.c:767:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_svc_description[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/archiveutils.c:909:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_contact_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/archiveutils.c:910:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_host_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/archiveutils.c:911:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_svc_description[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/archiveutils.c:912:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alert_level[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/archiveutils.c:913:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char method_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/archiveutils.c:1203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/nagios4-4.4.6/cgi/archiveutils.c:1286:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/nagios4-4.4.6/cgi/avail.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/avail.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/avail.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/avail.c:36:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/avail.c:260:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/avail.c:261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_timestring[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/avail.c:262:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char end_timestring[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/avail.c:1031:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/avail.c:1122:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ((hostgroup_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/avail.c:1138:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ((servicegroup_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/avail.c:1154:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ((host_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/avail.c:1170:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ((svc_description = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/avail.c:1240:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). initial_assumed_host_state = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1251:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). initial_assumed_service_state = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1290:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backtrack_archives = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1398:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_month = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1414:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_day = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1430:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_year = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1446:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_minute = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1462:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_second = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1478:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_hour = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1495:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_month = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1511:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_day = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1527:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_year = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1543:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_minute = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1559:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_second = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:1575:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_hour = atoi(variables[x]); data/nagios4-4.4.6/cgi/avail.c:2932:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/avail.c:2975:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_host_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/avail.c:2976:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_svc_description[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/avail.c:3346:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_date_time[MAX_DATETIME_LENGTH] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:3347:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char end_date_time[MAX_DATETIME_LENGTH] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:3348:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char duration[20] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:3544:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((t2 - temp_as->time_stamp) > atoi(end_date_time)) { data/nagios4-4.4.6/cgi/avail.c:3848:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_host[MAX_INPUT_BUFFER] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_indeterminate_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4106:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_determinate_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char total_time_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_up_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_down_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_unreachable_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4143:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_up_scheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4144:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_up_unscheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_down_scheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4146:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_down_unscheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_unreachable_scheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4148:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_unreachable_unscheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_indeterminate_scheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_indeterminate_unscheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4152:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_indeterminate_notrunning_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_indeterminate_nodata_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4715:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_ok_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4716:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_warning_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4717:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_unknown_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4718:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_critical_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4719:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_indeterminate_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4720:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_determinate_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4721:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char total_time_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4733:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_critical_scheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4734:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_critical_unscheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4739:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_unknown_scheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4740:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_unknown_unscheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4745:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_warning_scheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4746:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_warning_unscheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4751:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_ok_scheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4752:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_ok_unscheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4770:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_indeterminate_scheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4771:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_indeterminate_unscheduled_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4772:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_indeterminate_notrunning_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4773:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_indeterminate_nodata_string[48] = { 0 }; data/nagios4-4.4.6/cgi/avail.c:4779:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_host[128] = ""; data/nagios4-4.4.6/cgi/cgiauth.c:30:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:31:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:32:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:33:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_archive_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:34:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:36:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char physical_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:37:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char physical_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:38:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char physical_ssi_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:39:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:40:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url_docs_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:41:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url_context_help_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:42:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:43:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url_logo_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:44:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:45:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url_media_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:46:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url_js_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:62:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nagios_process_info[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/cgiutils.c:110:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encoded_url_string[2][MAX_INPUT_BUFFER]; // 2 to be able use url_encode twice data/nagios4-4.4.6/cgi/cgiutils.c:309:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). show_context_help = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:312:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_pending_states = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:315:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_authentication = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:318:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). refresh_rate = atoi(val); data/nagios4-4.4.6/cgi/cgiutils.c:321:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_page_tour = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:325:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). result_limit = atoi(val); data/nagios4-4.4.6/cgi/cgiutils.c:396:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). color_transparency_index_r = atoi(val); data/nagios4-4.4.6/cgi/cgiutils.c:399:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). color_transparency_index_g = atoi(val); data/nagios4-4.4.6/cgi/cgiutils.c:402:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). color_transparency_index_b = atoi(val); data/nagios4-4.4.6/cgi/cgiutils.c:405:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_statusmap_layout_method = atoi(val); data/nagios4-4.4.6/cgi/cgiutils.c:408:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). default_statuswrl_layout_method = atoi(val); data/nagios4-4.4.6/cgi/cgiutils.c:426:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_splunk_integration = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:432:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). escape_html_tags = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:435:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lock_author_names = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:438:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_ssl_authentication = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:441:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). navbar_search_addresses = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:444:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). navbar_search_aliases = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:446:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ack_no_sticky = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:448:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ack_no_send = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:450:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tac_cgi_hard_only = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cgiutils.c:495:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). interval_length = (temp_buffer == NULL) ? 60 : atoi(temp_buffer); data/nagios4-4.4.6/cgi/cgiutils.c:553:58: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_external_commands = (temp_buffer == NULL) ? 0 : atoi(temp_buffer); data/nagios4-4.4.6/cgi/cgiutils.c:958:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *weekdays[7] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"}; data/nagios4-4.4.6/cgi/cgiutils.c:959:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *months[12] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"}; data/nagios4-4.4.6/cgi/cgiutils.c:1047:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_expansion[4]; data/nagios4-4.4.6/cgi/cgiutils.c:1086:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp_expansion, "%%%02X", (unsigned int)(input[x] & 0xFF)); data/nagios4-4.4.6/cgi/cgiutils.c:1124:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(outcp, "&#%u", (unsigned int)in); data/nagios4-4.4.6/cgi/cgiutils.c:1378:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wctemp[1]; data/nagios4-4.4.6/cgi/cgiutils.c:1380:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbtemp[ 10]; data/nagios4-4.4.6/cgi/cgiutils.c:1383:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_expansion[11]; data/nagios4-4.4.6/cgi/cgiutils.c:1433:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( temp_expansion, "&#%u;", ( unsigned int)wctemp[ 0]); data/nagios4-4.4.6/cgi/cgiutils.c:1617:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:1662:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/cgiutils.c:1663:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char archive_file[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/cgiutils.c:1735:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input_buffer[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/cgiutils.c:1736:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_buffer[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/cgiutils.c:1783:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input_buffer[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/cgiutils.c:1784:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_buffer[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/cgiutils.c:1831:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char common_ssi_file[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/cgiutils.c:1832:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cgi_ssi_file[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/cgiutils.c:1833:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_cgi_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/cgiutils.c:1865:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/cgiutils.c:1911:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/nagios4-4.4.6/cgi/cmd.c:32:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cmd.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cmd.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cmd.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char command_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cmd.c:37:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/cmd.c:74:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plugin_output[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/cmd.c:75:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char performance_data[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/cmd.c:274:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ecmd->cmt_opt = atoi(val); data/nagios4-4.4.6/cgi/cmd.c:368:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). command_type = atoi(variables[x]); data/nagios4-4.4.6/cgi/cmd.c:379:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). command_mode = atoi(variables[x]); data/nagios4-4.4.6/cgi/cmd.c:412:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notification_delay = atoi(variables[x]); data/nagios4-4.4.6/cgi/cmd.c:423:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). schedule_delay = atoi(variables[x]); data/nagios4-4.4.6/cgi/cmd.c:434:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((comment_author = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/cmd.c:447:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((comment_data = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/cmd.c:460:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((host_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/cmd.c:473:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((hostgroup_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/cmd.c:486:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((service_desc = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/cmd.c:499:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((servicegroup_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/cmd.c:536:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fixed = (atoi(variables[x]) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/cmd.c:558:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). child_options = atoi(variables[x]); data/nagios4-4.4.6/cgi/cmd.c:603:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). plugin_state = atoi(variables[x]); data/nagios4-4.4.6/cgi/cmd.c:614:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(variables[x]) < 0) { data/nagios4-4.4.6/cgi/cmd.c:618:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). duration += (unsigned long)(atoi(variables[x]) * 3600); data/nagios4-4.4.6/cgi/cmd.c:629:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(variables[x]) < 0) { data/nagios4-4.4.6/cgi/cmd.c:633:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). duration += (unsigned long)(atoi(variables[x]) * 60); data/nagios4-4.4.6/cgi/cmd.c:644:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. start_time_string = (char *)malloc(strlen(variables[x]) + 1); data/nagios4-4.4.6/cgi/cmd.c:659:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. end_time_string = (char *)malloc(strlen(variables[x]) + 1); data/nagios4-4.4.6/cgi/cmd.c:723:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_time_str[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/cmd.c:724:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/cmd.c:1925:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAX_EXTERNAL_COMMAND_LENGTH]; data/nagios4-4.4.6/cgi/cmd.c:2290:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(command_file, "w"); data/nagios4-4.4.6/cgi/config.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/config.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/config.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_docs_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/config.c:36:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/config.c:37:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_logo_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/config.c:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/config.c:82:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_expand[MAX_COMMAND_BUFFER]; data/nagios4-4.4.6/cgi/config.c:83:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hashed_color[8]; data/nagios4-4.4.6/cgi/config.c:281:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/config.c:425:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_string[16]; data/nagios4-4.4.6/cgi/config.c:1157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command_line[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/config.c:1161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_string[16]; data/nagios4-4.4.6/cgi/config.c:1473:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *months[12] = {"january", "february", "march", "april", "may", "june", "july", "august", "september", "october", "november", "december"}; data/nagios4-4.4.6/cgi/config.c:1474:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *days[7] = {"sunday", "monday", "tuesday", "wednesday", "thursday", "friday", "saturday"}; data/nagios4-4.4.6/cgi/config.c:1479:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestring[10]; data/nagios4-4.4.6/cgi/config.c:1820:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_string[16] = ""; data/nagios4-4.4.6/cgi/config.c:2044:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_string[16] = ""; data/nagios4-4.4.6/cgi/config.c:2209:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char commandline[MAX_COMMAND_BUFFER]; data/nagios4-4.4.6/cgi/config.c:2210:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *command_args[MAX_COMMAND_ARGUMENTS]; data/nagios4-4.4.6/cgi/config.c:2304:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(cc); data/nagios4-4.4.6/cgi/extinfo.c:36:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char nagios_process_info[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/extinfo.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:45:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:46:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:47:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_docs_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:48:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_logo_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_js_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/extinfo.c:525:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:629:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_type = atoi(variables[x]); data/nagios4-4.4.6/cgi/extinfo.c:714:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sort_type = atoi(variables[x]); data/nagios4-4.4.6/cgi/extinfo.c:725:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sort_option = atoi(variables[x]); data/nagios4-4.4.6/cgi/extinfo.c:746:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:749:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char run_time_string[24]; data/nagios4-4.4.6/cgi/extinfo.c:788:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(run_time_string, "%dd %dh %dm %ds", days, hours, minutes, seconds); data/nagios4-4.4.6/cgi/extinfo.c:916:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:917:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_duration[48]; data/nagios4-4.4.6/cgi/extinfo.c:918:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status_age[48]; data/nagios4-4.4.6/cgi/extinfo.c:919:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_string[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/extinfo.c:1001:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "UP"); data/nagios4-4.4.6/cgi/extinfo.c:1005:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "DOWN"); data/nagios4-4.4.6/cgi/extinfo.c:1009:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "UNREACHABLE"); data/nagios4-4.4.6/cgi/extinfo.c:1224:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:1225:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status_age[48]; data/nagios4-4.4.6/cgi/extinfo.c:1226:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_duration[48]; data/nagios4-4.4.6/cgi/extinfo.c:1228:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_string[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/extinfo.c:1311:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "OK"); data/nagios4-4.4.6/cgi/extinfo.c:1315:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "WARNING"); data/nagios4-4.4.6/cgi/extinfo.c:1319:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "CRITICAL"); data/nagios4-4.4.6/cgi/extinfo.c:1323:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "UNKNOWN"); data/nagios4-4.4.6/cgi/extinfo.c:1762:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:1767:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expire_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:2448:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:2452:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expire_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:2590:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:2749:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/extinfo.c:2750:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_url[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/extinfo.c:3032:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hname[2]; data/nagios4-4.4.6/cgi/extinfo.c:3033:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *service_description[2]; data/nagios4-4.4.6/cgi/getcgi.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempbuf[3]; data/nagios4-4.4.6/cgi/getcgi.c:170:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(!(content_length = atoi(content_length_string))) { data/nagios4-4.4.6/cgi/getcgi.c:333:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char locale_string[ 64]; data/nagios4-4.4.6/cgi/histogram.c:125:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/histogram.c:126:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/histogram.c:127:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/histogram.c:128:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/histogram.c:129:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char physical_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/histogram.c:227:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/histogram.c:228:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char image_template[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/histogram.c:229:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_timestring[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/histogram.c:230:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char end_timestring[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/histogram.c:616:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). image_file = fopen(image_template, "r"); data/nagios4-4.4.6/cgi/histogram.c:661:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). image_file = fopen("/tmp/histogram.png", "w"); data/nagios4-4.4.6/cgi/histogram.c:998:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/histogram.c:1110:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((host_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/histogram.c:1125:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((svc_description = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/histogram.c:1169:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backtrack_archives = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1231:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_month = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1247:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_day = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1263:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_year = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1279:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_minute = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1295:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_second = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1311:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_hour = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1328:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_month = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1344:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_day = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1360:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_year = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1376:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_minute = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1392:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_second = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1408:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_hour = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1447:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). graph_events = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1458:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). graph_statetypes = atoi(variables[x]); data/nagios4-4.4.6/cgi/histogram.c:1546:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/histogram.c:1549:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *days[7] = {"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"}; data/nagios4-4.4.6/cgi/histogram.c:1550:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *months[12] = {"January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December"}; data/nagios4-4.4.6/cgi/histogram.c:1551:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_time[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/histogram.c:1552:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char end_time[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/histogram.c:2170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/histogram.c:2218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_host_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/histogram.c:2219:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_svc_description[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/history.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/history.c:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/history.c:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/history.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/history.c:62:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_file_to_use[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/history.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/history.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer2[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/history.c:273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/history.c:351:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((host_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/history.c:371:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((svc_description = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/history.c:387:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). history_options = atoi(variables[x]); data/nagios4-4.4.6/cgi/history.c:398:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). state_options = atoi(variables[x]); data/nagios4-4.4.6/cgi/history.c:410:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_archive = atoi(variables[x]); data/nagios4-4.4.6/cgi/history.c:459:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char image[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/history.c:460:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char image_alt[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/history.c:463:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char match1[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/history.c:464:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char match2[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/history.c:469:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/history.c:479:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_message_date[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/history.c:480:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char current_message_date[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/jsonutils.c:218:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *dayofweek[7] = { "Sunday", "Monday", "Tuesday", "Wednesday", data/nagios4-4.4.6/cgi/jsonutils.c:220:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *month[12] = { "January", "February", "March", "April", "May", data/nagios4-4.4.6/cgi/jsonutils.c:274:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/jsonutils.c:613:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[1024]; data/nagios4-4.4.6/cgi/jsonutils.c:657:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[1024]; data/nagios4-4.4.6/cgi/jsonutils.c:832:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *)result_types[ type]); data/nagios4-4.4.6/cgi/jsonutils.c:1067:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/nagios4-4.4.6/cgi/jsonutils.c:1096:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/nagios4-4.4.6/cgi/jsonutils.c:1341:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *var = atoi(value); data/nagios4-4.4.6/cgi/jsonutils.c:1378:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/nagios4-4.4.6/cgi/notifications.c:32:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/notifications.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/notifications.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/notifications.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_docs_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/notifications.c:36:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/notifications.c:59:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_file_to_use[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/notifications.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/notifications.c:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer2[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/notifications.c:262:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/notifications.c:394:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notification_options = atoi(variables[x]); data/nagios4-4.4.6/cgi/notifications.c:405:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_archive = atoi(variables[x]); data/nagios4-4.4.6/cgi/notifications.c:452:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/notifications.c:453:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alert_level[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/notifications.c:454:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alert_level_class[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/notifications.c:455:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char contact_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/notifications.c:456:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/notifications.c:457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/notifications.c:458:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char method_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/notifications.c:563:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "CRITICAL"); data/nagios4-4.4.6/cgi/notifications.c:567:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "WARNING"); data/nagios4-4.4.6/cgi/notifications.c:570:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level, "OK"); data/nagios4-4.4.6/cgi/notifications.c:572:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "OK"); data/nagios4-4.4.6/cgi/notifications.c:576:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "CUSTOM"); data/nagios4-4.4.6/cgi/notifications.c:580:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "ACKNOWLEDGEMENT"); data/nagios4-4.4.6/cgi/notifications.c:583:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level, "FLAPPING START"); data/nagios4-4.4.6/cgi/notifications.c:585:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "UNKNOWN"); data/nagios4-4.4.6/cgi/notifications.c:588:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level, "FLAPPING STOP"); data/nagios4-4.4.6/cgi/notifications.c:590:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "UNKNOWN"); data/nagios4-4.4.6/cgi/notifications.c:594:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "DOWNTIME"); data/nagios4-4.4.6/cgi/notifications.c:597:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level, "UNKNOWN"); data/nagios4-4.4.6/cgi/notifications.c:599:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "UNKNOWN"); data/nagios4-4.4.6/cgi/notifications.c:607:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "HOSTDOWN"); data/nagios4-4.4.6/cgi/notifications.c:612:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "HOSTUNREACHABLE"); data/nagios4-4.4.6/cgi/notifications.c:617:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "HOSTUP"); data/nagios4-4.4.6/cgi/notifications.c:621:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "HOSTCUSTOM"); data/nagios4-4.4.6/cgi/notifications.c:625:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "HOSTACKNOWLEDGEMENT"); data/nagios4-4.4.6/cgi/notifications.c:629:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level, "FLAPPING START"); data/nagios4-4.4.6/cgi/notifications.c:630:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "UNKNOWN"); data/nagios4-4.4.6/cgi/notifications.c:634:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level, "FLAPPING STOP"); data/nagios4-4.4.6/cgi/notifications.c:635:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "UNKNOWN"); data/nagios4-4.4.6/cgi/notifications.c:639:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(alert_level_class, "DOWNTIME"); data/nagios4-4.4.6/cgi/objectjson.c:48:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/objectjson.c:1161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/objectjson.c:4671:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. json_object_append_array(json_days, (char *)dayofweek[x], data/nagios4-4.4.6/cgi/objectjson.c:4739:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *)month[temp_daterange->smon]); data/nagios4-4.4.6/cgi/objectjson.c:4745:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &percent_escapes, (char *)month[temp_daterange->smon]); data/nagios4-4.4.6/cgi/objectjson.c:4749:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &percent_escapes, (char *)month[temp_daterange->emon]); data/nagios4-4.4.6/cgi/objectjson.c:4791:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *)month[temp_daterange->smon]); data/nagios4-4.4.6/cgi/objectjson.c:4793:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &percent_escapes, (char *)dayofweek[temp_daterange->swday]); data/nagios4-4.4.6/cgi/objectjson.c:4799:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &percent_escapes, (char *)month[temp_daterange->smon]); data/nagios4-4.4.6/cgi/objectjson.c:4801:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &percent_escapes, (char *)dayofweek[temp_daterange->swday]); data/nagios4-4.4.6/cgi/objectjson.c:4805:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &percent_escapes, (char *)month[temp_daterange->emon]); data/nagios4-4.4.6/cgi/objectjson.c:4807:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &percent_escapes, (char *)dayofweek[temp_daterange->ewday]); data/nagios4-4.4.6/cgi/objectjson.c:4826:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &percent_escapes, (char *)dayofweek[temp_daterange->swday]); data/nagios4-4.4.6/cgi/objectjson.c:4832:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &percent_escapes, (char *)dayofweek[temp_daterange->swday]); data/nagios4-4.4.6/cgi/objectjson.c:4836:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. &percent_escapes, (char *)dayofweek[temp_daterange->ewday]); data/nagios4-4.4.6/cgi/outages.c:37:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/outages.c:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/outages.c:39:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/outages.c:40:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/outages.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_logo_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/outages.c:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/outages.c:239:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). service_severity_divisor = atoi(variables[x]); data/nagios4-4.4.6/cgi/outages.c:264:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/outages.c:280:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_duration[48]; data/nagios4-4.4.6/cgi/showlog.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/showlog.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/showlog.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/showlog.c:36:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/showlog.c:48:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_file_to_use[MAX_FILENAME_LENGTH] = ""; data/nagios4-4.4.6/cgi/showlog.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/showlog.c:145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/showlog.c:224:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_archive = atoi(variables[x]); data/nagios4-4.4.6/cgi/showlog.c:267:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char image[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/showlog.c:268:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char image_alt[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/showlog.c:271:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/showlog.c:274:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_message_date[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/showlog.c:275:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char current_message_date[MAX_INPUT_BUFFER] = ""; data/nagios4-4.4.6/cgi/showlog.c:398:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Passive Service Check"); data/nagios4-4.4.6/cgi/showlog.c:402:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Passive Host Check"); data/nagios4-4.4.6/cgi/showlog.c:418:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Service started flapping"); data/nagios4-4.4.6/cgi/showlog.c:422:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Service stopped flapping"); data/nagios4-4.4.6/cgi/showlog.c:426:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Service flap detection disabled"); data/nagios4-4.4.6/cgi/showlog.c:430:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Host started flapping"); data/nagios4-4.4.6/cgi/showlog.c:434:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Host stopped flapping"); data/nagios4-4.4.6/cgi/showlog.c:438:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Host flap detection disabled"); data/nagios4-4.4.6/cgi/showlog.c:442:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Service entered a period of scheduled downtime"); data/nagios4-4.4.6/cgi/showlog.c:446:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Service exited a period of scheduled downtime"); data/nagios4-4.4.6/cgi/showlog.c:450:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Service scheduled downtime has been cancelled"); data/nagios4-4.4.6/cgi/showlog.c:454:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Host entered a period of scheduled downtime"); data/nagios4-4.4.6/cgi/showlog.c:458:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Host exited a period of scheduled downtime"); data/nagios4-4.4.6/cgi/showlog.c:462:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(image_alt, "Host scheduled downtime has been cancelled"); data/nagios4-4.4.6/cgi/status.c:37:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:39:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_docs_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:40:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:42:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_logo_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:43:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_media_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_js_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:141:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alert_message[MAX_MESSAGE_BUFFER]; data/nagios4-4.4.6/cgi/status.c:519:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:648:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. hostgroup_name = (char *)strdup(variables[x]); data/nagios4-4.4.6/cgi/status.c:701:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). overview_columns = atoi(variables[x]); data/nagios4-4.4.6/cgi/status.c:714:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). service_status_types = atoi(variables[x]); data/nagios4-4.4.6/cgi/status.c:725:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). host_status_types = atoi(variables[x]); data/nagios4-4.4.6/cgi/status.c:780:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sort_type = atoi(variables[x]); data/nagios4-4.4.6/cgi/status.c:791:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sort_option = atoi(variables[x]); data/nagios4-4.4.6/cgi/status.c:820:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). page_start = atoi(variables[x]); data/nagios4-4.4.6/cgi/status.c:828:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_result_limit = atoi(variables[x]); data/nagios4-4.4.6/cgi/status.c:1393:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:1394:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_duration[48]; data/nagios4-4.4.6/cgi/status.c:1395:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/status.c:1396:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/status.c:1397:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_url[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/status.c:1730:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(date_time, "N/A"); data/nagios4-4.4.6/cgi/status.c:2056:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/status.c:2057:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_duration[48]; data/nagios4-4.4.6/cgi/status.c:2058:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/status.c:2059:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/status.c:2060:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_url[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/status.c:2314:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(date_time, "N/A"); data/nagios4-4.4.6/cgi/status.c:3783:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/status.c:3889:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/statusjson.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statusjson.c:1166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/statusmap.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statusmap.c:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statusmap.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char physical_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statusmap.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statusmap.c:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_logo_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statusmap.c:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statusmap.c:149:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char physical_logo_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statusmap.c:311:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/statusmap.c:426:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((host_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/statusmap.c:457:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). canvas_x = atoi(variables[x]); data/nagios4-4.4.6/cgi/statusmap.c:466:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). canvas_y = atoi(variables[x]); data/nagios4-4.4.6/cgi/statusmap.c:477:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). canvas_width = atoi(variables[x]); data/nagios4-4.4.6/cgi/statusmap.c:486:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). canvas_height = atoi(variables[x]); data/nagios4-4.4.6/cgi/statusmap.c:495:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). proximity_width = atoi(variables[x]); data/nagios4-4.4.6/cgi/statusmap.c:505:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). proximity_height = atoi(variables[x]); data/nagios4-4.4.6/cgi/statusmap.c:529:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_image_width = atoi(variables[x]); data/nagios4-4.4.6/cgi/statusmap.c:537:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_image_height = atoi(variables[x]); data/nagios4-4.4.6/cgi/statusmap.c:547:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). layout_method = atoi(variables[x]); data/nagios4-4.4.6/cgi/statusmap.c:603:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/statusmap.c:1390:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/statusmap.c:1596:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char image_input_file[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/statusmap.c:1882:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/statusmap.c:1937:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[48]; data/nagios4-4.4.6/cgi/statusmap.c:1940:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_duration[48]; data/nagios4-4.4.6/cgi/statusmap.c:2131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char image_input_file[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/statusmap.c:2201:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "rb"); data/nagios4-4.4.6/cgi/statuswml.c:31:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statuswml.c:185:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/statuswml.c:247:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((hostgroup_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/statuswml.c:266:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((host_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/statuswml.c:280:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((service_desc = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/statuswml.c:319:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((ping_address = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/statuswml.c:333:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((traceroute_address = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/statuswml.c:853:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_check[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/statuswml.c:860:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_duration[48]; data/nagios4-4.4.6/cgi/statuswml.c:1068:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_check[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/statuswml.c:1075:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_duration[48]; data/nagios4-4.4.6/cgi/statuswml.c:1227:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/statuswml.c:1228:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/statuswml.c:1327:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/statuswrl.c:37:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statuswrl.c:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statuswrl.c:39:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statuswrl.c:40:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_logo_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/statuswrl.c:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/statuswrl.c:235:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((host_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/statuswrl.c:265:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). layout_method = atoi(variables[x]); data/nagios4-4.4.6/cgi/statuswrl.c:902:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_string[16] = ""; data/nagios4-4.4.6/cgi/statuswrl.c:994:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "UNKNOWN"); data/nagios4-4.4.6/cgi/statuswrl.c:997:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "DOWN"); data/nagios4-4.4.6/cgi/statuswrl.c:999:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "UNREACHABLE"); data/nagios4-4.4.6/cgi/statuswrl.c:1001:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "PENDING"); data/nagios4-4.4.6/cgi/statuswrl.c:1003:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "UP"); data/nagios4-4.4.6/cgi/summary.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/summary.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/summary.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/summary.c:36:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/summary.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/summary.c:199:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_timestring[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/summary.c:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char end_timestring[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/summary.c:649:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/summary.c:819:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_month = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:835:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_day = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:851:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_year = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:867:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_minute = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:883:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_second = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:899:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_hour = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:916:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_month = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:932:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_day = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:948:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_year = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:964:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_minute = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:980:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_second = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:996:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_hour = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:1009:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). item_limit = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:1020:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). state_types = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:1031:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). alert_types = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:1042:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). host_states = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:1053:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). service_states = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:1064:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). generate_report = (atoi(variables[x]) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/cgi/summary.c:1076:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). display_type = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:1087:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). standard_report = atoi(variables[x]); data/nagios4-4.4.6/cgi/summary.c:1098:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((target_hostgroup_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/summary.c:1118:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((target_servicegroup_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/summary.c:1138:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((target_host_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/summary.c:1161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/summary.c:1194:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_host_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/summary.c:1195:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_svc_description[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/summary.c:1703:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/tac.c:47:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/tac.c:48:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/tac.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/tac.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/tac.c:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_media_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/tac.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_js_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/tac.c:272:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/tac.c:870:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_health_image[16]; data/nagios4-4.4.6/cgi/tac.c:871:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service_health_image[16]; data/nagios4-4.4.6/cgi/trends.c:39:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char main_config_file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/trends.c:40:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_html_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/trends.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/trends.c:42:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char url_stylesheets_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/trends.c:43:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char physical_images_path[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/trends.c:245:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:246:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char image_template[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:247:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_time[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:248:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char end_time[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:251:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_timestring[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:252:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char end_timestring[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:734:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). image_file = fopen(image_template, "r"); data/nagios4-4.4.6/cgi/trends.c:859:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). image_file = fopen("trends.png", "w"); data/nagios4-4.4.6/cgi/trends.c:1201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/cgi/trends.c:1317:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((host_name = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/trends.c:1332:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((svc_description = (char *)strdup(variables[x])) == NULL) data/nagios4-4.4.6/cgi/trends.c:1390:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). initial_assumed_host_state = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1401:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). initial_assumed_service_state = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1454:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). zoom_factor = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1467:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backtrack_archives = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1529:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_month = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1545:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_day = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1561:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_year = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1577:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_minute = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1593:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_second = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1609:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_hour = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1626:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_month = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1642:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_day = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1658:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_year = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1674:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_minute = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1690:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_second = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:1706:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_hour = atoi(variables[x]); data/nagios4-4.4.6/cgi/trends.c:2077:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:2078:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_string[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:2079:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char end_timestring[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:2080:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_timestring[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:2223:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "UP"); data/nagios4-4.4.6/cgi/trends.c:2227:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "DOWN"); data/nagios4-4.4.6/cgi/trends.c:2231:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "UNREACHABLE"); data/nagios4-4.4.6/cgi/trends.c:2235:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "OK"); data/nagios4-4.4.6/cgi/trends.c:2239:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "WARNING"); data/nagios4-4.4.6/cgi/trends.c:2243:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "UNKNOWN"); data/nagios4-4.4.6/cgi/trends.c:2247:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(state_string, "CRITICAL"); data/nagios4-4.4.6/cgi/trends.c:2460:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/cgi/trends.c:2508:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_host_name[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:2509:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entry_svc_description[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:2794:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/cgi/trends.c:2819:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[MAX_INPUT_BUFFER]; data/nagios4-4.4.6/common/downtime.c:385:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_time_string[MAX_DATETIME_LENGTH] = ""; data/nagios4-4.4.6/common/downtime.c:386:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flex_start_string[MAX_DATETIME_LENGTH] = ""; data/nagios4-4.4.6/common/downtime.c:387:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char end_time_string[MAX_DATETIME_LENGTH] = ""; data/nagios4-4.4.6/common/downtime.c:1159:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(downtime_cpy, temp_downtime, sizeof(scheduled_downtime)); data/nagios4-4.4.6/common/macros.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *macro_x_names[MACRO_X_COUNT]; /* the macro names */ data/nagios4-4.4.6/common/macros.c:36:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *macro_user[MAX_USER_MACROS]; /* $USERx$ macros */ data/nagios4-4.4.6/common/macros.c:395:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_arg[MAX_COMMAND_BUFFER] = ""; data/nagios4-4.4.6/common/macros.c:457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *arg[2] = {NULL, NULL}; data/nagios4-4.4.6/common/macros.c:491:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x = atoi(macro_buffer + 3); data/nagios4-4.4.6/common/macros.c:505:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x = atoi(macro_buffer + 4); data/nagios4-4.4.6/common/macros.c:567:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x = atoi(macro_name + 14) - 1; data/nagios4-4.4.6/common/macros.c:2589:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&encoded_url_string[y], "%%%02X", (unsigned int)(input[x] & 0xFF)); data/nagios4-4.4.6/common/objects.c:102:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[16]; data/nagios4-4.4.6/common/objects.c:2990:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[12]; data/nagios4-4.4.6/common/objects.c:2999:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%02d:%02d-%02d:%02d", sh, sm, eh, em); data/nagios4-4.4.6/common/objects.c:3044:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *days[7] = {"sunday", "monday", "tuesday", "wednesday", "thursday", "friday", "saturday"}; data/nagios4-4.4.6/common/objects.c:3045:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *months[12] = {"january", "february", "march", "april", "may", "june", "july", "august", "september", "october", "november", "december"}; data/nagios4-4.4.6/common/objects.c:3478:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(cache_file, "w"); data/nagios4-4.4.6/common/shared.c:230:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fd = open(filename, mode)) == -1) { data/nagios4-4.4.6/common/shared.c:325:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data/nagios4-4.4.6/common/shared.c:362:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, tempbuf, len); data/nagios4-4.4.6/common/shared.c:533:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *weekdays[7] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" }; data/nagios4-4.4.6/common/shared.c:534:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *months[12] = { data/nagios4-4.4.6/common/statusdata.c:257:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_string[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/common/statusdata.c:325:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_string[MAX_DATETIME_LENGTH]; data/nagios4-4.4.6/contrib/convertcfg.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input[8096]; data/nagios4-4.4.6/contrib/convertcfg.c:96:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[1], "r"); data/nagios4-4.4.6/contrib/convertcfg.c:196:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_recovery = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:198:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_critical = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:200:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_warning = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:226:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_recovery = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:228:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_down = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:230:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_unreachable = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:343:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tmax_check_attempts\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/convertcfg.c:345:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tnotification_interval\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/convertcfg.c:352:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_recovery = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:354:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_down = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:356:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_unreachable = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:452:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tis_volatile\t\t\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/convertcfg.c:458:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tmax_check_attempts\t\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/convertcfg.c:461:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tnormal_check_interval\t\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/convertcfg.c:464:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tretry_check_interval\t\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/convertcfg.c:471:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tnotification_interval\t\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/convertcfg.c:478:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_recovery = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:480:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_critical = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:482:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). notify_warning = atoi(temp_ptr); data/nagios4-4.4.6/contrib/convertcfg.c:533:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tfirst_notification\t\t%d\n", atoi(temp_ptr + 1)); data/nagios4-4.4.6/contrib/convertcfg.c:536:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tlast_notification\t\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/convertcfg.c:542:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tnotification_interval\t\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/convertcfg.c:564:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tfirst_notification\t\t%d\n", atoi(temp_ptr + 1)); data/nagios4-4.4.6/contrib/convertcfg.c:567:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tlast_notification\t\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/convertcfg.c:573:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("\tnotification_interval\t\t%d\n", atoi(temp_ptr)); data/nagios4-4.4.6/contrib/daemonchk.c:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input_buffer[CHARLEN]; data/nagios4-4.4.6/contrib/daemonchk.c:55:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ct = atoi(optarg); data/nagios4-4.4.6/contrib/daemonchk.c:58:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wt = atoi(optarg); data/nagios4-4.4.6/contrib/daemonchk.c:83:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(lock_file, "r"); data/nagios4-4.4.6/contrib/daemonchk.c:148:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date_time[48]; data/nagios4-4.4.6/contrib/daemonchk.c:192:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *weekdays[7] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"}; data/nagios4-4.4.6/contrib/daemonchk.c:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *months[12] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"}; data/nagios4-4.4.6/include/common.h:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char illegal_output_char_map[256]; data/nagios4-4.4.6/include/common.h:73:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *_tzname[2] __declspec(dllimport); data/nagios4-4.4.6/include/common.h:75:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *tzname[2]; data/nagios4-4.4.6/include/jsonutils.h:77:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * required[25]; /* optiontypes required data/nagios4-4.4.6/include/jsonutils.h:79:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * optional[25]; /* optiontypes optional data/nagios4-4.4.6/include/macros.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *x[MACRO_X_COUNT]; data/nagios4-4.4.6/include/macros.h:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[MAX_COMMAND_ARGUMENTS]; data/nagios4-4.4.6/include/macros.h:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *contactaddress[MAX_CONTACT_ADDRESSES]; data/nagios4-4.4.6/include/nagios.h:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *macro_user[MAX_USER_MACROS]; data/nagios4-4.4.6/include/nebmodules.h:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *info[NEBMODULE_MODINFO_NUMITEMS]; data/nagios4-4.4.6/include/objects.h:344:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *address[MAX_CONTACT_ADDRESSES]; data/nagios4-4.4.6/lib/bitmap.c:104:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret->vector, bm->vector, bitmap_size(bm)); data/nagios4-4.4.6/lib/bitmap.c:116:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char bpb[256] = { data/nagios4-4.4.6/lib/bitmap.c:280:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bm->vector[i], &b->vector[i], (b->alloc - a->alloc) * MAPSIZE); data/nagios4-4.4.6/lib/bitmap.c:294:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bm->vector[i], &b->vector[i], (b->alloc - a->alloc) * MAPSIZE); data/nagios4-4.4.6/lib/iocache.c:228:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ioc->ioc_buf + ioc->ioc_offset, buf, len); data/nagios4-4.4.6/lib/kvvec.c:214:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kvvb->buf + len, kv->key, kv->key_len); data/nagios4-4.4.6/lib/kvvec.c:218:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kvvb->buf + len, kv->value, kv->value_len); data/nagios4-4.4.6/lib/kvvec.c:304:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kv->key, str + offset, kv->key_len); data/nagios4-4.4.6/lib/kvvec.c:323:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kv->value, str + offset, kv->value_len); data/nagios4-4.4.6/lib/nsock.c:58:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&saun.sun_path, path, slen); data/nagios4-4.4.6/lib/nsock.c:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stack_buf[4096]; data/nagios4-4.4.6/lib/nspath.c:53:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(path + offset, pcomp[i].str, pcomp[i].len); data/nagios4-4.4.6/lib/nspath.c:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[PATH_MAX]; data/nagios4-4.4.6/lib/nsutils.c:84:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[MKSTR_BUFS][32]; /* 8k statically on the stack */ data/nagios4-4.4.6/lib/pqueue.c:264:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dup->d, q->d, (q->size * sizeof(void *))); data/nagios4-4.4.6/lib/snprintf.c:692:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(buffer[currlen]), &(base[cnk->start]), len); data/nagios4-4.4.6/lib/snprintf.c:815:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[20]; data/nagios4-4.4.6/lib/snprintf.c:965:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconvert[311]; data/nagios4-4.4.6/lib/snprintf.c:966:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fconvert[311]; data/nagios4-4.4.6/lib/snprintf.c:1272:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[1024]; data/nagios4-4.4.6/lib/snprintf.c:1273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[1024]; data/nagios4-4.4.6/lib/snprintf.c:1402:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. l2 = sprintf(buf2, "%4$*1$d %2$s %3$*1$.*1$f", 3, "pos test", 12.3456, 9); data/nagios4-4.4.6/lib/snprintf.c:1412:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. l2 = sprintf(buf2, "%4$*4$d %2$s %3$*4$.*4$f", 3, "pos test", 12.3456, 9); data/nagios4-4.4.6/lib/snprintf.c:1422:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. l2 = sprintf(buf2, "%lld", (LLONG)1234567890); data/nagios4-4.4.6/lib/snprintf.c:1432:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. l2 = sprintf(buf2, "%Lf", (LDOUBLE)890.1234567890123); data/nagios4-4.4.6/lib/snprintf.c:1449:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, "%1.1f", r); data/nagios4-4.4.6/lib/test-dkhash.c:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *strs[10]; data/nagios4-4.4.6/lib/test-dkhash.c:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32]; data/nagios4-4.4.6/lib/test-dkhash.c:159:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "string %d", x); data/nagios4-4.4.6/lib/test-iobroker.c:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/nagios4-4.4.6/lib/test-iobroker.c:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/nagios4-4.4.6/lib/test-iocache.c:30:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ioc->ioc_buf[ioc->ioc_buflen], sc[i].str, sc[i].len); data/nagios4-4.4.6/lib/test-iocache.c:32:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ioc->ioc_buf + ioc->ioc_buflen, delim, delim_len); data/nagios4-4.4.6/lib/test-nsutils.c:28:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&stop, &start, sizeof(start)); data/nagios4-4.4.6/lib/test-runcmd.c:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv_exp[10]; data/nagios4-4.4.6/lib/test-runcmd.c:148:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *out_argv[256]; data/nagios4-4.4.6/lib/test-runcmd.c:162:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *out_argv[256]; data/nagios4-4.4.6/lib/test-squeue.c:22:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dup, q, sizeof(*q)); data/nagios4-4.4.6/lib/test-squeue.c:24:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dup->d, q->d, (q->size * sizeof(void *))); data/nagios4-4.4.6/lib/worker.c:91:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lmsg[8192] = "log="; data/nagios4-4.4.6/lib/worker.c:112:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lmsg + len, MSG_DELIM, MSG_DELIM_LEN); data/nagios4-4.4.6/lib/worker.c:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[4096]; data/nagios4-4.4.6/lib/worker.c:168:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kvvb->buf + (kvvb->bufsize - MSG_DELIM_LEN), MSG_DELIM, MSG_DELIM_LEN); data/nagios4-4.4.6/lib/worker.c:450:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/nagios4-4.4.6/lib/worker.c:458:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/nagios4-4.4.6/lib/worker.c:463:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "job %d (pid=%ld): read() returned error %d", cp->id, (long)cp->ei->pid, errno); data/nagios4-4.4.6/lib/worker.c:475:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&io->buf[io->len], buf, rd); data/nagios4-4.4.6/lib/wproc.c:169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/nagios4-4.4.6/module/helloworld.c:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[1024]; data/nagios4-4.4.6/module/helloworld.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[1024]; data/nagios4-4.4.6/module/helloworld.c:101:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[1024]; data/nagios4-4.4.6/module/helloworld.c:115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[1024]; data/nagios4-4.4.6/t-tap/stub_macros.c:1:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * macro_user[MAX_USER_MACROS]; data/nagios4-4.4.6/t-tap/stub_nsock.c:3:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/nagios4-4.4.6/t-tap/test_checks.c:350:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cr = fopen(filename, "w"); data/nagios4-4.4.6/t-tap/test_checks.c:370:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cr = fopen(ok_filename, "w"); data/nagios4-4.4.6/t-tap/test_checks.c:1537:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[1024]; data/nagios4-4.4.6/t-tap/test_nagios_config.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datestring[256]; data/nagios4-4.4.6/worker/ping/worker-ping.c:215:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char response[128]; data/nagios4-4.4.6/worker/ping/worker-ping.c:278:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). gid = ( gid_t)atoi( group); data/nagios4-4.4.6/worker/ping/worker-ping.c:308:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uid = ( uid_t)atoi( user); data/nagios4-4.4.6/worker/ping/worker-ping.c:345:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/nagios4-4.4.6/worker/ping/worker-ping.c:375:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open( "/dev/null", O_RDONLY); data/nagios4-4.4.6/worker/ping/worker-ping.c:376:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open( "/dev/null", O_WRONLY); data/nagios4-4.4.6/worker/ping/worker-ping.c:377:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open( "/dev/null", O_WRONLY); data/nagios4-4.4.6/worker/ping/worker-ping.c:380:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lockfile = open( lock_file, data/nagios4-4.4.6/worker/ping/worker-ping.c:456:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%d\n", ( int)getpid()); data/nagios4-4.4.6/xdata/xodtemplate.c:565:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAX_FILENAME_LENGTH]; data/nagios4-4.4.6/xdata/xodtemplate.c:1315:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_timeperiod->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:1381:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_command->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:1477:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_contactgroup->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:1594:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hostgroup->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:1712:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicegroup->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:1815:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicedependency->inherits_parent = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:1871:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicedependency->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:1971:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_serviceescalation->first_notification = atoi(value); data/nagios4-4.4.6/xdata/xodtemplate.c:1975:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_serviceescalation->last_notification = atoi(value); data/nagios4-4.4.6/xdata/xodtemplate.c:2006:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_serviceescalation->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2093:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x = atoi(variable + 7); data/nagios4-4.4.6/xdata/xodtemplate.c:2184:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_contact->host_notifications_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2188:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_contact->service_notifications_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2192:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_contact->can_submit_commands = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2196:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_contact->retain_status_information = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2200:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_contact->retain_nonstatus_information = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2212:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_contact->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2469:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->max_check_attempts = atoi(value); data/nagios4-4.4.6/xdata/xodtemplate.c:2473:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->active_checks_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2477:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->passive_checks_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2481:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->event_handler_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2485:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->check_freshness = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2489:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->freshness_threshold = atoi(value); data/nagios4-4.4.6/xdata/xodtemplate.c:2501:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->flap_detection_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2555:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->notifications_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2590:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->process_perf_data = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2601:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->x_2d = atoi(temp_ptr); data/nagios4-4.4.6/xdata/xodtemplate.c:2606:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->y_2d = atoi(temp_ptr); data/nagios4-4.4.6/xdata/xodtemplate.c:2628:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->obsess = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2632:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->retain_status_information = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2636:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->retain_nonstatus_information = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2640:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2906:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->max_check_attempts = atoi(value); data/nagios4-4.4.6/xdata/xodtemplate.c:2922:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->active_checks_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2926:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->passive_checks_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2930:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->parallelize_check = atoi(value); data/nagios4-4.4.6/xdata/xodtemplate.c:2934:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->is_volatile = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2938:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->obsess = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2942:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->event_handler_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2946:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->check_freshness = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:2950:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->freshness_threshold = atoi(value); data/nagios4-4.4.6/xdata/xodtemplate.c:2962:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->flap_detection_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3020:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->notifications_enabled = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3057:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->process_perf_data = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3064:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->retain_status_information = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3068:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->retain_nonstatus_information = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3072:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3175:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hostdependency->inherits_parent = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3226:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hostdependency->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3311:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hostescalation->first_notification = atoi(value); data/nagios4-4.4.6/xdata/xodtemplate.c:3315:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hostescalation->last_notification = atoi(value); data/nagios4-4.4.6/xdata/xodtemplate.c:3344:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hostescalation->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3451:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hostextinfo->x_2d = atoi(temp_ptr); data/nagios4-4.4.6/xdata/xodtemplate.c:3457:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hostextinfo->y_2d = atoi(temp_ptr); data/nagios4-4.4.6/xdata/xodtemplate.c:3482:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hostextinfo->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3577:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_serviceextinfo->register_object = (atoi(value) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xodtemplate.c:3714:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buffer[5][MAX_INPUT_BUFFER] = {"", "", "", "", ""}; data/nagios4-4.4.6/xdata/xodtemplate.c:3953:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if((tperiod->timeranges[swday] = (char *)strdup(temp_buffer[1])) == NULL) data/nagios4-4.4.6/xdata/xodtemplate.c:4013:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *months[12] = {"january", "february", "march", "april", "may", "june", "july", "august", "september", "october", "november", "december"}; data/nagios4-4.4.6/xdata/xodtemplate.c:4033:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *days[7] = {"sunday", "monday", "tuesday", "wednesday", "thursday", "friday", "saturday"}; data/nagios4-4.4.6/xdata/xodtemplate.c:4573:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_service, temp_service, sizeof(*new_service)); data/nagios4-4.4.6/xdata/xodtemplate.c:4618:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_hostescalation, temp_hostescalation, sizeof(*new_hostescalation)); data/nagios4-4.4.6/xdata/xodtemplate.c:4654:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_serviceescalation, temp_serviceescalation, sizeof(*new_serviceescalation)); data/nagios4-4.4.6/xdata/xodtemplate.c:7421:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hours = atoi(time_buffer); data/nagios4-4.4.6/xdata/xodtemplate.c:7426:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minutes = atoi(time_buffer); data/nagios4-4.4.6/xdata/xodtemplate.c:7439:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hours = atoi(time_buffer); data/nagios4-4.4.6/xdata/xodtemplate.c:7444:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minutes = atoi(time_buffer); data/nagios4-4.4.6/xdata/xodtemplate.h:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *timeranges[7]; data/nagios4-4.4.6/xdata/xodtemplate.h:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *address[MAX_XODTEMPLATE_CONTACT_ADDRESSES]; data/nagios4-4.4.6/xdata/xodtemplate.h:157:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char have_address[MAX_XODTEMPLATE_CONTACT_ADDRESSES]; data/nagios4-4.4.6/xdata/xpddefault.c:405:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). host_perfdata_fd = open(host_perfdata_file, O_NONBLOCK | O_RDWR | O_CREAT, 0644); data/nagios4-4.4.6/xdata/xpddefault.c:409:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). host_perfdata_fp = fopen(host_perfdata_file, (host_perfdata_file_append == TRUE) ? "a" : "w"); data/nagios4-4.4.6/xdata/xpddefault.c:429:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). service_perfdata_fd = open(service_perfdata_file, O_NONBLOCK | O_RDWR); data/nagios4-4.4.6/xdata/xpddefault.c:433:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). service_perfdata_fp = fopen(service_perfdata_file, (service_perfdata_file_append == TRUE) ? "a" : "w"); data/nagios4-4.4.6/xdata/xrddefault.c:115:11: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). if((fd = mkstemp(tmp_file)) == -1) data/nagios4-4.4.6/xdata/xrddefault.c:866:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). update_available = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:896:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_notifications = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:900:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). execute_service_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:904:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). accept_passive_service_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:908:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). execute_host_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:912:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). accept_passive_host_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:916:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_event_handlers = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:920:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). obsess_over_services = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:924:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). obsess_over_hosts = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:928:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_service_freshness = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:932:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_host_freshness = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:936:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_flap_detection = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:940:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). process_performance_data = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1008:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->has_been_checked = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1014:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->check_type = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1016:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->current_state = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1018:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->last_state = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1020:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->last_hard_state = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1041:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->check_options = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1044:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->current_attempt = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1054:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->state_type = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1066:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->notified_on |= (atoi(val) > 0 ? OPT_DOWN : 0); data/nagios4-4.4.6/xdata/xrddefault.c:1068:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->notified_on |= (atoi(val) > 0 ? OPT_UNREACHABLE : 0); data/nagios4-4.4.6/xdata/xrddefault.c:1072:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->current_notification_number = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1076:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). was_flapping = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1080:59: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->check_flapping_recovery_notification = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1085:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->state_history[x] = atoi(ch); data/nagios4-4.4.6/xdata/xrddefault.c:1101:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->problem_has_been_acknowledged = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1103:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->acknowledgement_type = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1106:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->notifications_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1110:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->checks_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1114:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->accept_passive_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1118:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->event_handler_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1122:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->flap_detection_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1126:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->process_performance_data = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1130:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->obsess = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1207:75: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(temp_host->modified_attributes & MODATTR_MAX_CHECK_ATTEMPTS && atoi(val) >= 1) { data/nagios4-4.4.6/xdata/xrddefault.c:1209:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_host->max_attempts = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1227:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if((x = atoi(val)) > 0 && strlen(val) > 3) { data/nagios4-4.4.6/xdata/xrddefault.c:1277:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->has_been_checked = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1283:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->check_type = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1285:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->current_state = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1287:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->last_state = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1289:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->last_hard_state = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1291:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->current_attempt = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1301:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->state_type = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1334:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->check_options = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1337:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->notified_on |= ((atoi(val) > 0) ? OPT_UNKNOWN : 0); data/nagios4-4.4.6/xdata/xrddefault.c:1339:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->notified_on |= ((atoi(val) > 0) ? OPT_WARNING : 0); data/nagios4-4.4.6/xdata/xrddefault.c:1341:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->notified_on |= ((atoi(val) > 0) ? OPT_CRITICAL : 0); data/nagios4-4.4.6/xdata/xrddefault.c:1343:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->current_notification_number = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1349:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). was_flapping = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1353:62: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->check_flapping_recovery_notification = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1358:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->state_history[x] = atoi(ch); data/nagios4-4.4.6/xdata/xrddefault.c:1374:56: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->problem_has_been_acknowledged = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1376:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->acknowledgement_type = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1379:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->notifications_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1383:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->checks_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1387:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->accept_passive_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1391:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->event_handler_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1395:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->flap_detection_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1399:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->process_performance_data = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1403:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->obsess = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1480:78: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(temp_service->modified_attributes & MODATTR_MAX_CHECK_ATTEMPTS && atoi(val) >= 1) { data/nagios4-4.4.6/xdata/xrddefault.c:1482:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_service->max_attempts = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1500:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if((x = atoi(val)) > 0 && strlen(val) > 3) { data/nagios4-4.4.6/xdata/xrddefault.c:1592:54: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_contact->host_notifications_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1596:57: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_contact->service_notifications_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1608:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if((x = atoi(val)) > 0 && strlen(val) > 3) { data/nagios4-4.4.6/xdata/xrddefault.c:1633:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). entry_type = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1637:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). source = atoi(val); data/nagios4-4.4.6/xdata/xrddefault.c:1639:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). persistent = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1643:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expires = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1671:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fixed = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1675:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). is_in_effect = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xrddefault.c:1677:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_notification_sent = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:140:11: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). if((fd = mkstemp(tmp_log)) == -1) { data/nagios4-4.4.6/xdata/xsddefault.c:491:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input[MAX_PLUGIN_OUTPUT_LENGTH] = ""; data/nagios4-4.4.6/xdata/xsddefault.c:537:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(status_file_name, "r")) == NULL) data/nagios4-4.4.6/xdata/xsddefault.c:699:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nagios_pid = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:701:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). daemon_mode = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:707:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_notifications = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:709:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). execute_service_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:711:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). accept_passive_service_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:713:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). execute_host_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:715:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). accept_passive_host_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:717:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_event_handlers = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:719:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). obsess_over_services = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:721:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). obsess_over_hosts = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:723:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_service_freshness = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:725:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). check_host_freshness = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:727:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_flap_detection = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:729:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). process_performance_data = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:759:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). program_stats[x][0] = atoi(ptr); data/nagios4-4.4.6/xdata/xsddefault.c:761:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). program_stats[x][1] = atoi(ptr); data/nagios4-4.4.6/xdata/xsddefault.c:763:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). program_stats[x][2] = atoi(ptr); data/nagios4-4.4.6/xdata/xsddefault.c:776:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->has_been_checked = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:778:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->should_be_scheduled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:784:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->check_type = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:786:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->status = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:788:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->last_hard_state = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:800:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->current_attempt = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:802:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->max_attempts = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:808:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->check_options = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:810:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->state_type = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:826:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->no_more_notifications = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:828:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->current_notification_number = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:830:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->notifications_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:832:58: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->problem_has_been_acknowledged = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:834:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->acknowledgement_type = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:836:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->checks_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:838:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->accept_passive_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:840:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->event_handler_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:842:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->flap_detection_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:844:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->process_performance_data = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:846:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->obsess = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:850:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->is_flapping = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:854:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_hoststatus->scheduled_downtime_depth = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:869:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->has_been_checked = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:871:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->should_be_scheduled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:877:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->check_type = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:879:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->status = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:881:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->last_hard_state = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:883:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->current_attempt = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:885:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->max_attempts = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:887:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->state_type = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:915:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->check_options = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:917:58: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->current_notification_number = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:923:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->no_more_notifications = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:925:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->notifications_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:927:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->checks_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:929:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->accept_passive_checks = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:931:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->event_handler_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:933:61: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->problem_has_been_acknowledged = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:935:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->acknowledgement_type = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:937:54: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->flap_detection_enabled = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:939:56: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->process_performance_data = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:941:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->obsess = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:945:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->is_flapping = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:949:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp_servicestatus->scheduled_downtime_depth = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:967:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). entry_type = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:971:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). source = atoi(val); data/nagios4-4.4.6/xdata/xsddefault.c:973:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). persistent = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:977:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). expires = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:1005:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fixed = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:1011:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). is_in_effect = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/xdata/xsddefault.c:1013:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_notification_sent = (atoi(val) > 0) ? TRUE : FALSE; data/nagios4-4.4.6/base/commands.c:70:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(S_IWOTH); data/nagios4-4.4.6/base/config.c:183:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lth = strlen(website_url); data/nagios4-4.4.6/base/config.c:189:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). error = set_loadctl_options(value, strlen(value)) != OK; data/nagios4-4.4.6/base/config.c:198:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) > MAX_FILENAME_LENGTH - 1) { data/nagios4-4.4.6/base/config.c:217:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) > MAX_FILENAME_LENGTH - 1) { data/nagios4-4.4.6/base/config.c:232:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) > MAX_FILENAME_LENGTH - 1) { data/nagios4-4.4.6/base/config.c:257:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) > MAX_FILENAME_LENGTH - 1) { data/nagios4-4.4.6/base/config.c:266:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(check_result_path[strlen(check_result_path) - 1] == '/') data/nagios4-4.4.6/base/config.c:267:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). check_result_path[strlen(check_result_path) - 1] = '\x0'; data/nagios4-4.4.6/base/config.c:283:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) > MAX_FILENAME_LENGTH - 1) { data/nagios4-4.4.6/base/config.c:339:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:350:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:361:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:372:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:383:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:394:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:405:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:416:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:427:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:438:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:459:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:470:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:513:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:524:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:535:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:633:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:655:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:684:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) > MAX_FILENAME_LENGTH - 1) { data/nagios4-4.4.6/base/config.c:826:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:842:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:853:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:864:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:875:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:905:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:1059:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:1070:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(value) != 1 || value[0] < '0' || value[0] > '1') { data/nagios4-4.4.6/base/config.c:1240:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(temp_path[strlen(temp_path) - 1] == '/') data/nagios4-4.4.6/base/config.c:1241:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_path[strlen(temp_path) - 1] = '\x0'; data/nagios4-4.4.6/base/config.c:1244:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((strlen(temp_path) > MAX_FILENAME_LENGTH - 1)) { data/nagios4-4.4.6/base/config.c:1274:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(temp_file) > MAX_FILENAME_LENGTH - 1) { data/nagios4-4.4.6/base/config.c:1385:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(variable[0] == '$' && variable[strlen(variable) - 1] == '$') { data/nagios4-4.4.6/base/config.c:1388:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strstr(variable, "$USER") == variable && strlen(variable) > 5) { data/nagios4-4.4.6/base/logging.c:53:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buffer); data/nagios4-4.4.6/base/logging.c:409:97: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). asprintf(&log_archive, "%s%snagios-%02d-%02d-%d-%02d.log", log_archive_path, (log_archive_path[strlen(log_archive_path) - 1] == '/') ? "" : "/", t->tm_mon + 1, t->tm_mday, t->tm_year + 1900, t->tm_hour); data/nagios4-4.4.6/base/nagios.c:170:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(sd, response, 3); data/nagios4-4.4.6/base/nagios.c:176:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(sd, response + 3, sizeof(response) - 4); data/nagios4-4.4.6/base/nagiostats.c:1352:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). y = (int)strlen(buffer); data/nagios4-4.4.6/base/nagiostats.c:1361:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). y = (int)strlen(buffer); data/nagios4-4.4.6/base/nerd.c:292:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(h->name) + 2; /* room for separator */ data/nagios4-4.4.6/base/nerd.c:306:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(ret + pos, ppart, strlen(ppart)); data/nagios4-4.4.6/base/nerd.c:307:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos += strlen(ppart); data/nagios4-4.4.6/base/nerd.c:348:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nerd_broadcast(chan_opath_checks_id, buf, strlen(buf)); data/nagios4-4.4.6/base/notifications.c:2124:100: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((mac->x[MACRO_NOTIFICATIONRECIPIENTS] = (char *)realloc(mac->x[MACRO_NOTIFICATIONRECIPIENTS], strlen(mac->x[MACRO_NOTIFICATIONRECIPIENTS]) + strlen(cntct->name) + 2))) { data/nagios4-4.4.6/base/notifications.c:2124:147: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((mac->x[MACRO_NOTIFICATIONRECIPIENTS] = (char *)realloc(mac->x[MACRO_NOTIFICATIONRECIPIENTS], strlen(mac->x[MACRO_NOTIFICATIONRECIPIENTS]) + strlen(cntct->name) + 2))) { data/nagios4-4.4.6/base/notifications.c:2125:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mac->x[MACRO_NOTIFICATIONRECIPIENTS], ","); data/nagios4-4.4.6/base/query-handler.c:309:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > 128) { data/nagios4-4.4.6/base/query-handler.c:487:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(0117); data/nagios4-4.4.6/base/query-handler.c:490:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/nagios4-4.4.6/base/utils.c:626:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "(Error: Could not execute command)\n", sizeof(buffer) - 1); data/nagios4-4.4.6/base/utils.c:630:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(fd[1], buffer, strlen(buffer) + 1); data/nagios4-4.4.6/base/utils.c:638:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(fd[1], buffer, strlen(buffer)); data/nagios4-4.4.6/base/utils.c:721:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buffer, ""); data/nagios4-4.4.6/base/utils.c:725:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read(fd[0], buffer, sizeof(buffer) - 1); data/nagios4-4.4.6/base/utils.c:1906:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(homedir, "/"); data/nagios4-4.4.6/base/utils.c:1917:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(S_IWGRP | S_IWOTH); data/nagios4-4.4.6/base/utils.c:1944:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). val = read(lockfile, buf, (size_t)10); data/nagios4-4.4.6/base/utils.c:2047:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(lockfile, buf, strlen(buf)); data/nagios4-4.4.6/base/utils.c:2082:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strspn(group, "0123456789") < strlen(group)) { data/nagios4-4.4.6/base/utils.c:2099:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strspn(user, "0123456789") < strlen(user)) { data/nagios4-4.4.6/base/utils.c:2222:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x = strlen(dirfile->d_name); data/nagios4-4.4.6/base/utils.c:2635:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x = (int)strlen(name) - 1; data/nagios4-4.4.6/base/utils.c:2840:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rd_result = read(source_fd, buf, buf_size); data/nagios4-4.4.6/base/utils.c:2949:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buf); data/nagios4-4.4.6/base/utils.c:3375:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned long) strlen(api_query), api_query); data/nagios4-4.4.6/base/utils.c:3384:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_len = strlen(buf); data/nagios4-4.4.6/base/utils.c:3673:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(S_IWGRP | S_IWOTH); data/nagios4-4.4.6/cgi/archiveutils.c:577:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : data/nagios4-4.4.6/cgi/archiveutils.c:603:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_svc_description, (temp_buffer == NULL) ? "" : data/nagios4-4.4.6/cgi/archiveutils.c:776:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : data/nagios4-4.4.6/cgi/archiveutils.c:802:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_svc_description, (temp_buffer == NULL) ? "" : data/nagios4-4.4.6/cgi/archiveutils.c:925:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_contact_name, (temp_buffer == NULL) ? "" : data/nagios4-4.4.6/cgi/archiveutils.c:967:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_svc_description, (temp_buffer == NULL) ? "" : data/nagios4-4.4.6/cgi/avail.c:1110:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/avail.c:2666:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_subject->host_name = (char *)malloc(strlen(hn) + 1); data/nagios4-4.4.6/cgi/avail.c:2677:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_subject->service_description = (char *)malloc(strlen(sd) + 1); data/nagios4-4.4.6/cgi/avail.c:2799:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_as->state_info = (char *)malloc(strlen(state_info) + 1); data/nagios4-4.4.6/cgi/avail.c:3027:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/avail.c:3066:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/avail.c:3093:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/avail.c:3098:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_svc_description, (temp_buffer == NULL) ? "" : temp_buffer, sizeof(entry_svc_description)); data/nagios4-4.4.6/cgi/avail.c:3140:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/avail.c:3145:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_svc_description, (temp_buffer == NULL) ? "" : temp_buffer, sizeof(entry_svc_description)); data/nagios4-4.4.6/cgi/avail.c:3168:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/avail.c:4036:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last_host, temp_subject->host_name, sizeof(last_host) - 1); data/nagios4-4.4.6/cgi/avail.c:5195:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last_host, temp_subject->host_name, sizeof(last_host) - 1); data/nagios4-4.4.6/cgi/cgiauth.c:71:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). authinfo->username = (char *)malloc(strlen(temp_ptr) + 1); data/nagios4-4.4.6/cgi/cgiauth.c:100:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). authinfo->username = (char *)malloc(strlen(temp_ptr) + 1); data/nagios4-4.4.6/cgi/cgiutils.c:161:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(main_config_file, ""); data/nagios4-4.4.6/cgi/cgiutils.c:163:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(physical_html_path, ""); data/nagios4-4.4.6/cgi/cgiutils.c:164:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(physical_images_path, ""); data/nagios4-4.4.6/cgi/cgiutils.c:165:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(physical_ssi_path, ""); data/nagios4-4.4.6/cgi/cgiutils.c:167:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(url_html_path, ""); data/nagios4-4.4.6/cgi/cgiutils.c:168:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(url_docs_path, ""); data/nagios4-4.4.6/cgi/cgiutils.c:169:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(url_context_help_path, ""); data/nagios4-4.4.6/cgi/cgiutils.c:170:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(url_stylesheets_path, ""); data/nagios4-4.4.6/cgi/cgiutils.c:171:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(url_media_path, ""); data/nagios4-4.4.6/cgi/cgiutils.c:172:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(url_images_path, ""); data/nagios4-4.4.6/cgi/cgiutils.c:174:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(log_file, ""); data/nagios4-4.4.6/cgi/cgiutils.c:176:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(log_archive_path[strlen(log_archive_path) - 1] != '/' && strlen(log_archive_path) < sizeof(log_archive_path) - 2) data/nagios4-4.4.6/cgi/cgiutils.c:176:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(log_archive_path[strlen(log_archive_path) - 1] != '/' && strlen(log_archive_path) < sizeof(log_archive_path) - 2) data/nagios4-4.4.6/cgi/cgiutils.c:177:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(log_archive_path, "/"); data/nagios4-4.4.6/cgi/cgiutils.c:180:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(nagios_process_info, ""); data/nagios4-4.4.6/cgi/cgiutils.c:303:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(main_config_file, val, sizeof(main_config_file)); data/nagios4-4.4.6/cgi/cgiutils.c:328:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(physical_html_path, val, sizeof(physical_html_path)); data/nagios4-4.4.6/cgi/cgiutils.c:331:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(physical_html_path[strlen(physical_html_path) - 1] != '/' && (strlen(physical_html_path) < sizeof(physical_html_path) - 1)) data/nagios4-4.4.6/cgi/cgiutils.c:331:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(physical_html_path[strlen(physical_html_path) - 1] != '/' && (strlen(physical_html_path) < sizeof(physical_html_path) - 1)) data/nagios4-4.4.6/cgi/cgiutils.c:332:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(physical_html_path, "/"); data/nagios4-4.4.6/cgi/cgiutils.c:343:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(url_html_path, val, sizeof(url_html_path)); data/nagios4-4.4.6/cgi/cgiutils.c:347:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(url_html_path[strlen(url_html_path) - 1] != '/' && (strlen(url_html_path) < sizeof(url_html_path) - 1)) data/nagios4-4.4.6/cgi/cgiutils.c:347:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(url_html_path[strlen(url_html_path) - 1] != '/' && (strlen(url_html_path) < sizeof(url_html_path) - 1)) data/nagios4-4.4.6/cgi/cgiutils.c:348:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(url_html_path, "/"); data/nagios4-4.4.6/cgi/cgiutils.c:501:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(log_file, (temp_buffer == NULL) ? "" : nspath_absolute(temp_buffer, config_file_dir),sizeof(log_file) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:520:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(log_archive_path, (temp_buffer == NULL) ? "" : temp_buffer, sizeof(log_archive_path)); data/nagios4-4.4.6/cgi/cgiutils.c:523:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(log_archive_path[strlen(log_archive_path) - 1] != '/' && (strlen(log_archive_path) < sizeof(log_archive_path) - 1)) data/nagios4-4.4.6/cgi/cgiutils.c:523:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(log_archive_path[strlen(log_archive_path) - 1] != '/' && (strlen(log_archive_path) < sizeof(log_archive_path) - 1)) data/nagios4-4.4.6/cgi/cgiutils.c:524:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(log_archive_path, "/"); data/nagios4-4.4.6/cgi/cgiutils.c:545:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(command_file, (temp_buffer == NULL) ? "" : temp_buffer, sizeof(command_file)); data/nagios4-4.4.6/cgi/cgiutils.c:1052:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(str, ""); data/nagios4-4.4.6/cgi/cgiutils.c:1057:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(input); data/nagios4-4.4.6/cgi/cgiutils.c:1085:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)strlen(str) < (output_len - 3)) { data/nagios4-4.4.6/cgi/cgiutils.c:1113:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep_lth = strlen(entity); data/nagios4-4.4.6/cgi/cgiutils.c:1125:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outcp += strlen(outcp); data/nagios4-4.4.6/cgi/cgiutils.c:1155:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(input); data/nagios4-4.4.6/cgi/cgiutils.c:1160:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(encoded_html_string, ""); data/nagios4-4.4.6/cgi/cgiutils.c:1257:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( outcp, "<BR>", 4); data/nagios4-4.4.6/cgi/cgiutils.c:1262:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( outcp, "<BR>", 4); data/nagios4-4.4.6/cgi/cgiutils.c:1362:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). z = (int)strlen(buffer); data/nagios4-4.4.6/cgi/cgiutils.c:1391:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(input); data/nagios4-4.4.6/cgi/cgiutils.c:1396:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(encoded_html_string, ""); data/nagios4-4.4.6/cgi/cgiutils.c:1425:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( stp, mbtemp, wctomb_result); data/nagios4-4.4.6/cgi/cgiutils.c:1434:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((( stp - encoded_html_string) + strlen( temp_expansion)) < data/nagios4-4.4.6/cgi/cgiutils.c:1436:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( stp, temp_expansion, strlen( temp_expansion)); data/nagios4-4.4.6/cgi/cgiutils.c:1436:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy( stp, temp_expansion, strlen( temp_expansion)); data/nagios4-4.4.6/cgi/cgiutils.c:1437:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stp += strlen( temp_expansion); data/nagios4-4.4.6/cgi/cgiutils.c:1463:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer, log_file, buffer_length); data/nagios4-4.4.6/cgi/cgiutils.c:1750:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(input_buffer, url, sizeof(input_buffer) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:1756:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(output_buffer) + strlen(temp_buffer) < sizeof(output_buffer) - 1) { data/nagios4-4.4.6/cgi/cgiutils.c:1756:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(output_buffer) + strlen(temp_buffer) < sizeof(output_buffer) - 1) { data/nagios4-4.4.6/cgi/cgiutils.c:1757:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(output_buffer, temp_buffer, sizeof(output_buffer) - strlen(output_buffer) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:1757:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(output_buffer, temp_buffer, sizeof(output_buffer) - strlen(output_buffer) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:1764:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(output_buffer) + strlen(temp_buffer) < sizeof(output_buffer) - 1) { data/nagios4-4.4.6/cgi/cgiutils.c:1764:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(output_buffer) + strlen(temp_buffer) < sizeof(output_buffer) - 1) { data/nagios4-4.4.6/cgi/cgiutils.c:1767:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(output_buffer, url_encode(temp_hostgroup->group_name), sizeof(output_buffer) - strlen(output_buffer) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:1767:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(output_buffer, url_encode(temp_hostgroup->group_name), sizeof(output_buffer) - strlen(output_buffer) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:1798:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(input_buffer, url, sizeof(input_buffer) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:1804:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(output_buffer) + strlen(temp_buffer) < sizeof(output_buffer) - 1) { data/nagios4-4.4.6/cgi/cgiutils.c:1804:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(output_buffer) + strlen(temp_buffer) < sizeof(output_buffer) - 1) { data/nagios4-4.4.6/cgi/cgiutils.c:1805:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(output_buffer, temp_buffer, sizeof(output_buffer) - strlen(output_buffer) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:1805:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(output_buffer, temp_buffer, sizeof(output_buffer) - strlen(output_buffer) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:1812:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(output_buffer) + strlen(temp_buffer) < sizeof(output_buffer) - 1) { data/nagios4-4.4.6/cgi/cgiutils.c:1812:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(output_buffer) + strlen(temp_buffer) < sizeof(output_buffer) - 1) { data/nagios4-4.4.6/cgi/cgiutils.c:1815:6: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(output_buffer, url_encode(temp_servicegroup->group_name), sizeof(output_buffer) - strlen(output_buffer) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:1815:96: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(output_buffer, url_encode(temp_servicegroup->group_name), sizeof(output_buffer) - strlen(output_buffer) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:1841:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(raw_cgi_name, cgi_name, sizeof(raw_cgi_name) - 1); data/nagios4-4.4.6/cgi/cgiutils.c:2125:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). z = (int)strlen(buffer); data/nagios4-4.4.6/cgi/cmd.c:356:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/cmd.c:570:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/cmd.c:587:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/cmd.c:644:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start_time_string = (char *)malloc(strlen(variables[x]) + 1); data/nagios4-4.4.6/cgi/cmd.c:659:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_time_string = (char *)malloc(strlen(variables[x]) + 1); data/nagios4-4.4.6/cgi/cmd.c:1937:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!command_name || (strlen(command_name) > 6 && !memcmp("CHANGE", command_name, 6))) data/nagios4-4.4.6/cgi/cmd.c:2325:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). y = (int)strlen(buffer); data/nagios4-4.4.6/cgi/config.c:346:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/config.c:398:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(to_expand, variables[x], MAX_COMMAND_BUFFER); data/nagios4-4.4.6/cgi/config.c:1252:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(command_line, temp_service->check_command, sizeof(command_line)); data/nagios4-4.4.6/cgi/config.c:2282:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(commandline, temp_command->command_line, MAX_COMMAND_BUFFER); data/nagios4-4.4.6/cgi/config.c:2359:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(; c && ((*c) != '\0') && (j < (int)strlen(command_args[i]) - trail_space[i]); c++, j++) putchar(*c); data/nagios4-4.4.6/cgi/extinfo.c:618:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/getcgi.c:89:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(input); data/nagios4-4.4.6/cgi/getcgi.c:161:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(content_type) && strncasecmp(content_type, "application/x-www-form-urlencoded", 33)) { data/nagios4-4.4.6/cgi/getcgi.c:256:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(formid) > 10 && strlen(formid) < 21) { data/nagios4-4.4.6/cgi/getcgi.c:256:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(formid) > 10 && strlen(formid) < 21) { data/nagios4-4.4.6/cgi/getcgi.c:257:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(formid) - 1; i > 9; --i) data/nagios4-4.4.6/cgi/getcgi.c:444:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strtod( qdelim + strlen( ACCEPT_LANGUAGE_Q_DELIMITER), NULL); data/nagios4-4.4.6/cgi/getcgi.c:466:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x < (int)strlen( langs->languages[ langs->count - 1]->locality); data/nagios4-4.4.6/cgi/histogram.c:1098:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/histogram.c:1676:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:1697:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:1705:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:1718:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:1724:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start_time[strlen(start_time) - 1] = '\x0'; data/nagios4-4.4.6/cgi/histogram.c:1727:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_time[strlen(end_time) - 1] = '\x0'; data/nagios4-4.4.6/cgi/histogram.c:1734:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:1739:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:1992:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:1997:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:2004:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:2010:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:2015:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:2021:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:2026:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:2032:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:2039:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:2045:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/histogram.c:2279:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/histogram.c:2307:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/histogram.c:2315:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_svc_description, (temp_buffer == NULL) ? "" : temp_buffer, sizeof(entry_svc_description)); data/nagios4-4.4.6/cgi/history.c:164:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_buffer, temp_buffer2, sizeof(temp_buffer) - strlen(temp_buffer) - 1); data/nagios4-4.4.6/cgi/history.c:164:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_buffer, temp_buffer2, sizeof(temp_buffer) - strlen(temp_buffer) - 1); data/nagios4-4.4.6/cgi/history.c:340:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) data/nagios4-4.4.6/cgi/history.c:524:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(image, ""); data/nagios4-4.4.6/cgi/history.c:525:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(image_alt, ""); data/nagios4-4.4.6/cgi/history.c:551:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, CRITICAL_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:552:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, CRITICAL_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:556:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, WARNING_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:557:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, WARNING_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:561:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, UNKNOWN_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:562:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, UNKNOWN_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:566:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, OK_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:567:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, OK_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:594:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, FLAPPING_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:597:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Service started flapping", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:599:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Service stopped flapping", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:601:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Service flap detection disabled", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:626:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, SCHEDULED_DOWNTIME_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:629:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Service entered a period of scheduled downtime", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:631:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Service exited from a period of scheduled downtime", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:633:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Service scheduled downtime has been cancelled", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:651:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, HOST_DOWN_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:652:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, HOST_DOWN_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:656:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, HOST_UNREACHABLE_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:657:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, HOST_UNREACHABLE_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:661:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, HOST_UP_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:662:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, HOST_UP_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:684:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, FLAPPING_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:687:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Host started flapping", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:689:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Host stopped flapping", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:691:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Host flap detection disabled", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:711:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, SCHEDULED_DOWNTIME_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:714:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Host entered a period of scheduled downtime", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:716:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Host exited from a period of scheduled downtime", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:718:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(image_alt, "Host scheduled downtime has been cancelled", sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:726:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, START_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:727:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, START_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:733:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, STOP_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:734:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, STOP_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:740:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, STOP_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:741:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, STOP_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:747:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image, RESTART_ICON, sizeof(image)); data/nagios4-4.4.6/cgi/history.c:748:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image_alt, RESTART_ICON_ALT, sizeof(image_alt)); data/nagios4-4.4.6/cgi/history.c:894:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last_message_date, current_message_date, sizeof(last_message_date)); data/nagios4-4.4.6/cgi/jsonutils.c:623:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(node, path, (dot - path)); data/nagios4-4.4.6/cgi/jsonutils.c:667:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(node, path, (dot - path)); data/nagios4-4.4.6/cgi/jsonutils.c:1078:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, "\""); data/nagios4-4.4.6/cgi/jsonutils.c:1441:14: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). from_len = wcslen(escp->from); data/nagios4-4.4.6/cgi/jsonutils.c:1442:12: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). to_len = wcslen(escp->to); data/nagios4-4.4.6/cgi/jsonutils.c:1456:5: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(fromp, escp->to, to_len); data/nagios4-4.4.6/cgi/jsonutils.c:1464:5: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(fromp, escp->to, to_len); data/nagios4-4.4.6/cgi/notifications.c:168:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_buffer, temp_buffer2, sizeof(temp_buffer) - strlen(temp_buffer) - 1); data/nagios4-4.4.6/cgi/notifications.c:168:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_buffer, temp_buffer2, sizeof(temp_buffer) - strlen(temp_buffer) - 1); data/nagios4-4.4.6/cgi/notifications.c:331:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/notifications.c:431:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(query_type == FIND_HOST && strlen(query_host_name) == 0) { data/nagios4-4.4.6/cgi/notifications.c:435:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(query_type == FIND_CONTACT && strlen(query_contact_name) == 0) { data/nagios4-4.4.6/cgi/notifications.c:606:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(alert_level, "HOST DOWN", sizeof(alert_level)); data/nagios4-4.4.6/cgi/notifications.c:611:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(alert_level, "HOST UNREACHABLE", sizeof(alert_level)); data/nagios4-4.4.6/cgi/notifications.c:616:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(alert_level, "HOST UP", sizeof(alert_level)); data/nagios4-4.4.6/cgi/outages.c:227:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/showlog.c:212:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/showlog.c:486:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last_message_date, current_message_date, sizeof(last_message_date)); data/nagios4-4.4.6/cgi/status.c:227:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(host_name); data/nagios4-4.4.6/cgi/status.c:245:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). host_filter = malloc(sizeof(char) * (strlen(host_name) * 2 + 3)); data/nagios4-4.4.6/cgi/status.c:246:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(host_name); data/nagios4-4.4.6/cgi/status.c:266:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). host_filter = malloc(sizeof(char) * (strlen(host_address) * 2 + 3)); data/nagios4-4.4.6/cgi/status.c:267:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(host_address); data/nagios4-4.4.6/cgi/status.c:281:110: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((strstr(temp_host->name, host_name) == temp_host->name) || !strncasecmp(temp_host->name, host_name, strlen(host_name))) { data/nagios4-4.4.6/cgi/status.c:625:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/status.c:1515:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1515:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1520:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1520:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1526:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1526:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1532:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1532:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1538:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1538:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1544:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1544:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1551:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1551:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1556:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1556:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:1733:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "PENDING", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:1738:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "OK", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:1743:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "WARNING", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:1753:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "UNKNOWN", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:1763:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "CRITICAL", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:2156:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:2156:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:2161:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:2161:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:2167:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:2167:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:2173:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:2173:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:2179:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:2179:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(temp_url, temp_buffer, sizeof(temp_url) - strlen(temp_url) - 1); data/nagios4-4.4.6/cgi/status.c:2317:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "PENDING", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:2322:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "UP", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:2327:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "DOWN", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:2337:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "UNREACHABLE", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:3795:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "PENDING", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:3800:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "UP", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:3805:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "DOWN", sizeof(status)); data/nagios4-4.4.6/cgi/status.c:3810:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(status, "UNREACHABLE", sizeof(status)); data/nagios4-4.4.6/cgi/statusmap.c:414:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/statusmap.c:1869:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(buffer); data/nagios4-4.4.6/cgi/statusmap.c:1887:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp_buffer, name, sizeof(temp_buffer) - 1); data/nagios4-4.4.6/cgi/statusmap.c:1901:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(temp_buffer, "Down", sizeof(temp_buffer)); data/nagios4-4.4.6/cgi/statusmap.c:1905:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(temp_buffer, "Unreachable", sizeof(temp_buffer)); data/nagios4-4.4.6/cgi/statusmap.c:1909:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(temp_buffer, "Up", sizeof(temp_buffer)); data/nagios4-4.4.6/cgi/statusmap.c:1913:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(temp_buffer, "Pending", sizeof(temp_buffer)); data/nagios4-4.4.6/cgi/statusmap.c:1917:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(temp_buffer, "Unknown", sizeof(temp_buffer)); data/nagios4-4.4.6/cgi/statusmap.c:2368:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_layer->layer_name = (char *)malloc(strlen(group_name) + 1); data/nagios4-4.4.6/cgi/statuswml.c:234:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/statuswml.c:361:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strcmp(hostip, "") && strlen(hostip) == strspn(hostip, valid_domain_chars) && hostip[0] != '-' && hostip[strlen(hostip) - 1] != '-') data/nagios4-4.4.6/cgi/statuswml.c:361:110: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strcmp(hostip, "") && strlen(hostip) == strspn(hostip, valid_domain_chars) && hostip[0] != '-' && hostip[strlen(hostip) - 1] != '-') data/nagios4-4.4.6/cgi/statuswml.c:1266:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buffer, ""); data/nagios4-4.4.6/cgi/statuswml.c:1267:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(input_buffer, ping_syntax, sizeof(input_buffer) - 1); data/nagios4-4.4.6/cgi/statuswml.c:1268:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). input_buffer[strlen(ping_syntax) - 1] = '\x0'; data/nagios4-4.4.6/cgi/statuswml.c:1272:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buffer) + strlen(temp_ptr) < sizeof(buffer) - 1) { data/nagios4-4.4.6/cgi/statuswml.c:1272:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buffer) + strlen(temp_ptr) < sizeof(buffer) - 1) { data/nagios4-4.4.6/cgi/statuswml.c:1273:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buffer, temp_ptr, sizeof(buffer) - strlen(buffer) - 1); data/nagios4-4.4.6/cgi/statuswml.c:1273:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buffer, temp_ptr, sizeof(buffer) - strlen(buffer) - 1); data/nagios4-4.4.6/cgi/statuswml.c:1280:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buffer) + strlen(temp_ptr) < sizeof(buffer) - 1) { data/nagios4-4.4.6/cgi/statuswml.c:1280:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buffer) + strlen(temp_ptr) < sizeof(buffer) - 1) { data/nagios4-4.4.6/cgi/statuswml.c:1283:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buffer, ping_address, sizeof(buffer) - strlen(buffer) - 1); data/nagios4-4.4.6/cgi/statuswml.c:1283:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buffer, ping_address, sizeof(buffer) - strlen(buffer) - 1); data/nagios4-4.4.6/cgi/statuswrl.c:221:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/summary.c:727:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/summary.c:1236:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/summary.c:1270:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/summary.c:1275:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_svc_description, (temp_buffer == NULL) ? "" : temp_buffer, sizeof(entry_svc_description)); data/nagios4-4.4.6/cgi/summary.c:1542:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_event->host_name = (char *)malloc(strlen(host_name) + 1); data/nagios4-4.4.6/cgi/summary.c:1551:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_event->service_description = (char *)malloc(strlen(svc_description) + 1); data/nagios4-4.4.6/cgi/summary.c:1560:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_event->event_info = (char *)malloc(strlen(event_info) + 1); data/nagios4-4.4.6/cgi/summary.c:2600:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_producer->host_name = (char *)malloc(strlen(host_name) + 1); data/nagios4-4.4.6/cgi/summary.c:2609:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_producer->service_description = (char *)malloc(strlen(service_description) + 1); data/nagios4-4.4.6/cgi/tac.c:360:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/tac.c:1023:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(host_health_image, THERM_CRITICAL_IMAGE, sizeof(host_health_image)); data/nagios4-4.4.6/cgi/tac.c:1025:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(host_health_image, THERM_WARNING_IMAGE, sizeof(host_health_image)); data/nagios4-4.4.6/cgi/tac.c:1027:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(host_health_image, THERM_OK_IMAGE, sizeof(host_health_image)); data/nagios4-4.4.6/cgi/tac.c:1031:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(service_health_image, THERM_CRITICAL_IMAGE, sizeof(service_health_image)); data/nagios4-4.4.6/cgi/tac.c:1033:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(service_health_image, THERM_WARNING_IMAGE, sizeof(service_health_image)); data/nagios4-4.4.6/cgi/tac.c:1035:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(service_health_image, THERM_OK_IMAGE, sizeof(service_health_image)); data/nagios4-4.4.6/cgi/trends.c:770:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start_time[strlen(start_time) - 1] = '\x0'; data/nagios4-4.4.6/cgi/trends.c:773:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_time[strlen(end_time) - 1] = '\x0'; data/nagios4-4.4.6/cgi/trends.c:782:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/trends.c:787:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/trends.c:794:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/cgi/trends.c:1305:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/cgi/trends.c:2251:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(state_string, "?"); data/nagios4-4.4.6/cgi/trends.c:2297:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start_timestring[strlen(start_timestring) - 1] = '\x0'; data/nagios4-4.4.6/cgi/trends.c:2301:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_timestring[strlen(end_timestring) - 1] = '\x0'; data/nagios4-4.4.6/cgi/trends.c:2401:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_as->state_info = (char *)malloc(strlen(state_info) + 1); data/nagios4-4.4.6/cgi/trends.c:2576:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/trends.c:2618:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_host_name, (temp_buffer == NULL) ? "" : temp_buffer + 1, sizeof(entry_host_name)); data/nagios4-4.4.6/cgi/trends.c:2626:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry_svc_description, (temp_buffer == NULL) ? "" : temp_buffer, sizeof(entry_svc_description)); data/nagios4-4.4.6/cgi/trends.c:2800:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_buffer[strlen(temp_buffer) - 1] = '\x0'; data/nagios4-4.4.6/cgi/trends.c:2803:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_width = gdFontSmall->w * strlen(temp_buffer); data/nagios4-4.4.6/common/macros.c:160:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *output_buffer = (char *)realloc(*output_buffer, strlen(*output_buffer) + strlen(temp_buffer) + 1); data/nagios4-4.4.6/common/macros.c:160:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *output_buffer = (char *)realloc(*output_buffer, strlen(*output_buffer) + strlen(temp_buffer) + 1); data/nagios4-4.4.6/common/macros.c:163:111: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_debug_info(DEBUGL_MACROS, 2, " Not currently in macro. Running output (%lu): '%s'\n", (unsigned long)strlen(*output_buffer), *output_buffer); data/nagios4-4.4.6/common/macros.c:187:100: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_debug_info(DEBUGL_MACROS, 2, " Escaped $. Running output (%lu): '%s'\n", (unsigned long)strlen(*output_buffer), *output_buffer); data/nagios4-4.4.6/common/macros.c:188:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *output_buffer = (char *)realloc(*output_buffer, strlen(*output_buffer) + 2); data/nagios4-4.4.6/common/macros.c:189:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*output_buffer, "$"); data/nagios4-4.4.6/common/macros.c:194:100: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_debug_info(DEBUGL_MACROS, 2, " Non-macro. Running output (%lu): '%s'\n", (unsigned long)strlen(*output_buffer), *output_buffer); data/nagios4-4.4.6/common/macros.c:197:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *output_buffer = (char *)realloc(*output_buffer, strlen(*output_buffer) + strlen(temp_buffer) + 3); data/nagios4-4.4.6/common/macros.c:197:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *output_buffer = (char *)realloc(*output_buffer, strlen(*output_buffer) + strlen(temp_buffer) + 3); data/nagios4-4.4.6/common/macros.c:198:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*output_buffer, "$"); data/nagios4-4.4.6/common/macros.c:203:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*output_buffer, "$"); data/nagios4-4.4.6/common/macros.c:230:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *output_buffer = (char *)realloc(*output_buffer, strlen(*output_buffer) + strlen(cleaned_macro) + 1); data/nagios4-4.4.6/common/macros.c:230:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *output_buffer = (char *)realloc(*output_buffer, strlen(*output_buffer) + strlen(cleaned_macro) + 1); data/nagios4-4.4.6/common/macros.c:236:105: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_debug_info(DEBUGL_MACROS, 2, " Cleaned macro. Running output (%lu): '%s'\n", (unsigned long)strlen(*output_buffer), *output_buffer); data/nagios4-4.4.6/common/macros.c:244:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *output_buffer = (char *)realloc(*output_buffer, strlen(*output_buffer) + strlen(selected_macro) + 1); data/nagios4-4.4.6/common/macros.c:244:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *output_buffer = (char *)realloc(*output_buffer, strlen(*output_buffer) + strlen(selected_macro) + 1); data/nagios4-4.4.6/common/macros.c:247:107: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_debug_info(DEBUGL_MACROS, 2, " Uncleaned macro. Running output (%lu): '%s'\n", (unsigned long)strlen(*output_buffer), *output_buffer); data/nagios4-4.4.6/common/macros.c:256:109: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_debug_info(DEBUGL_MACROS, 2, " Just finished macro. Running output (%lu): '%s'\n", (unsigned long)strlen(*output_buffer), *output_buffer); data/nagios4-4.4.6/common/macros.c:592:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). delimiter_len = strlen(arg[1]); data/nagios4-4.4.6/common/macros.c:610:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:610:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:787:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). delimiter_len = strlen(arg2); data/nagios4-4.4.6/common/macros.c:805:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:805:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:938:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). delimiter_len = strlen(arg2); data/nagios4-4.4.6/common/macros.c:957:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:957:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:1030:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). delimiter_len = strlen(arg2); data/nagios4-4.4.6/common/macros.c:1049:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:1049:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:1350:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). delimiter_len = strlen(arg2); data/nagios4-4.4.6/common/macros.c:1368:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:1368:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:1409:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). delimiter_len = strlen(arg2); data/nagios4-4.4.6/common/macros.c:1427:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:1427:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:1464:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). delimiter_len = strlen(arg2); data/nagios4-4.4.6/common/macros.c:1482:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:1482:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_buffer) + delimiter_len + 1)) == NULL) data/nagios4-4.4.6/common/macros.c:1923:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_len += strlen(temp_hostsmember->host_name) + 2; data/nagios4-4.4.6/common/macros.c:1927:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_len += strlen(temp_hostsmember->host_ptr->address) + 2; data/nagios4-4.4.6/common/macros.c:1942:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_len += strlen(*output); data/nagios4-4.4.6/common/macros.c:1956:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*output, ","); data/nagios4-4.4.6/common/macros.c:2276:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_len += strlen(temp_servicesmember->host_name) + strlen(temp_servicesmember->service_description) + 2; data/nagios4-4.4.6/common/macros.c:2276:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_len += strlen(temp_servicesmember->host_name) + strlen(temp_servicesmember->service_description) + 2; data/nagios4-4.4.6/common/macros.c:2279:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_len += strlen(temp_servicesmember->host_name) + strlen(temp_servicesmember->service_description) + 3; data/nagios4-4.4.6/common/macros.c:2279:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_len += strlen(temp_servicesmember->host_name) + strlen(temp_servicesmember->service_description) + 3; data/nagios4-4.4.6/common/macros.c:2292:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). init_len = strlen(*output); data/nagios4-4.4.6/common/macros.c:2450:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_contactsmember->contact_name) + 2))) { data/nagios4-4.4.6/common/macros.c:2450:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if((*output = (char *)realloc(*output, strlen(*output) + strlen(temp_contactsmember->contact_name) + 2))) { data/nagios4-4.4.6/common/macros.c:2451:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*output, ","); data/nagios4-4.4.6/common/macros.c:2510:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(macro); data/nagios4-4.4.6/common/macros.c:2569:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((encoded_url_string = (char *)malloc((strlen(input) * 3) + 1)) == NULL) data/nagios4-4.4.6/common/shared.c:359:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tempbuf); data/nagios4-4.4.6/common/shared.c:370:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(stripped); data/nagios4-4.4.6/common/shared.c:371:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(buf); data/nagios4-4.4.6/common/shared.c:422:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(buffer); data/nagios4-4.4.6/common/shared.c:476:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i < strlen(name1); i++) data/nagios4-4.4.6/common/shared.c:480:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i < strlen(name2); i++) data/nagios4-4.4.6/contrib/daemonchk.c:176:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(variables[x]) >= MAX_INPUT_BUFFER - 1) { data/nagios4-4.4.6/contrib/daemonchk.c:218:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(src) + 1; data/nagios4-4.4.6/contrib/daemonchk.c:222:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(dest == NULL || strlen(dest) < len) data/nagios4-4.4.6/contrib/daemonchk.c:227:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest, src, len); data/nagios4-4.4.6/contrib/daemonchk.c:242:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = max(strlen(str), CHARLEN); data/nagios4-4.4.6/contrib/nagios-worker.c:77:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(sd, response, 3); data/nagios4-4.4.6/contrib/nagios-worker.c:85:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(sd, response + 3, sizeof(response) - 3); data/nagios4-4.4.6/lib/iocache.c:214:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read(fd, ioc->ioc_buf + ioc->ioc_buflen, to_read); data/nagios4-4.4.6/lib/kvvec.c:89:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). kv->key_len = strlen(key); data/nagios4-4.4.6/lib/kvvec.c:97:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). kv->value_len = strlen(value); data/nagios4-4.4.6/lib/nsock.c:57:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(path); data/nagios4-4.4.6/lib/nspath.c:92:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcomp[i].len = strlen(p); data/nagios4-4.4.6/lib/runcmd.c:139:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/nagios4-4.4.6/lib/runcmd.c:354:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmdlen = strlen(cmd); data/nagios4-4.4.6/lib/snprintf.c:721:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max = strlen(cnk->strvalue); data/nagios4-4.4.6/lib/test-iobroker.c:31:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, buf, sizeof(buf)); data/nagios4-4.4.6/lib/test-iobroker.c:59:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int len = read(fd, buf, sizeof(buf)); data/nagios4-4.4.6/lib/test-iobroker.c:63:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). test(len == (int)strlen(msg[i]), "len match for message %d", i); data/nagios4-4.4.6/lib/test-iobroker.c:79:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(fd, msg[i], strlen(msg[i])); data/nagios4-4.4.6/lib/test-iobroker.c:103:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(sock, msg[0], strlen(msg[0])); data/nagios4-4.4.6/lib/test-iocache.c:53:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("strlen(sc[i].str): %lu\n", (unsigned long)strlen(sc[i].str)); data/nagios4-4.4.6/lib/test-iocache.c:54:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("strlen(ptr) : %lu\n", (unsigned long)strlen(ptr)); data/nagios4-4.4.6/lib/test-kvvec.c:141:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf2kvvec_prealloc(&k, strdup(pair_term_missing[j]), strlen(pair_term_missing[j]), '=', ';', KVVEC_COPY); data/nagios4-4.4.6/lib/test-kvvec.c:146:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). test(kv->value_len == (int)strlen(kv->value), data/nagios4-4.4.6/lib/test-kvvec.c:148:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j, i, kv->value_len, kv->value, (int)strlen(kv->value)); data/nagios4-4.4.6/lib/test-runcmd.c:133:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(pfd[0], out, BUF_SIZE); data/nagios4-4.4.6/lib/worker.c:208:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). kvvec_addkv_wlen(kvv, key, sizeof(key) - 1, buf, strlen(buf)); \ data/nagios4-4.4.6/lib/worker.c:214:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). kvvec_addkv_wlen(kvv, key, sizeof(key) - 1, buf, strlen(buf)); \ data/nagios4-4.4.6/lib/worker.c:453:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rd = read(io->fd, buf, sizeof(buf)); data/nagios4-4.4.6/lib/worker.c:640:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp->env = buf2kvvec(value, strlen(value), '=', '\n', KVVEC_COPY); data/nagios4-4.4.6/lib/wproc.c:174:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(sd, buf, sizeof(buf)); data/nagios4-4.4.6/worker/ping/worker-ping.c:232:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read( sd, response, 3); data/nagios4-4.4.6/worker/ping/worker-ping.c:238:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read( sd, response + 3, sizeof(response) - 4); data/nagios4-4.4.6/worker/ping/worker-ping.c:265:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strspn( group, "0123456789") < strlen( group)) { data/nagios4-4.4.6/worker/ping/worker-ping.c:295:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strspn( user, "0123456789") < strlen( user)) { data/nagios4-4.4.6/worker/ping/worker-ping.c:366:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask( S_IWGRP | S_IWOTH); data/nagios4-4.4.6/worker/ping/worker-ping.c:391:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(( val = read( lockfile, buf, ( size_t)10)) < 0) { data/nagios4-4.4.6/worker/ping/worker-ping.c:457:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write( lockfile, buf, strlen( buf)); data/nagios4-4.4.6/xdata/xodtemplate.c:328:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(cfgfile != NULL && cfgfile[strlen(cfgfile) - 1] == '/') data/nagios4-4.4.6/xdata/xodtemplate.c:329:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cfgfile[strlen(cfgfile) - 1] = '\x0'; data/nagios4-4.4.6/xdata/xodtemplate.c:605:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x = strlen(dirfile->d_name); data/nagios4-4.4.6/xdata/xodtemplate.c:1234:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lth = strlen(variable); data/nagios4-4.4.6/xdata/xodtemplate.c:1449:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_contactgroup->members = (char *)realloc(temp_contactgroup->members, strlen(temp_contactgroup->members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1449:117: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_contactgroup->members = (char *)realloc(temp_contactgroup->members, strlen(temp_contactgroup->members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1451:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(temp_contactgroup->members, ","); data/nagios4-4.4.6/xdata/xodtemplate.c:1465:106: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_contactgroup->contactgroup_members = (char *)realloc(temp_contactgroup->contactgroup_members, strlen(temp_contactgroup->contactgroup_members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1465:156: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_contactgroup->contactgroup_members = (char *)realloc(temp_contactgroup->contactgroup_members, strlen(temp_contactgroup->contactgroup_members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1467:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(temp_contactgroup->contactgroup_members, ","); data/nagios4-4.4.6/xdata/xodtemplate.c:1545:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_hostgroup->members = (char *)realloc(temp_hostgroup->members, strlen(temp_hostgroup->members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1545:108: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_hostgroup->members = (char *)realloc(temp_hostgroup->members, strlen(temp_hostgroup->members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1547:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(temp_hostgroup->members, ","); data/nagios4-4.4.6/xdata/xodtemplate.c:1561:94: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_hostgroup->hostgroup_members = (char *)realloc(temp_hostgroup->hostgroup_members, strlen(temp_hostgroup->hostgroup_members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1561:138: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_hostgroup->hostgroup_members = (char *)realloc(temp_hostgroup->hostgroup_members, strlen(temp_hostgroup->hostgroup_members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1563:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(temp_hostgroup->hostgroup_members, ","); data/nagios4-4.4.6/xdata/xodtemplate.c:1663:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_servicegroup->members = (char *)realloc(temp_servicegroup->members, strlen(temp_servicegroup->members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1663:117: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_servicegroup->members = (char *)realloc(temp_servicegroup->members, strlen(temp_servicegroup->members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1665:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(temp_servicegroup->members, ","); data/nagios4-4.4.6/xdata/xodtemplate.c:1679:106: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_servicegroup->servicegroup_members = (char *)realloc(temp_servicegroup->servicegroup_members, strlen(temp_servicegroup->servicegroup_members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1679:156: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_servicegroup->servicegroup_members = (char *)realloc(temp_servicegroup->servicegroup_members, strlen(temp_servicegroup->servicegroup_members) + strlen(value) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:1681:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(temp_servicegroup->servicegroup_members, ","); data/nagios4-4.4.6/xdata/xodtemplate.c:3735:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((input = (char *)malloc(strlen(var) + strlen(val) + 2)) == NULL) data/nagios4-4.4.6/xdata/xodtemplate.c:3735:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((input = (char *)malloc(strlen(var) + strlen(val) + 2)) == NULL) data/nagios4-4.4.6/xdata/xodtemplate.c:3738:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(input, " "); data/nagios4-4.4.6/xdata/xodtemplate.c:9931:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = (char *)malloc(strlen(this_list->name1) + 1); data/nagios4-4.4.6/xdata/xodtemplate.c:9935:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = (char *)realloc(buf, strlen(buf) + strlen(this_list->name1) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:9935:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = (char *)realloc(buf, strlen(buf) + strlen(this_list->name1) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:9936:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ","); data/nagios4-4.4.6/xdata/xodtemplate.c:10107:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = (char *)malloc(strlen(this_list->name1) + 1); data/nagios4-4.4.6/xdata/xodtemplate.c:10111:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = (char *)realloc(buf, strlen(buf) + strlen(this_list->name1) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:10111:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = (char *)realloc(buf, strlen(buf) + strlen(this_list->name1) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:10112:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ","); data/nagios4-4.4.6/xdata/xodtemplate.c:10283:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = (char *)malloc(strlen(this_list->name1) + 1); data/nagios4-4.4.6/xdata/xodtemplate.c:10287:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = (char *)realloc(buf, strlen(buf) + strlen(this_list->name1) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:10287:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = (char *)realloc(buf, strlen(buf) + strlen(this_list->name1) + 2); data/nagios4-4.4.6/xdata/xodtemplate.c:10288:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ","); data/nagios4-4.4.6/xdata/xodtemplate.c:10449:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((buf = (char *)malloc(strlen(*template_value) + strlen(*this_value) + 1))) { data/nagios4-4.4.6/xdata/xodtemplate.c:10449:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((buf = (char *)malloc(strlen(*template_value) + strlen(*this_value) + 1))) { data/nagios4-4.4.6/xdata/xodtemplate.c:10451:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ","); data/nagios4-4.4.6/xdata/xpddefault.c:484:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tempbuf = (char *)malloc(strlen(template) + 1); data/nagios4-4.4.6/xdata/xpddefault.c:487:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(tempbuf, ""); data/nagios4-4.4.6/xdata/xpddefault.c:489:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(x = 0, y = 0; x < strlen(template); x++, y++) { data/nagios4-4.4.6/xdata/xrddefault.c:1227:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((x = atoi(val)) > 0 && strlen(val) > 3) { data/nagios4-4.4.6/xdata/xrddefault.c:1500:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((x = atoi(val)) > 0 && strlen(val) > 3) { data/nagios4-4.4.6/xdata/xrddefault.c:1608:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((x = atoi(val)) > 0 && strlen(val) > 3) { data/nagios4-4.4.6/xdata/xsddefault.c:552:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(input, ""); ANALYSIS SUMMARY: Hits = 1860 Lines analyzed = 137342 in approximately 4.21 seconds (32659 lines/second) Physical Source Lines of Code (SLOC) = 97631 Hits@level = [0] 9213 [1] 514 [2] 1134 [3] 37 [4] 173 [5] 2 Hits@level+ = [0+] 11073 [1+] 1860 [2+] 1346 [3+] 212 [4+] 175 [5+] 2 Hits/KSLOC@level+ = [0+] 113.417 [1+] 19.0513 [2+] 13.7866 [3+] 2.17144 [4+] 1.79246 [5+] 0.0204853 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.