Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/netatalk-3.1.12~ds/include/atalk/adouble.h
Examining data/netatalk-3.1.12~ds/include/atalk/afp.h
Examining data/netatalk-3.1.12~ds/include/atalk/vfs.h
Examining data/netatalk-3.1.12~ds/include/atalk/cnid.h
Examining data/netatalk-3.1.12~ds/include/atalk/logger.h
Examining data/netatalk-3.1.12~ds/include/atalk/netatalk_conf.h
Examining data/netatalk-3.1.12~ds/include/atalk/paths.h
Examining data/netatalk-3.1.12~ds/include/atalk/unicode.h
Examining data/netatalk-3.1.12~ds/include/atalk/acl.h
Examining data/netatalk-3.1.12~ds/include/atalk/unix.h
Examining data/netatalk-3.1.12~ds/include/atalk/volume.h
Examining data/netatalk-3.1.12~ds/include/atalk/standards.h
Examining data/netatalk-3.1.12~ds/include/atalk/bstrlib.h
Examining data/netatalk-3.1.12~ds/include/atalk/list.h
Examining data/netatalk-3.1.12~ds/include/atalk/globals.h
Examining data/netatalk-3.1.12~ds/include/atalk/compat.h
Examining data/netatalk-3.1.12~ds/include/atalk/iniparser.h
Examining data/netatalk-3.1.12~ds/include/atalk/dictionary.h
Examining data/netatalk-3.1.12~ds/include/atalk/hash.h
Examining data/netatalk-3.1.12~ds/include/atalk/directory.h
Examining data/netatalk-3.1.12~ds/include/atalk/uuid.h
Examining data/netatalk-3.1.12~ds/include/atalk/queue.h
Examining data/netatalk-3.1.12~ds/include/atalk/server_child.h
Examining data/netatalk-3.1.12~ds/include/atalk/server_ipc.h
Examining data/netatalk-3.1.12~ds/include/atalk/cnid_bdb_private.h
Examining data/netatalk-3.1.12~ds/include/atalk/cnid_mysql_private.h
Examining data/netatalk-3.1.12~ds/include/atalk/cnid_private.h
Examining data/netatalk-3.1.12~ds/include/atalk/bstradd.h
Examining data/netatalk-3.1.12~ds/include/atalk/errchk.h
Examining data/netatalk-3.1.12~ds/include/atalk/ftw.h
Examining data/netatalk-3.1.12~ds/include/atalk/dsi.h
Examining data/netatalk-3.1.12~ds/include/atalk/ldapconfig.h
Examining data/netatalk-3.1.12~ds/include/atalk/byteorder.h
Examining data/netatalk-3.1.12~ds/include/atalk/fce_api.h
Examining data/netatalk-3.1.12~ds/include/atalk/spotlight.h
Examining data/netatalk-3.1.12~ds/include/atalk/dalloc.h
Examining data/netatalk-3.1.12~ds/include/atalk/ea.h
Examining data/netatalk-3.1.12~ds/include/atalk/uam.h
Examining data/netatalk-3.1.12~ds/include/atalk/util.h
Examining data/netatalk-3.1.12~ds/libatalk/dummy.c
Examining data/netatalk-3.1.12~ds/libatalk/acl/aclldap.h
Examining data/netatalk-3.1.12~ds/libatalk/acl/cache.h
Examining data/netatalk-3.1.12~ds/libatalk/acl/cache.c
Examining data/netatalk-3.1.12~ds/libatalk/acl/uuid.c
Examining data/netatalk-3.1.12~ds/libatalk/acl/ldap.c
Examining data/netatalk-3.1.12~ds/libatalk/acl/ldap_config.c
Examining data/netatalk-3.1.12~ds/libatalk/acl/unix.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_lock.h
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_conv.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_date.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_lock.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_mmap.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_read.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_recvfile.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_sendfile.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_size.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c
Examining data/netatalk-3.1.12~ds/libatalk/adouble/ad_write.c
Examining data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c
Examining data/netatalk-3.1.12~ds/libatalk/bstring/bstradd.c
Examining data/netatalk-3.1.12~ds/libatalk/compat/misc.c
Examining data/netatalk-3.1.12~ds/libatalk/compat/mktemp.c
Examining data/netatalk-3.1.12~ds/libatalk/compat/getusershell.c
Examining data/netatalk-3.1.12~ds/libatalk/compat/rquota_xdr.c
Examining data/netatalk-3.1.12~ds/libatalk/compat/pselect.c
Examining data/netatalk-3.1.12~ds/libatalk/compat/strlcpy.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cnid.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cnid_init.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/last/cnid_last.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/last/cnid_last.h
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_meta.h
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_private.h
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_close.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_delete.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_get.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_lookup.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_resolve.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_update.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_rebuild_add.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb.h
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_meta.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_nextid.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/dbd/cnid_dbd.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/dbd/cnid_dbd.h
Examining data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_add.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_close.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_delete.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_get.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_lookup.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_open.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_resolve.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_update.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_nextid.c
Examining data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb.h
Examining data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_attn.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_close.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_cmdreply.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_getsess.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_getstat.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_init.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_opensess.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_read.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_tickle.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_write.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c
Examining data/netatalk-3.1.12~ds/libatalk/dsi/dsi_tcp.c
Examining data/netatalk-3.1.12~ds/libatalk/iniparser/dictionary.c
Examining data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c
Examining data/netatalk-3.1.12~ds/libatalk/talloc/dalloc.c
Examining data/netatalk-3.1.12~ds/libatalk/util/bprint.c
Examining data/netatalk-3.1.12~ds/libatalk/util/fault.c
Examining data/netatalk-3.1.12~ds/libatalk/util/getiface.c
Examining data/netatalk-3.1.12~ds/libatalk/util/gettok.c
Examining data/netatalk-3.1.12~ds/libatalk/util/locking.c
Examining data/netatalk-3.1.12~ds/libatalk/util/logger.c
Examining data/netatalk-3.1.12~ds/libatalk/util/module.c
Examining data/netatalk-3.1.12~ds/libatalk/util/queue.c
Examining data/netatalk-3.1.12~ds/libatalk/util/server_child.c
Examining data/netatalk-3.1.12~ds/libatalk/util/server_lock.c
Examining data/netatalk-3.1.12~ds/libatalk/util/strdicasecmp.c
Examining data/netatalk-3.1.12~ds/libatalk/util/unix.c
Examining data/netatalk-3.1.12~ds/libatalk/util/ftw.c
Examining data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c
Examining data/netatalk-3.1.12~ds/libatalk/util/socket.c
Examining data/netatalk-3.1.12~ds/libatalk/util/cnid.c
Examining data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/utf16_casetable.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/precompose.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/util_unistr.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/iconv.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/utf8.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/utf16_case.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_roman.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_greek.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_centraleurope.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_hebrew.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_turkish.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_cyrillic.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_japanese.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_chinese_trad.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_chinese_simp.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_korean.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/generic_cjk.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/generic_mb.h
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_roman.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_greek.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_hebrew.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_centraleurope.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_turkish.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_cyrillic.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_japanese.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_chinese_trad.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_chinese_simp.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_korean.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/generic_cjk.c
Examining data/netatalk-3.1.12~ds/libatalk/unicode/charsets/generic_mb.c
Examining data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c
Examining data/netatalk-3.1.12~ds/libatalk/vfs/acl.c
Examining data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c
Examining data/netatalk-3.1.12~ds/libatalk/vfs/ea_sys.c
Examining data/netatalk-3.1.12~ds/libatalk/vfs/unix.c
Examining data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c
Examining data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c
Examining data/netatalk-3.1.12~ds/bin/misc/uuidtest.c
Examining data/netatalk-3.1.12~ds/bin/misc/fce.c
Examining data/netatalk-3.1.12~ds/bin/misc/logger_test.c
Examining data/netatalk-3.1.12~ds/bin/misc/netacnv.c
Examining data/netatalk-3.1.12~ds/bin/ad/ad.h
Examining data/netatalk-3.1.12~ds/bin/ad/ad.c
Examining data/netatalk-3.1.12~ds/bin/ad/ad_cp.c
Examining data/netatalk-3.1.12~ds/bin/ad/ad_rm.c
Examining data/netatalk-3.1.12~ds/bin/ad/ad_set.c
Examining data/netatalk-3.1.12~ds/bin/ad/ad_find.c
Examining data/netatalk-3.1.12~ds/bin/ad/ad_ls.c
Examining data/netatalk-3.1.12~ds/bin/ad/ad_mv.c
Examining data/netatalk-3.1.12~ds/bin/ad/ad_util.c
Examining data/netatalk-3.1.12~ds/etc/spotlight/sparql_map.h
Examining data/netatalk-3.1.12~ds/etc/spotlight/sparql_map.c
Examining data/netatalk-3.1.12~ds/etc/afpd/auth.h
Examining data/netatalk-3.1.12~ds/etc/afpd/afp_config.h
Examining data/netatalk-3.1.12~ds/etc/afpd/desktop.h
Examining data/netatalk-3.1.12~ds/etc/afpd/fce_api_internal.h
Examining data/netatalk-3.1.12~ds/etc/afpd/file.h
Examining data/netatalk-3.1.12~ds/etc/afpd/filedir.h
Examining data/netatalk-3.1.12~ds/etc/afpd/fork.h
Examining data/netatalk-3.1.12~ds/etc/afpd/icon.h
Examining data/netatalk-3.1.12~ds/etc/afpd/mangle.h
Examining data/netatalk-3.1.12~ds/etc/afpd/misc.h
Examining data/netatalk-3.1.12~ds/etc/afpd/status.h
Examining data/netatalk-3.1.12~ds/etc/afpd/switch.h
Examining data/netatalk-3.1.12~ds/etc/afpd/uam_auth.h
Examining data/netatalk-3.1.12~ds/etc/afpd/uid.h
Examining data/netatalk-3.1.12~ds/etc/afpd/unix.h
Examining data/netatalk-3.1.12~ds/etc/afpd/volume.h
Examining data/netatalk-3.1.12~ds/etc/afpd/hash.h
Examining data/netatalk-3.1.12~ds/etc/afpd/acls.h
Examining data/netatalk-3.1.12~ds/etc/afpd/acl_mappings.h
Examining data/netatalk-3.1.12~ds/etc/afpd/extattrs.h
Examining data/netatalk-3.1.12~ds/etc/afpd/dircache.h
Examining data/netatalk-3.1.12~ds/etc/afpd/afpstats_obj.h
Examining data/netatalk-3.1.12~ds/etc/afpd/afpstats.h
Examining data/netatalk-3.1.12~ds/etc/afpd/afp_config.c
Examining data/netatalk-3.1.12~ds/etc/afpd/afp_options.c
Examining data/netatalk-3.1.12~ds/etc/afpd/afp_util.c
Examining data/netatalk-3.1.12~ds/etc/afpd/afprun.c
Examining data/netatalk-3.1.12~ds/etc/afpd/afs.c
Examining data/netatalk-3.1.12~ds/etc/afpd/appl.c
Examining data/netatalk-3.1.12~ds/etc/afpd/extattrs.c
Examining data/netatalk-3.1.12~ds/etc/afpd/fce_api.c
Examining data/netatalk-3.1.12~ds/etc/afpd/fce_util.c
Examining data/netatalk-3.1.12~ds/etc/afpd/file.c
Examining data/netatalk-3.1.12~ds/etc/afpd/fork.c
Examining data/netatalk-3.1.12~ds/etc/afpd/hash.c
Examining data/netatalk-3.1.12~ds/etc/afpd/main.c
Examining data/netatalk-3.1.12~ds/etc/afpd/mangle.c
Examining data/netatalk-3.1.12~ds/etc/afpd/messages.c
Examining data/netatalk-3.1.12~ds/etc/afpd/nfsquota.c
Examining data/netatalk-3.1.12~ds/etc/afpd/ofork.c
Examining data/netatalk-3.1.12~ds/etc/afpd/quota.c
Examining data/netatalk-3.1.12~ds/etc/afpd/status.c
Examining data/netatalk-3.1.12~ds/etc/afpd/switch.c
Examining data/netatalk-3.1.12~ds/etc/afpd/uam.c
Examining data/netatalk-3.1.12~ds/etc/afpd/uid.c
Examining data/netatalk-3.1.12~ds/etc/afpd/unix.c
Examining data/netatalk-3.1.12~ds/etc/afpd/afpstats.c
Examining data/netatalk-3.1.12~ds/etc/afpd/afpstats_obj.c
Examining data/netatalk-3.1.12~ds/etc/afpd/afpstats_service_glue.h
Examining data/netatalk-3.1.12~ds/etc/afpd/directory.h
Examining data/netatalk-3.1.12~ds/etc/afpd/volume.c
Examining data/netatalk-3.1.12~ds/etc/afpd/spotlight.c
Examining data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c
Examining data/netatalk-3.1.12~ds/etc/afpd/afp_dsi.c
Examining data/netatalk-3.1.12~ds/etc/afpd/acls.c
Examining data/netatalk-3.1.12~ds/etc/afpd/directory.c
Examining data/netatalk-3.1.12~ds/etc/afpd/catsearch.c
Examining data/netatalk-3.1.12~ds/etc/afpd/dircache.c
Examining data/netatalk-3.1.12~ds/etc/afpd/enumerate.c
Examining data/netatalk-3.1.12~ds/etc/afpd/auth.c
Examining data/netatalk-3.1.12~ds/etc/afpd/desktop.c
Examining data/netatalk-3.1.12~ds/etc/afpd/filedir.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.h
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/pack.h
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.h
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd.h
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/usockfd.h
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/comm.h
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd.h
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/pack.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/comm.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_add.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_get.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_resolve.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_update.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_delete.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_getstamp.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_rebuild_add.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_dbcheck.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_search.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/cnid_metad.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/usockfd.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c
Examining data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_lookup.c
Examining data/netatalk-3.1.12~ds/etc/netatalk/afp_zeroconf.h
Examining data/netatalk-3.1.12~ds/etc/netatalk/afp_avahi.h
Examining data/netatalk-3.1.12~ds/etc/netatalk/afp_mdns.h
Examining data/netatalk-3.1.12~ds/etc/netatalk/netatalk.c
Examining data/netatalk-3.1.12~ds/etc/netatalk/afp_avahi.c
Examining data/netatalk-3.1.12~ds/etc/netatalk/afp_mdns.c
Examining data/netatalk-3.1.12~ds/etc/netatalk/afp_zeroconf.c
Examining data/netatalk-3.1.12~ds/etc/uams/openssl_compat.h
Examining data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_pam.c
Examining data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_passwd.c
Examining data/netatalk-3.1.12~ds/etc/uams/uams_dhx_pam.c
Examining data/netatalk-3.1.12~ds/etc/uams/uams_dhx_passwd.c
Examining data/netatalk-3.1.12~ds/etc/uams/uams_guest.c
Examining data/netatalk-3.1.12~ds/etc/uams/uams_pam.c
Examining data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c
Examining data/netatalk-3.1.12~ds/etc/uams/uams_pgp.c
Examining data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c
Examining data/netatalk-3.1.12~ds/etc/uams/uams_gss.c
Examining data/netatalk-3.1.12~ds/test/afpd/test.h
Examining data/netatalk-3.1.12~ds/test/afpd/subtests.h
Examining data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.h
Examining data/netatalk-3.1.12~ds/test/afpd/subtests.c
Examining data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c
Examining data/netatalk-3.1.12~ds/test/afpd/test.c
Examining data/netatalk-3.1.12~ds/libevent/compat/sys/queue.h
Examining data/netatalk-3.1.12~ds/libevent/test/tinytest.h
Examining data/netatalk-3.1.12~ds/libevent/test/tinytest_macros.h
Examining data/netatalk-3.1.12~ds/libevent/test/regress.h
Examining data/netatalk-3.1.12~ds/libevent/test/tinytest_local.h
Examining data/netatalk-3.1.12~ds/libevent/test/bench.c
Examining data/netatalk-3.1.12~ds/libevent/test/bench_cascade.c
Examining data/netatalk-3.1.12~ds/libevent/test/bench_http.c
Examining data/netatalk-3.1.12~ds/libevent/test/bench_httpclient.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_http.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_dns.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_testutils.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_testutils.h
Examining data/netatalk-3.1.12~ds/libevent/test/regress_rpc.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress.gen.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress.gen.h
Examining data/netatalk-3.1.12~ds/libevent/test/regress_et.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_bufferevent.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_listener.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_util.c
Examining data/netatalk-3.1.12~ds/libevent/test/tinytest.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_main.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_minheap.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_thread.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_zlib.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_iocp.c
Examining data/netatalk-3.1.12~ds/libevent/test/regress_ssl.c
Examining data/netatalk-3.1.12~ds/libevent/test/test-changelist.c
Examining data/netatalk-3.1.12~ds/libevent/test/test-eof.c
Examining data/netatalk-3.1.12~ds/libevent/test/test-init.c
Examining data/netatalk-3.1.12~ds/libevent/test/test-ratelim.c
Examining data/netatalk-3.1.12~ds/libevent/test/test-time.c
Examining data/netatalk-3.1.12~ds/libevent/test/test-weof.c
Examining data/netatalk-3.1.12~ds/libevent/WIN32-Code/event2/event-config.h
Examining data/netatalk-3.1.12~ds/libevent/WIN32-Code/tree.h
Examining data/netatalk-3.1.12~ds/libevent/event.h
Examining data/netatalk-3.1.12~ds/libevent/evhttp.h
Examining data/netatalk-3.1.12~ds/libevent/evdns.h
Examining data/netatalk-3.1.12~ds/libevent/evrpc.h
Examining data/netatalk-3.1.12~ds/libevent/evutil.h
Examining data/netatalk-3.1.12~ds/libevent/util-internal.h
Examining data/netatalk-3.1.12~ds/libevent/mm-internal.h
Examining data/netatalk-3.1.12~ds/libevent/ipv6-internal.h
Examining data/netatalk-3.1.12~ds/libevent/evrpc-internal.h
Examining data/netatalk-3.1.12~ds/libevent/strlcpy-internal.h
Examining data/netatalk-3.1.12~ds/libevent/evbuffer-internal.h
Examining data/netatalk-3.1.12~ds/libevent/bufferevent-internal.h
Examining data/netatalk-3.1.12~ds/libevent/http-internal.h
Examining data/netatalk-3.1.12~ds/libevent/event-internal.h
Examining data/netatalk-3.1.12~ds/libevent/evthread-internal.h
Examining data/netatalk-3.1.12~ds/libevent/ht-internal.h
Examining data/netatalk-3.1.12~ds/libevent/defer-internal.h
Examining data/netatalk-3.1.12~ds/libevent/minheap-internal.h
Examining data/netatalk-3.1.12~ds/libevent/log-internal.h
Examining data/netatalk-3.1.12~ds/libevent/evsignal-internal.h
Examining data/netatalk-3.1.12~ds/libevent/evmap-internal.h
Examining data/netatalk-3.1.12~ds/libevent/changelist-internal.h
Examining data/netatalk-3.1.12~ds/libevent/iocp-internal.h
Examining data/netatalk-3.1.12~ds/libevent/ratelim-internal.h
Examining data/netatalk-3.1.12~ds/libevent/epoll_sub.c
Examining data/netatalk-3.1.12~ds/libevent/event.c
Examining data/netatalk-3.1.12~ds/libevent/evthread.c
Examining data/netatalk-3.1.12~ds/libevent/buffer.c
Examining data/netatalk-3.1.12~ds/libevent/bufferevent.c
Examining data/netatalk-3.1.12~ds/libevent/bufferevent_sock.c
Examining data/netatalk-3.1.12~ds/libevent/bufferevent_filter.c
Examining data/netatalk-3.1.12~ds/libevent/bufferevent_pair.c
Examining data/netatalk-3.1.12~ds/libevent/listener.c
Examining data/netatalk-3.1.12~ds/libevent/bufferevent_ratelim.c
Examining data/netatalk-3.1.12~ds/libevent/evmap.c
Examining data/netatalk-3.1.12~ds/libevent/log.c
Examining data/netatalk-3.1.12~ds/libevent/evutil.c
Examining data/netatalk-3.1.12~ds/libevent/evutil_rand.c
Examining data/netatalk-3.1.12~ds/libevent/strlcpy.c
Examining data/netatalk-3.1.12~ds/libevent/select.c
Examining data/netatalk-3.1.12~ds/libevent/poll.c
Examining data/netatalk-3.1.12~ds/libevent/devpoll.c
Examining data/netatalk-3.1.12~ds/libevent/kqueue.c
Examining data/netatalk-3.1.12~ds/libevent/epoll.c
Examining data/netatalk-3.1.12~ds/libevent/evport.c
Examining data/netatalk-3.1.12~ds/libevent/signal.c
Examining data/netatalk-3.1.12~ds/libevent/win32select.c
Examining data/netatalk-3.1.12~ds/libevent/evthread_win32.c
Examining data/netatalk-3.1.12~ds/libevent/buffer_iocp.c
Examining data/netatalk-3.1.12~ds/libevent/event_iocp.c
Examining data/netatalk-3.1.12~ds/libevent/bufferevent_async.c
Examining data/netatalk-3.1.12~ds/libevent/event_tagging.c
Examining data/netatalk-3.1.12~ds/libevent/http.c
Examining data/netatalk-3.1.12~ds/libevent/evdns.c
Examining data/netatalk-3.1.12~ds/libevent/evrpc.c
Examining data/netatalk-3.1.12~ds/libevent/bufferevent_openssl.c
Examining data/netatalk-3.1.12~ds/libevent/evthread_pthread.c
Examining data/netatalk-3.1.12~ds/libevent/arc4random.c
Examining data/netatalk-3.1.12~ds/libevent/include/event2/buffer.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/buffer_compat.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/bufferevent.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/bufferevent_compat.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/bufferevent_ssl.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/bufferevent_struct.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/dns.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/dns_compat.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/dns_struct.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/event.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/event_compat.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/event_struct.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/http.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/http_compat.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/http_struct.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/keyvalq_struct.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/listener.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/rpc.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/rpc_compat.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/rpc_struct.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/tag.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/tag_compat.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/thread.h
Examining data/netatalk-3.1.12~ds/libevent/include/event2/util.h
Examining data/netatalk-3.1.12~ds/libevent/sample/dns-example.c
Examining data/netatalk-3.1.12~ds/libevent/sample/event-test.c
Examining data/netatalk-3.1.12~ds/libevent/sample/hello-world.c
Examining data/netatalk-3.1.12~ds/libevent/sample/http-server.c
Examining data/netatalk-3.1.12~ds/libevent/sample/le-proxy.c
Examining data/netatalk-3.1.12~ds/libevent/sample/signal-test.c
Examining data/netatalk-3.1.12~ds/libevent/sample/time-test.c
FINAL RESULTS:
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:796:16: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((len = readlink(spath, llink, sizeof(llink) - 1)) == -1) {
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:853:14: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(to.p_path, fs->st_uid, fs->st_gid))) {
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:862:40: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (fdval ? fchmod(fd, mode) : chmod(to.p_path, mode)) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:186:18: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if ( chown( modbuf, uid, gid ) < 0 && errno != EPERM ) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:192:14: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if ( chown( deskp->d_name, uid, gid ) < 0 && errno != EPERM ) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:202:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(cfrombstr(dtpath), uid, gid ) < 0 && errno != EPERM ) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:216:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(adname, st->st_uid, st->st_gid);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:219:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(adname, st->st_mode);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:399:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(ADv2_DIRNAME, st.st_uid, st.st_gid);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:400:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(vol->ad_path(".", ADFLAGS_DIR), st.st_uid, st.st_gid);
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:148:18: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if ((chown(lockpath, st.st_uid, st.st_gid)) != 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/usockfd.c:61:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#ifdef chmod
data/netatalk-3.1.12~ds/etc/cnid_dbd/usockfd.c:62:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#undef chmod
data/netatalk-3.1.12~ds/etc/cnid_dbd/usockfd.c:64:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(usock_fn, mode) < 0) {
data/netatalk-3.1.12~ds/include/atalk/acl.h:65:19: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod_acl chmod
data/netatalk-3.1.12~ds/libatalk/acl/unix.c:230:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod(name, mode);
data/netatalk-3.1.12~ds/libatalk/acl/unix.c:235:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(name, mode) != 0) /* (3) */
data/netatalk-3.1.12~ds/libatalk/acl/unix.c:319:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
ret = chmod(name, mode);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1033:24: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((lsz = readlink(path, ad->ad_data_fork.adf_syml, MAXPATHLEN)) <= 0) {
data/netatalk-3.1.12~ds/libatalk/util/unix.c:252:16: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
return chown(path, owner, group);
data/netatalk-3.1.12~ds/libatalk/util/unix.c:288:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod(path, mode);
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:120:12: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
return chown( ad_p, uid, gid );
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:463:12: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
return chown(vol->ad_path(path, ADFLAGS_HF ), uid, gid);
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:670:11: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
VFS_MFUNC(chown, VFS_FUNC_ARGS_CHOWN, VFS_FUNC_VARS_CHOWN)
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:487:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwdpath, path);
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:191:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(path, argv[argc - 1]);
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:237:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!fflg && !access(to, F_OK)) {
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:253:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} else if (access(to, W_OK) && !stat(to, &sb)) {
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:398:9: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(_PATH_AD, "ad", "cp", vflg ? "-Rpv" : "-Rp", from, to, (char *)NULL);
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:422:9: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(_PATH_AD, "ad", "rm", "-R", from, (char *)NULL);
data/netatalk-3.1.12~ds/bin/ad/ad_util.c:86:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(logbuffer, 1023, fmt, args);
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:124:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, path);
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:150:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, name);
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:151:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, FORMAT);
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:163:14: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
passwd = getpass("Enter OLD AFP password: ");
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:173:12: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
passwd = getpass("Enter NEW AFP password: ");
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:186:12: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
passwd = getpass("Enter NEW AFP password again: ");
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:235:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, pwd->pw_name);
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:236:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, FORMAT);
data/netatalk-3.1.12~ds/bin/misc/fce.c:187:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(", pid: %" PRId64, packet.fcep_pid);
data/netatalk-3.1.12~ds/etc/afpd/afprun.c:257:5: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sh","sh","-c",cmd,NULL);
data/netatalk-3.1.12~ds/etc/afpd/afprun.c:315:5: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sh","sh","-c", cmd, NULL);
data/netatalk-3.1.12~ds/etc/afpd/appl.c:250:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tempfile, dtf );
data/netatalk-3.1.12~ds/etc/afpd/appl.c:335:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tempfile, dtf );
data/netatalk-3.1.12~ds/etc/afpd/auth.c:1017:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, path);
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:78:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( modbuf, deskp->d_name );
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:90:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( modbuf, subp->d_name );
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:172:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( modbuf, deskp->d_name );
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:184:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( modbuf, subp->d_name );
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:720:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( path, vol->v_dbpath );
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:743:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( path, ext );
data/netatalk-3.1.12~ds/etc/afpd/directory.c:154:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, dir);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:167:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path + len, de->d_name);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:212:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spath, src);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:217:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dpath, dst);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:232:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spath + slen, de->d_name);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:239:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dpath + dlen, de->d_name);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:328:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret->m_name, temp);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:350:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret->m_name, t);
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:180:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attrnamebuf, ea_finderinfo);
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:190:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attrnamebuf + attrbuflen, ea_resourcefork);
data/netatalk-3.1.12~ds/etc/afpd/file.c:172:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tp);
data/netatalk-3.1.12~ds/etc/afpd/file.c:1331:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( newname, s_path->m_name );
data/netatalk-3.1.12~ds/etc/afpd/file.c:2082:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spath, path->m_name);
data/netatalk-3.1.12~ds/etc/afpd/file.c:2083:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(supath, path->u_name); /* this is for the cnid changing */
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:453:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldname, path->m_name); /* an extra copy for of_rename */
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:762:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldname, path->m_name); /* an extra copy for of_rename */
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:794:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newname, oldname);
data/netatalk-3.1.12~ds/etc/afpd/fork.c:148:78: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static int fork_setmode(const AFPObj *obj, struct adouble *adp, int eid, int access, int ofrefnum)
data/netatalk-3.1.12~ds/etc/afpd/fork.c:156:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (! (access & (OPENACC_WR | OPENACC_RD | OPENACC_DWR | OPENACC_DRD))) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:160:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & (OPENACC_RD | OPENACC_DRD))) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:166:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & OPENACC_RD) && denyreadset) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:170:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & OPENACC_DRD) && readset) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:177:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & OPENACC_RD)) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:182:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & OPENACC_DRD)) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:189:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & (OPENACC_WR | OPENACC_DWR))) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:195:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & OPENACC_WR) && denywriteset) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:199:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & OPENACC_DWR) && writeset) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:203:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & OPENACC_WR)) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:208:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & OPENACC_DWR)) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:227:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
shmd.f_access = (access & OPENACC_RD ? F_RDACC : 0) | (access & OPENACC_WR ? F_WRACC : 0);
data/netatalk-3.1.12~ds/etc/afpd/fork.c:227:64: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
shmd.f_access = (access & OPENACC_RD ? F_RDACC : 0) | (access & OPENACC_WR ? F_WRACC : 0);
data/netatalk-3.1.12~ds/etc/afpd/fork.c:231:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
shmd.f_deny = (access & OPENACC_DRD ? F_RDDNY : F_NODNY) | (access & OPENACC_DWR) ? F_WRDNY : 0;
data/netatalk-3.1.12~ds/etc/afpd/fork.c:231:69: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
shmd.f_deny = (access & OPENACC_DRD ? F_RDDNY : F_NODNY) | (access & OPENACC_DWR) ? F_WRDNY : 0;
data/netatalk-3.1.12~ds/etc/afpd/fork.c:257:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
uint16_t vid, bitmap, access, ofrefnum;
data/netatalk-3.1.12~ds/etc/afpd/fork.c:283:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
memcpy(&access, ibuf, sizeof( access ));
data/netatalk-3.1.12~ds/etc/afpd/fork.c:283:35: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
memcpy(&access, ibuf, sizeof( access ));
data/netatalk-3.1.12~ds/etc/afpd/fork.c:284:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = ntohs( access );
data/netatalk-3.1.12~ds/etc/afpd/fork.c:285:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ibuf += sizeof( access );
data/netatalk-3.1.12~ds/etc/afpd/fork.c:287:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((vol->v_flags & AFPVOL_RO) && (access & OPENACC_WR)) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:307:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access & OPENACC_WR) ? AFPERR_LOCK : AFPERR_ACCESS;
data/netatalk-3.1.12~ds/etc/afpd/fork.c:318:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (check_access(obj, vol, upath, access ) < 0) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:322:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (file_access(obj, vol, s_path, access ) < 0) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:341:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & OPENACC_WR) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:359:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
!(access & OPENACC_WR) ? "O_RDONLY" : "O_RDWR");
data/netatalk-3.1.12~ds/etc/afpd/fork.c:389:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & OPENACC_WR) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:450:51: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((bshort & htons(ATTRBIT_NOWRITE)) && (access & OPENACC_WR)) {
data/netatalk-3.1.12~ds/etc/afpd/fork.c:467:52: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ret = fork_setmode(obj, ofork->of_ad, eid, access, ofrefnum);
data/netatalk-3.1.12~ds/etc/afpd/fork.c:488:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & OPENACC_WR))
data/netatalk-3.1.12~ds/etc/afpd/fork.c:492:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access & OPENACC_RD))
data/netatalk-3.1.12~ds/etc/afpd/fork.c:504:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access & OPENACC_WR) ? AFPERR_LOCK : AFPERR_ACCESS;
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:281:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(m, mangle_suffix);
data/netatalk-3.1.12~ds/etc/afpd/messages.c:64:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/message.%d", SERVERTEXT, getpid());
data/netatalk-3.1.12~ds/etc/afpd/messages.c:73:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/message", SERVERTEXT);
data/netatalk-3.1.12~ds/etc/afpd/quota.c:632:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( vol->v_gvs, p );
data/netatalk-3.1.12~ds/etc/afpd/quota.c:635:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s/quotas", p );
data/netatalk-3.1.12~ds/etc/afpd/quota.c:654:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( vol->v_gvs, p );
data/netatalk-3.1.12~ds/etc/afpd/quota.c:672:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pathstring,"%s:%s",hostpath+1,vol->v_gvs);
data/netatalk-3.1.12~ds/etc/afpd/quota.c:673:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vol->v_gvs,pathstring);
data/netatalk-3.1.12~ds/etc/afpd/quota.c:679:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pathstring,"%s@%s",hostpath+1,vol->v_gvs);
data/netatalk-3.1.12~ds/etc/afpd/quota.c:680:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vol->v_gvs,pathstring);
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:672:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
result = access(path, R_OK);
data/netatalk-3.1.12~ds/etc/afpd/status.c:158:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(buf, AFPSTATUS_MACHLEN + 1, machine, VERSION);
data/netatalk-3.1.12~ds/etc/afpd/status.c:161:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(buf, AFPSTATUS_MACHLEN + 1, VERSION);
data/netatalk-3.1.12~ds/etc/afpd/status.c:163:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void)snprintf(buf, AFPSTATUS_MACHLEN + 1, machine, "");
data/netatalk-3.1.12~ds/etc/afpd/status.c:164:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void)snprintf(buf + AFPSTATUS_MACHLEN - strlen(VERSION),
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd.c:125:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(logbuffer, 1023, fmt, args);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:188:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((ret = access( adname, F_OK)) != 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:348:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( (addir_ok = access(ADv2_DIRNAME, F_OK)) != 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:357:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( (adpar_ok = access(vol->ad_path(".", ADFLAGS_DIR), F_OK)) != 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:432:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access( pname, F_OK)) == 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:519:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pname + 3, ep->d_name);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:520:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access( pname, F_OK)) != 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:774:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cwdbuf, name);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:845:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cwdbuf, vol->v_path);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cnid_metad.c:278:19: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = execlp(dbdpn, dbdpn,
data/netatalk-3.1.12~ds/etc/cnid_dbd/cnid_metad.c:286:19: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = execlp(dbdpn, dbdpn,
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:44:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, dir);
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:47:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, fn);
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:51:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, fn);
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:125:21: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while ((items = fscanf(fp, " %s %s", key, val)) != EOF) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:136:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lockpath, LOCKFILENAME);
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:221:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("rm -f cnid2.db lock log.* __db.*");
data/netatalk-3.1.12~ds/etc/netatalk/netatalk.c:105:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(bdata(cmd));
data/netatalk-3.1.12~ds/etc/netatalk/netatalk.c:108:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("gsettings set org.freedesktop.Tracker.Miner.Files index-single-directories \"[]\"");
data/netatalk-3.1.12~ds/etc/netatalk/netatalk.c:179:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(TRACKER_MANAGING_COMMAND " -t");
data/netatalk-3.1.12~ds/etc/netatalk/netatalk.c:189:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(TRACKER_MANAGING_COMMAND " -t");
data/netatalk-3.1.12~ds/etc/netatalk/netatalk.c:329:15: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(void)execv(path, myargv);
data/netatalk-3.1.12~ds/etc/netatalk/netatalk.c:508:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(TRACKER_PREFIX "/bin/" TRACKER_MANAGING_COMMAND " -s");
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_passwd.c:548:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
p = crypt( ibuf, dhxpwd->pw_passwd );
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_passwd.c:344:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( hostname, "%s@%s", dhxpwd->pw_name, clientname );
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_passwd.c:355:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
p = crypt( rbuf, dhxpwd->pw_passwd );
data/netatalk-3.1.12~ds/etc/uams/uams_guest.c:49:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(username, guest);
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:116:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( hostname, "%s@%s", username, clientname );
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:125:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
p = crypt( ibuf, pwd->pw_passwd );
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:232:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
p = crypt(pw, pwd->pw_passwd );
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:344:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
p = crypt(password, pwd->pw_passwd);
data/netatalk-3.1.12~ds/etc/uams/uams_pgp.c:166:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
p = crypt( rbuf, pgppwd->pw_passwd );
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:139:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, path);
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:254:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, pwd->pw_dir );
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:256:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, file + 2);
data/netatalk-3.1.12~ds/include/atalk/logger.h:143:20: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
bool syslog; /* This type logs to syslog */
data/netatalk-3.1.12~ds/libatalk/acl/cache.c:155:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, inname);
data/netatalk-3.1.12~ds/libatalk/acl/cache.c:287:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*name, entry->name);
data/netatalk-3.1.12~ds/libatalk/acl/cache.c:327:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, inname);
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:2736:33: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
#define exvsnprintf(r,b,n,f,a) {vsprintf (b,f,a); r = -1;}
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:2743:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int vsnprintf (char *buf, size_t count, const char *format, va_list arg);
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:2746:37: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define exvsnprintf(r,b,n,f,a) {r = vsnprintf (b,n,f,a);}
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:155:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, dbdir);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:164:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path + len, old_dbfiles[i]);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:208:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, vol->v_path);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:214:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path + len, DBHOME);
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_open.c:81:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, vol->v_path);
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_open.c:87:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path + len, DBHOME);
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_open.c:103:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, DBCNID);
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_resolve.c:28:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, (char *)data.dptr + CNID_NAME_OFS);
data/netatalk-3.1.12~ds/libatalk/compat/misc.c:43:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(p, size, fmt, ap);
data/netatalk-3.1.12~ds/libatalk/compat/mktemp.c:47:1: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
mktemp(path)
data/netatalk-3.1.12~ds/libatalk/iniparser/dictionary.c:90:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t,s);
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:62:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(l, s);
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:209:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keym, "%s:", secname);
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:465:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, strstrip(input_line));
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:478:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(section, strstrip(section));
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:479:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(section, section);
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:484:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key, strstrip(key));
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:485:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key, key);
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:486:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, strstrip(value));
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:503:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key, strstrip(key));
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:504:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key, key);
data/netatalk-3.1.12~ds/libatalk/util/ftw.c:206:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a, b);
data/netatalk-3.1.12~ds/libatalk/util/gettok.c:153:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buf, pwent->pw_dir );
data/netatalk-3.1.12~ds/libatalk/util/gettok.c:156:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buf, t );
data/netatalk-3.1.12~ds/libatalk/util/gettok.c:158:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( token, buf );
data/netatalk-3.1.12~ds/libatalk/util/logger.c:423:31: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
if (type_configs[logtype].syslog) {
data/netatalk-3.1.12~ds/libatalk/util/module.c:34:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(underscore, name);
data/netatalk-3.1.12~ds/libatalk/util/module.c:64:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(underscore, name);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:336:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf(dest, "%s:%u",
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:955:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpname, suffix);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:988:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpname, suffix);
data/netatalk-3.1.12~ds/libatalk/util/unix.c:79:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp("mv", cmd_argv);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:264:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, (*(ea->ea_entries))[count].ea_name);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:1435:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(srceapath, eapath);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:1550:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(srceapath, eapath);
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:922:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list + len, de->d_name);
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:266:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( adsrc, vol->ad_path(src, 0 ));
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:620:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( adsrc, vol->ad_path(src, 0 ));
data/netatalk-3.1.12~ds/libevent/evdns.c:447:49: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EVDNS_LOG_CHECK __attribute__ ((format(printf, 2, 3)))
data/netatalk-3.1.12~ds/libevent/evutil.c:1576:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
r = vsnprintf(buf, buflen, format, ap);
data/netatalk-3.1.12~ds/libevent/evutil.c:2172:3: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat(path, TEXT("\\"));
data/netatalk-3.1.12~ds/libevent/evutil.c:2173:3: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat(path, library_name);
data/netatalk-3.1.12~ds/libevent/include/event2/buffer.h:479:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)))
data/netatalk-3.1.12~ds/libevent/include/event2/util.h:446:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)))
data/netatalk-3.1.12~ds/libevent/log-internal.h:33:49: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EV_CHECK_FMT(a,b) __attribute__((format(printf, a, b)))
data/netatalk-3.1.12~ds/libevent/test/tinytest_local.h:9:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#ifdef snprintf
data/netatalk-3.1.12~ds/libevent/test/tinytest_local.h:10:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef snprintf
data/netatalk-3.1.12~ds/libevent/test/tinytest_local.h:12:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf evutil_snprintf
data/netatalk-3.1.12~ds/libevent/test/tinytest_macros.h:44:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf args ; \
data/netatalk-3.1.12~ds/libevent/util-internal.h:206:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(stderr, \
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:101:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, name);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:205:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "afinpRvx")) != -1)
data/netatalk-3.1.12~ds/bin/ad/ad_find.c:91:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc-1, &argv[1], ":v:")) != -1) {
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:603:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, ":adlRu")) != -1) {
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:136:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "finv")) != -1)
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:306:25: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(from, path) == NULL) {
data/netatalk-3.1.12~ds/bin/ad/ad_rm.c:142:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "vR")) != -1)
data/netatalk-3.1.12~ds/bin/ad/ad_set.c:264:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, ":l:t:c:f:a:")) != -1) {
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:279:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, OPTIONS)) != EOF) {
data/netatalk-3.1.12~ds/bin/misc/fce.c:114:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "h:")) != -1) {
data/netatalk-3.1.12~ds/bin/misc/netacnv.c:45:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "m:o:f:t:")) != -1) {
data/netatalk-3.1.12~ds/bin/misc/uuidtest.c:83:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, ":vu:g:i:")) != -1) {
data/netatalk-3.1.12~ds/etc/afpd/afp_options.c:215:25: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (EOF != ( c = getopt( ac, av, "dF:vVh" )) ) {
data/netatalk-3.1.12~ds/etc/afpd/afprun.c:60:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("TMPDIR")))
data/netatalk-3.1.12~ds/etc/afpd/dircache.c:623:10: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
char tmpnam[64];
data/netatalk-3.1.12~ds/etc/afpd/dircache.c:633:13: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
sprintf(tmpnam, "/tmp/dircache.%u", getpid());
data/netatalk-3.1.12~ds/etc/afpd/dircache.c:634:23: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if ((dump = fopen(tmpnam, "w+")) == NULL) {
data/netatalk-3.1.12~ds/etc/afpd/uam.c:312:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(tv.tv_sec + (unsigned long) obj + (unsigned long) obj->dsi);
data/netatalk-3.1.12~ds/etc/afpd/uam.c:314:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
result = random();
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd.c:143:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, ":cfF:rstu:vV")) != -1) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/cnid_metad.c:475:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (( cc = getopt( argc, argv, "dF:vV")) != -1 ) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:497:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (( ret = getopt( argc, argv, ":dF:l:p:t:u:vV")) != -1 ) {
data/netatalk-3.1.12~ds/etc/netatalk/netatalk.c:406:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, ":dF:vV")) != -1) {
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_passwd.c:88:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rnd_seed[i] = random();
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1165:18: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if ((realpath(pwent->pw_dir, tmp)) == NULL) {
data/netatalk-3.1.12~ds/libatalk/util/unix.c:415:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((unsigned int)tv.tv_usec);
data/netatalk-3.1.12~ds/libatalk/util/unix.c:417:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
p[i] = random() & 0xFF;
data/netatalk-3.1.12~ds/libatalk/util/unix.c:443:26: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if ((resolved_path = realpath(path, NULL)) == NULL) {
data/netatalk-3.1.12~ds/libatalk/util/unix.c:451:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(path, resolved_path) == NULL) {
data/netatalk-3.1.12~ds/libevent/event_iocp.c:78:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&port->lock);
data/netatalk-3.1.12~ds/libevent/event_iocp.c:94:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&port->lock);
data/netatalk-3.1.12~ds/libevent/event_iocp.c:251:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&port->lock);
data/netatalk-3.1.12~ds/libevent/event_iocp.c:260:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&port->lock);
data/netatalk-3.1.12~ds/libevent/evthread_win32.c:76:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(lock);
data/netatalk-3.1.12~ds/libevent/evthread_win32.c:219:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cond->lock);
data/netatalk-3.1.12~ds/libevent/evthread_win32.c:242:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cond->lock);
data/netatalk-3.1.12~ds/libevent/evthread_win32.c:253:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cond->lock);
data/netatalk-3.1.12~ds/libevent/evthread_win32.c:287:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(lock);
data/netatalk-3.1.12~ds/libevent/evthread_win32.c:289:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cond->lock);
data/netatalk-3.1.12~ds/libevent/evutil.c:2098:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return getenv(varname);
data/netatalk-3.1.12~ds/libevent/evutil.c:2107:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random();
data/netatalk-3.1.12~ds/libevent/evutil.c:2174:10: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
return LoadLibrary(path);
data/netatalk-3.1.12~ds/libevent/listener.c:603:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&as->lock);
data/netatalk-3.1.12~ds/libevent/listener.c:647:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&as->lock);
data/netatalk-3.1.12~ds/libevent/listener.c:659:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&as->lock);
data/netatalk-3.1.12~ds/libevent/listener.c:708:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&as->lock);
data/netatalk-3.1.12~ds/libevent/listener.c:730:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&as->lock);
data/netatalk-3.1.12~ds/libevent/listener.c:852:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&lev->accepting[i]->lock);
data/netatalk-3.1.12~ds/libevent/poll.c:183:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
i = random() % nfds;
data/netatalk-3.1.12~ds/libevent/select.c:180:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
i = random() % nfds;
data/netatalk-3.1.12~ds/libevent/test/bench.c:142:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "n:a:w:")) != -1) {
data/netatalk-3.1.12~ds/libevent/test/bench_cascade.c:144:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "n:")) != -1) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:1951:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("EVENT_NOWAFFLES") != NULL) {
data/netatalk-3.1.12~ds/libevent/test/regress_main.c:386:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("EVENT_NO_DEBUG_LOCKS"))
data/netatalk-3.1.12~ds/libevent/test/test-ratelim.c:95:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int r = random() % 256;
data/netatalk-3.1.12~ds/libevent/test/test-ratelim.c:467:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(tv.tv_usec);
data/netatalk-3.1.12~ds/libevent/test/test-ratelim.c:469:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(tv.tv_usec);
data/netatalk-3.1.12~ds/libevent/test/test-time.c:57:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (int)(random() % n);
data/netatalk-3.1.12~ds/bin/ad/ad.h:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_stamp[ADEDLEN_PRIVSYN];
data/netatalk-3.1.12~ds/bin/ad/ad.h:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_path[MAXPATHLEN + 2];/* pointer to the start of a path */
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:639:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((from_fd = open(spath, O_RDONLY, 0)) == -1) {
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:677:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
to_fd = open(to.p_path, O_WRONLY | O_TRUNC | O_CREAT,
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:681:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
to_fd = open(to.p_path, O_WRONLY | O_TRUNC, 0);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:684:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
to_fd = open(to.p_path, O_WRONLY | O_TRUNC | O_CREAT,
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:794:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char llink[PATH_MAX];
data/netatalk-3.1.12~ds/bin/ad/ad_find.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/bin/ad/ad_find.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resbuf[DBD_MAX_SRCH_RSLTS * sizeof(cnid_t)];
data/netatalk-3.1.12~ds/bin/ad/ad_find.c:144:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cnid, bufp, sizeof(cnid_t));
data/netatalk-3.1.12~ds/bin/ad/ad_find.c:150:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[12 + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], *fmt;
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5] = "----";
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char creator[5] = "----";
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:240:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&FinderFlags, FinderInfo + 8, 2);
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:243:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(type, FinderInfo, 4);
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:244:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(creator, FinderInfo + 4, 4);
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:477:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwdpath[MAXPATHLEN+1];
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:499:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cwd = open(".", O_RDONLY)) == -1) {
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:294:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/netatalk-3.1.12~ds/bin/ad/ad_set.c:98:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(FinderInfo, new_type, 4);
data/netatalk-3.1.12~ds/bin/ad/ad_set.c:106:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(FinderInfo + 4, new_creator, 4);
data/netatalk-3.1.12~ds/bin/ad/ad_set.c:123:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&FinderFlags, FinderInfo + 8, 2);
data/netatalk-3.1.12~ds/bin/ad/ad_set.c:132:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(FinderInfo + 8, &FinderFlags, 2);
data/netatalk-3.1.12~ds/bin/ad/ad_set.c:192:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&FinderFlags, FinderInfo + 8, 2);
data/netatalk-3.1.12~ds/bin/ad/ad_set.c:253:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(FinderInfo + 8, &FinderFlags, 2);
data/netatalk-3.1.12~ds/bin/ad/ad_util.c:81:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logbuffer[1024];
data/netatalk-3.1.12~ds/bin/ad/ad_util.c:155:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mpath[ MAXPATHLEN + 2]; /* for convert_charset dest_len parameter +2 */
data/netatalk-3.1.12~ds/bin/ad/ad_util.c:208:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXPATHLEN+2];
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:60:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[PASSWDLEN + 1], *p, *passwd;
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:118:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, "r+")) == NULL) {
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:126:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ".key");
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:127:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keyfd = open(buf, O_RDONLY);
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:223:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(path, O_CREAT | O_TRUNC | O_RDWR, 0600)) < 0) {
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:291:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid_min = atoi(optarg);
data/netatalk-3.1.12~ds/bin/misc/fce.c:44:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packet->fcep_magic[0], p, sizeof(packet->fcep_magic));
data/netatalk-3.1.12~ds/bin/misc/fce.c:77:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packet->fcep_user[0], p, packet->fcep_userlen);
data/netatalk-3.1.12~ds/bin/misc/fce.c:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packet->fcep_path1[0], p, packet->fcep_pathlen1);
data/netatalk-3.1.12~ds/bin/misc/fce.c:95:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&packet->fcep_path2[0], p, packet->fcep_pathlen2);
data/netatalk-3.1.12~ds/bin/misc/fce.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXBUFLEN];
data/netatalk-3.1.12~ds/bin/misc/fce.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[INET6_ADDRSTRLEN];
data/netatalk-3.1.12~ds/bin/misc/netacnv.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXPATHLEN +2];
data/netatalk-3.1.12~ds/etc/afpd/acls.c:1085:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(darwin_ace_count, &mapped_aces, sizeof(uint32_t));
data/netatalk-3.1.12~ds/etc/afpd/acls.c:1170:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_aces[new_aces_count], &old_aces[i], sizeof(ace_t));
data/netatalk-3.1.12~ds/etc/afpd/acls.c:1191:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_aces[new_aces_count], &old_aces[i], sizeof(ace_t));
data/netatalk-3.1.12~ds/etc/afpd/acls.c:1546:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&darwin_ace_rights, ibuf, 4);
data/netatalk-3.1.12~ds/etc/afpd/acls.c:1597:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, ibuf, sizeof( bitmap ));
data/netatalk-3.1.12~ds/etc/afpd/acls.c:1742:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ace_count, ibuf, sizeof(uint32_t));
data/netatalk-3.1.12~ds/etc/afpd/afp_config.c:90:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char interfaddr[NI_MAXHOST];
data/netatalk-3.1.12~ds/etc/afpd/afp_config.c:220:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
obj->fce_version = atoi(r);
data/netatalk-3.1.12~ds/etc/afpd/afp_dsi.c:568:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logstr[50];
data/netatalk-3.1.12~ds/etc/afpd/afp_dsi.c:570:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(logstr, "/tmp/afpd.%u.XXXXXX", getpid());
data/netatalk-3.1.12~ds/etc/afpd/afprun.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN +1];
data/netatalk-3.1.12~ds/etc/afpd/afprun.c:77:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(path);
data/netatalk-3.1.12~ds/etc/afpd/afpstats_obj.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/netatalk-3.1.12~ds/etc/afpd/afs.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char venuspace[ sizeof( struct VolumeStatus ) + 3 ];
data/netatalk-3.1.12~ds/etc/afpd/afs.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 1024 ];
data/netatalk-3.1.12~ds/etc/afpd/afs.c:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ MAXKTCNAMELEN ], instance[ MAXKTCNAMELEN ];
data/netatalk-3.1.12~ds/etc/afpd/afs.c:227:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realm[ MAXKTCREALMLEN ];
data/netatalk-3.1.12~ds/etc/afpd/afs.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldpw[ 9 ], newpw[ 9 ];
data/netatalk-3.1.12~ds/etc/afpd/afs.c:269:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( oldpw, ibuf, len );
data/netatalk-3.1.12~ds/etc/afpd/afs.c:278:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( newpw, ibuf, len );
data/netatalk-3.1.12~ds/etc/afpd/appl.c:55:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( sa.sdt_fd = open( dtf, flags, ad_mode( dtf, mode ))) < 0 ) {
data/netatalk-3.1.12~ds/etc/afpd/appl.c:70:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( sa.sdt_fd = open( dtf, flags, ad_mode( dtf, mode ))) < 0 ) {
data/netatalk-3.1.12~ds/etc/afpd/appl.c:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( sa.sdt_creator, creator, sizeof( CreatorType ));
data/netatalk-3.1.12~ds/etc/afpd/appl.c:91:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char appltag[ 4 ];
data/netatalk-3.1.12~ds/etc/afpd/appl.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ MAXPATHLEN ];
data/netatalk-3.1.12~ds/etc/afpd/appl.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, path, strlen( path ));
data/netatalk-3.1.12~ds/etc/afpd/appl.c:141:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, cfrombstr(dir->d_m_name), blength(dir->d_m_name) + 1);
data/netatalk-3.1.12~ds/etc/afpd/appl.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[12 + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/appl.c:210:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char creator[ 4 ];
data/netatalk-3.1.12~ds/etc/afpd/appl.c:211:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char appltag[ 4 ];
data/netatalk-3.1.12~ds/etc/afpd/appl.c:251:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( tfd = open( tempfile, O_RDWR|O_CREAT, 0666 )) < 0 ) {
data/netatalk-3.1.12~ds/etc/afpd/appl.c:265:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, &mplen, sizeof( mplen ));
data/netatalk-3.1.12~ds/etc/afpd/appl.c:268:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, appltag, sizeof( appltag ));
data/netatalk-3.1.12~ds/etc/afpd/appl.c:299:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char creator[ 4 ];
data/netatalk-3.1.12~ds/etc/afpd/appl.c:336:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( tfd = open( tempfile, O_RDWR|O_CREAT, 0666 )) < 0 ) {
data/netatalk-3.1.12~ds/etc/afpd/appl.c:369:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char creator[ 4 ];
data/netatalk-3.1.12~ds/etc/afpd/appl.c:370:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char appltag[ 4 ];
data/netatalk-3.1.12~ds/etc/afpd/appl.c:441:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utomname[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/appl.c:476:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( q, p, len );
data/netatalk-3.1.12~ds/etc/afpd/appl.c:497:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &bitmap, sizeof( bitmap ));
data/netatalk-3.1.12~ds/etc/afpd/appl.c:499:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, appltag, sizeof( appltag ));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:86:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, afp_versions[ i ].av_name , len );
data/netatalk-3.1.12~ds/etc/afpd/auth.c:90:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start + AFPSTATUS_UAMSOFF, &status, sizeof(status));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:114:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, uams->uam_name, len );
data/netatalk-3.1.12~ds/etc/afpd/auth.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start + AFPSTATUS_ICONOFF, &status, sizeof(status));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:306:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, ibuf, 4); /* flag */
data/netatalk-3.1.12~ds/etc/afpd/auth.c:346:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &data, sizeof(data));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:369:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obj->sinfo.sessiontoken, &pid, sizeof(pid_t));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:458:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obj->sinfo.clientid, p, idlen + 8);
data/netatalk-3.1.12~ds/etc/afpd/auth.c:481:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &tp, sizeof(tklen));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:485:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, token, tklen);
data/netatalk-3.1.12~ds/etc/afpd/auth.c:526:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&token, ibuf, tklen);
data/netatalk-3.1.12~ds/etc/afpd/auth.c:825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[MACFILELEN + 1], *start = ibuf;
data/netatalk-3.1.12~ds/etc/afpd/auth.c:854:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, ibuf, len);
data/netatalk-3.1.12~ds/etc/afpd/auth.c:865:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, obj->username, len);
data/netatalk-3.1.12~ds/etc/afpd/auth.c:918:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, ibuf, sizeof(bitmap));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:926:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &id, sizeof(id));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:933:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &id, sizeof(id));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:942:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bitmapp, &bitmap, sizeof(bitmap));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:954:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, uuid, UUID_BINSIZE);
data/netatalk-3.1.12~ds/etc/afpd/auth.c:1003:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXPATHLEN + 1], buf[MAXPATHLEN + 1], *p, *last;
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved[22]; /* Unknown (at least for now...) */
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:73:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char packed_finder[ADEDLEN_FINDERI];
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[64]; /* Long name */
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8name[514]; /* UTF8 or UCS2 name */ /* for convert_charset dest_len parameter +2 */
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:251:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char convbuf[514]; /* for convert_charset dest_len parameter +2 */
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:453:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( *buf, &resultsize, sizeof(resultsize) );
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:532:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cwd = open(".", O_RDONLY)) < 0) {
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:712:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resbuf[DBD_MAX_SRCH_RSLTS * sizeof(cnid_t)];
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:719:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXPATHLEN +2];
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:762:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolvebuf[12 + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:766:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cnid, resbuf + cur_pos * sizeof(cnid_t), sizeof(cnid_t));
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:860:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmppath[256];
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:937:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c1.pdid, spec1, sizeof(pdid));
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:939:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c2.pdid, spec2, sizeof(pdid));
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:1008:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmppath, bspec1 + spec1[1] + 1, (bspec1 + spec1[1])[0]);
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:1016:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c2.lname, bspec2 + spec2[1] + 1, (bspec2 + spec2[1])[0]);
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:1035:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (c1.utf8name, spec1+2, namelen);
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:1059:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, catpos, sizeof(catpos));
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:1063:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &c1.fbitmap, sizeof(c1.fbitmap));
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:1067:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &c1.dbitmap, sizeof(c1.dbitmap));
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:1071:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &nrecs, sizeof(nrecs));
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wd[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modbuf[ 12 + 1], *m;
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wd[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modbuf[12 + 1], *m;
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:215:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmd_argv[4];
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:263:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &vid, sizeof(vid));
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:276:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *icon_dtfile(struct vol *vol, u_char creator[ 4 ])
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:296:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( si.sdt_fd = open( dtf, flags, ad_mode( dtf, mode ))) < 0 ) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:311:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( si.sdt_fd = open( dtf, flags, ad_mode( dtf, mode ))) < 0 ) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( si.sdt_creator, creator, sizeof( CreatorType ));
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:384:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, &itag, sizeof( itag ));
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:386:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, &ftype, sizeof( ftype ));
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:391:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, &bsize, sizeof( bsize ));
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:499:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fcreator[ 4 ], ih[ 12 ];
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:520:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ih, utag, sizeof( utag ));
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:521:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ih + sizeof( utag ), utype, sizeof( utype ));
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:524:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ih + sizeof( utag ) + sizeof( utype ) + 2, &usize,
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:526:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, ih, sizeof( ih ));
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:558:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, ih, sizeof( ih ));
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:599:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, uicon, bsize);
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:716:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:721:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( path, "/" APPLEDESKTOP "/" );
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:755:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char upath[ MAXPATHLEN + 2]; /* for convert_charset dest_len parameter +2 */
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:796:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mpath[ MAXPATHLEN + 2]; /* for convert_charset dest_len parameter +2 */
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:872:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ad_entry( adp, ADEID_COMMENT ), ibuf, clen );
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:950:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, ad_entry( adp, ADEID_COMMENT ), clen);
data/netatalk-3.1.12~ds/etc/afpd/desktop.h:40:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char CreatorType[4];
data/netatalk-3.1.12~ds/etc/afpd/dircache.c:623:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpnam[64];
data/netatalk-3.1.12~ds/etc/afpd/dircache.c:633:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpnam, "/tmp/dircache.%u", getpid());
data/netatalk-3.1.12~ds/etc/afpd/dircache.c:634:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dump = fopen(tmpnam, "w+")) == NULL) {
data/netatalk-3.1.12~ds/etc/afpd/directory.c:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/directory.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spath[MAXPATHLEN + 1], dpath[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/directory.c:306:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/directory.c:389:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->m_name, cfrombstr(dir->d_m_name), blength(dir->d_m_name) + 1); /* 3 */
data/netatalk-3.1.12~ds/etc/afpd/directory.c:394:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->u_name, cfrombstr(dir->d_u_name), blength(dir->d_u_name) + 1);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:410:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->m_name, cfrombstr(dir->d_m_name), blength(dir->d_m_name) + 1);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:415:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->u_name, cfrombstr(dir->d_u_name), blength(dir->d_u_name) + 1);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:555:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[12 + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1075:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1490:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1495:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &pdid, sizeof( pdid ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1504:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1510:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1517:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1523:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, ad_entry( &ad, ADEID_FINDERI ), 32 );
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1529:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + FINDERINFO_FRFLAGOFF, &ashort, sizeof(ashort));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1549:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &dir->d_did, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1566:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1572:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1578:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1603:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1610:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1622:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1625:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1630:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1650:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( l_nameoff, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1655:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( utf_nameoff, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1795:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( finder_buf, buf, 32 );
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1904:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fflags, finder_buf + FINDERINFO_FRFLAGOFF, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1906:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(finder_buf + FINDERINFO_FRFLAGOFF, &fflags, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1918:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ad_entry( &ad, ADEID_FINDERI ), finder_buf, 10 );
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1919:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ad_entry( &ad, ADEID_FINDERI ) + 14, finder_buf + 14, 18 );
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1921:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ad_entry( &ad, ADEID_FINDERI ), finder_buf, 32 );
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2127:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( -1 == (dfd = open(vol->ad_path(".", ADFLAGS_DIR), O_RDWR))) {
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2222:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &dir->d_did, sizeof( uint32_t ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2420:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &id, sizeof( id ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2423:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &id, sizeof( id ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2432:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &id, sizeof( id ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2435:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &id, sizeof( id ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2453:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &tp, sizeof(tp));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2462:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, name, len );
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2522:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &id, sizeof( id ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2535:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &id, sizeof( id ));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2634:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &curdir->d_did, sizeof(curdir->d_did));
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( sd->sd_last, de->d_name, len + 1 );
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:82:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( sd->sd_last, mname, lenm + 1 );
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:441:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &temp16, sizeof( temp16 ));
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:476:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &fbitmap, sizeof( fbitmap ));
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:479:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &dbitmap, sizeof( dbitmap ));
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &actcnt, sizeof( actcnt ));
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:51:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(bufp, "%02x ", *p++);
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emptyFinderInfo[32] = { 0 };
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attrnamebuf[ATTRNAMEBUFSIZ];
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &bitmap, sizeof(bitmap));
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &tmpattr, sizeof(tmpattr));
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:223:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, attrnamebuf, attrbuflen);
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:236:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char attrmname[256];
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attruname[256];
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:314:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &bitmap, sizeof(bitmap));
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attruname[256];
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attruname[256];
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:79:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char iobuf[MAXIOBUF];
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:143:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&udp_entry->addrinfo, p, sizeof(struct addrinfo));
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:144:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&udp_entry->sockaddr, p->ai_addr, sizeof(struct sockaddr_storage));
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, FCE_PACKET_MAGIC, 8);
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:230:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &uint32, sizeof(uint32));
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:238:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &uint64, sizeof(uint64));
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:247:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &uint16, sizeof(uint16));
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:250:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, user, strlen(user));
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:260:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &uint16, sizeof(uint16));
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:263:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, path, pathlen);
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:273:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &uint16, sizeof(uint16));
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:276:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, oldpath, pathlen);
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:579:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_ip[256] = {""};
data/netatalk-3.1.12~ds/etc/afpd/fce_api_internal.h:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fce_h_path[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/fce_api_internal.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/file.c:90:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, ad_finder, ADEDLEN_FINDERI);
data/netatalk-3.1.12~ds/etc/afpd/file.c:96:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, ufinderi, ADEDLEN_FINDERI);
data/netatalk-3.1.12~ds/etc/afpd/file.c:102:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)data + FINDERINFO_FRFLAGOFF, &ashort, sizeof(ashort));
data/netatalk-3.1.12~ds/etc/afpd/file.c:108:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&linkflag, (char *)data + FINDERINFO_FRFLAGOFF, 2);
data/netatalk-3.1.12~ds/etc/afpd/file.c:110:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)data + FINDERINFO_FRFLAGOFF, &linkflag, 2);
data/netatalk-3.1.12~ds/etc/afpd/file.c:111:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)data + FINDERINFO_FRTYPEOFF,"slnk",4);
data/netatalk-3.1.12~ds/etc/afpd/file.c:112:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)data + FINDERINFO_FRCREATOFF,"rhap",4);
data/netatalk-3.1.12~ds/etc/afpd/file.c:117:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, em->em_type, sizeof( em->em_type ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:118:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)data + 4, em->em_creator, sizeof(em->em_creator));
data/netatalk-3.1.12~ds/etc/afpd/file.c:161:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &utf8, sizeof(utf8));
data/netatalk-3.1.12~ds/etc/afpd/file.c:165:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &temp, sizeof(temp));
data/netatalk-3.1.12~ds/etc/afpd/file.c:169:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, src, aint );
data/netatalk-3.1.12~ds/etc/afpd/file.c:395:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:402:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &dir->d_did, sizeof( uint32_t ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:411:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:423:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( int ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:430:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( int ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:450:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &id, sizeof( id ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:461:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:478:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:495:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:500:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdType, ad_entry( adp, ADEID_FINDERI ), 4 );
data/netatalk-3.1.12~ds/etc/afpd/file.c:534:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:542:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:545:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:551:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:554:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:558:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &rlen, sizeof(rlen));
data/netatalk-3.1.12~ds/etc/afpd/file.c:567:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:570:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:580:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdType, ad_entry( adp, ADEID_FINDERI ), 4 );
data/netatalk-3.1.12~ds/etc/afpd/file.c:587:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:604:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(l_nameoff, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:609:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(utf_nameoff, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/file.c:860:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbuf[MAXPATHLEN+1];
data/netatalk-3.1.12~ds/etc/afpd/file.c:906:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = open(path->u_name, O_RDONLY)) == -1) {
data/netatalk-3.1.12~ds/etc/afpd/file.c:928:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(finder_buf, buf, 32 );
data/netatalk-3.1.12~ds/etc/afpd/file.c:1054:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(finder_buf, ufinderi, 8 );
data/netatalk-3.1.12~ds/etc/afpd/file.c:1056:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry( adp, ADEID_FINDERI ), finder_buf, 32 );
data/netatalk-3.1.12~ds/etc/afpd/file.c:1065:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry( adp, ADEID_FINDERI ), fdType, 4 );
data/netatalk-3.1.12~ds/etc/afpd/file.c:1066:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry( adp, ADEID_FINDERI ) + 4, "pdos", 4 );
data/netatalk-3.1.12~ds/etc/afpd/file.c:1703:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &id, sizeof(id));
data/netatalk-3.1.12~ds/etc/afpd/file.c:1709:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &id, sizeof(id));
data/netatalk-3.1.12~ds/etc/afpd/file.c:1790:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[12 + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/file.c:1882:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, ibuf, sizeof(bitmap));
data/netatalk-3.1.12~ds/etc/afpd/file.c:1898:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[12 + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/file.c:2029:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spath, temp[17], *p;
data/netatalk-3.1.12~ds/etc/afpd/file.c:2151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, APPLETEMP, sizeof(APPLETEMP));
data/netatalk-3.1.12~ds/etc/afpd/file.c:2153:15: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(temp)) == -1) {
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:125:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &fbitmap, sizeof( fbitmap ));
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:128:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rbuf, &dbitmap, sizeof( dbitmap ));
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:290:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cwd_fd = open(".", O_RDONLY)) == -1)
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:467:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldname, cfrombstr(sdir->d_m_name), blength(sdir->d_m_name) +1);
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:512:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1( pwd = open(".", O_RDONLY));
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:678:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pathbuf[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:764:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldname, cfrombstr(sdir->d_m_name), blength(sdir->d_m_name) + 1);
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:768:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sdir_fd = open(".", O_RDONLY)) == -1)
data/netatalk-3.1.12~ds/etc/afpd/fork.c:122:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/etc/afpd/fork.c:128:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/etc/afpd/fork.c:442:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &bitmap, sizeof( uint16_t ));
data/netatalk-3.1.12~ds/etc/afpd/fork.c:454:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &ofrefnum, sizeof(ofrefnum));
data/netatalk-3.1.12~ds/etc/afpd/fork.c:479:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &ofrefnum, sizeof(ofrefnum));
data/netatalk-3.1.12~ds/etc/afpd/fork.c:498:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &ofrefnum, sizeof(ofrefnum));
data/netatalk-3.1.12~ds/etc/afpd/fork.c:1344:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &bitmap, sizeof( bitmap ));
data/netatalk-3.1.12~ds/etc/afpd/hash.c:908:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char input_t[256];
data/netatalk-3.1.12~ds/etc/afpd/hash.c:942:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, str, sz);
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[MAXPATHLEN +2]; /* for convert_charset dest_len parameter +2 */
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_EXT_LENGTH + 2]; /* for convert_charset dest_len parameter +2 */
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:140:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[12 + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:246:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mfilename[MAXPATHLEN]; /* way > maxlen */
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mangle_suffix[MANGLE_LENGTH + 1];
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[MAX_EXT_LENGTH +2]; /* for convert_charset dest_len parameter +2 */
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:266:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
k = sprintf(mangle_suffix, "%c%X", MANGLE_CHAR, ntohl(id));
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:279:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(m, "???");
data/netatalk-3.1.12~ds/etc/afpd/messages.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char servermesg[MAXPATHLEN] = "";
data/netatalk-3.1.12~ds/etc/afpd/messages.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char localized_message[MAXPATHLEN] = "";
data/netatalk-3.1.12~ds/etc/afpd/messages.c:70:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
message=fopen(filename, "r");
data/netatalk-3.1.12~ds/etc/afpd/messages.c:74:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
message=fopen(filename, "r");
data/netatalk-3.1.12~ds/etc/afpd/messages.c:153:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &type, sizeof(type));
data/netatalk-3.1.12~ds/etc/afpd/messages.c:156:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &bitmap, sizeof(bitmap));
data/netatalk-3.1.12~ds/etc/afpd/messages.c:169:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf+((utf8)?2:1), message, msglen); /*FIXME*/
data/netatalk-3.1.12~ds/etc/afpd/messages.c:174:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf+((utf8)?2:1), localized_message, outlen);
data/netatalk-3.1.12~ds/etc/afpd/messages.c:181:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &msgsize, sizeof(msgsize));
data/netatalk-3.1.12~ds/etc/afpd/nfsquota.c:84:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&server_addr.sin_addr, hp->h_addr, hp->h_length);
data/netatalk-3.1.12~ds/etc/afpd/ofork.c:272:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pathname[ MAXPATHLEN + 1] = "../";
data/netatalk-3.1.12~ds/etc/afpd/quota.c:200:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024]; /* Just temporary buffer */
data/netatalk-3.1.12~ds/etc/afpd/quota.c:224:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((qf = fopen("/proc/fs/quota", "r"))) {
data/netatalk-3.1.12~ds/etc/afpd/quota.c:378:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( mtab = fopen( "/etc/mnttab", "r" )) == NULL ) {
data/netatalk-3.1.12~ds/etc/afpd/quota.c:619:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/quota.c:636:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( vol->v_qfd = open( buf, O_RDONLY, 0 )) < 0 ) {
data/netatalk-3.1.12~ds/etc/afpd/quota.c:663:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathstring[MNAMELEN];
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestring[256];
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:137:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i, dd->dd_talloc_array[n], sizeof(uint64_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:164:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bl, dd->dd_talloc_array[n], sizeof(sl_bool_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:182:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, dd->dd_talloc_array[n], sizeof(sl_time_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:197:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cnids, dd->dd_talloc_array[n], sizeof(sl_cnids_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:260:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cnids[i], p->dd_talloc_array[i], sizeof(uint64_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:804:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid.sl_uuid, v->v_uuid, 16);
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:831:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slq_host[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:1064:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uint64, cnids->ca_cnids->dd_talloc_array[0], sizeof(uint64_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:1074:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[12 + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:1114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uint64, cnids->ca_cnids->dd_talloc_array[0], sizeof(uint64_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:1124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[12 + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:1179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[12 + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:1206:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uint64, cnids->ca_cnids->dd_talloc_array[0], sizeof(uint64_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:212:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + offset + 8, uuid, 16);
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:244:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&id, cnids->ca_cnids->dd_talloc_array[i], sizeof(uint64_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:372:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i, query->dd_talloc_array[n], sizeof(uint64_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:378:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bl, query->dd_talloc_array[n], sizeof(sl_bool_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:382:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, query->dd_talloc_array[n], sizeof(double));
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:388:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, query->dd_talloc_array[n], sizeof(sl_time_t));
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:467:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid.sl_uuid, buf + offset, 16);
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:768:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toc_buf[MAX_SLQ_TOC];
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:772:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "432130dm", 8);
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:780:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 16 + len, toc_buf, (toc_index + 1 ) * 8);
data/netatalk-3.1.12~ds/etc/afpd/status.c:92:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + AFPSTATUS_FLAGOFF, &status, sizeof(status));
data/netatalk-3.1.12~ds/etc/afpd/status.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/netatalk-3.1.12~ds/etc/afpd/status.c:113:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, Obj, len );
data/netatalk-3.1.12~ds/etc/afpd/status.c:117:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, buf, len );
data/netatalk-3.1.12~ds/etc/afpd/status.c:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start + AFPSTATUS_MACHOFF, &status, sizeof(status));
data/netatalk-3.1.12~ds/etc/afpd/status.c:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[AFPSTATUS_MACHLEN+1];
data/netatalk-3.1.12~ds/etc/afpd/status.c:172:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, buf, len );
data/netatalk-3.1.12~ds/etc/afpd/status.c:176:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start + AFPSTATUS_VERSOFF, &status, sizeof(status));
data/netatalk-3.1.12~ds/etc/afpd/status.c:196:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, options->signature, 16);
data/netatalk-3.1.12~ds/etc/afpd/status.c:202:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(status + *servoffset, &offset, sizeof(offset));
data/netatalk-3.1.12~ds/etc/afpd/status.c:241:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &inaddr->sin_addr.s_addr,
data/netatalk-3.1.12~ds/etc/afpd/status.c:249:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &inaddr->sin_addr.s_addr,
data/netatalk-3.1.12~ds/etc/afpd/status.c:252:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &inaddr->sin_port, sizeof(inaddr->sin_port));
data/netatalk-3.1.12~ds/etc/afpd/status.c:261:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &sa6->sin6_addr.s6_addr, sizeof(sa6->sin6_addr.s6_addr));
data/netatalk-3.1.12~ds/etc/afpd/status.c:268:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &sa6->sin6_addr.s6_addr, sizeof(sa6->sin6_addr.s6_addr));
data/netatalk-3.1.12~ds/etc/afpd/status.c:270:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &sa6->sin6_port, sizeof(sa6->sin6_port));
data/netatalk-3.1.12~ds/etc/afpd/status.c:284:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, options->fqdn, len);
data/netatalk-3.1.12~ds/etc/afpd/status.c:299:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, options->fqdn, len);
data/netatalk-3.1.12~ds/etc/afpd/status.c:308:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(begin + *servoffset, &offset, sizeof(offset));
data/netatalk-3.1.12~ds/etc/afpd/status.c:337:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, options->k5principal, options->k5principal_buflen);
data/netatalk-3.1.12~ds/etc/afpd/status.c:344:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(begin + *diroffset, &offset, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/afpd/status.c:378:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, &namelen, sizeof(namelen));
data/netatalk-3.1.12~ds/etc/afpd/status.c:382:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(begin + *nameoffset, &offset, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/afpd/status.c:404:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( data, icondata, iconlen);
data/netatalk-3.1.12~ds/etc/afpd/status.c:411:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sigdata, &ret, sizeof(ret));
data/netatalk-3.1.12~ds/etc/afpd/status.c:500:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], *p;
data/netatalk-3.1.12~ds/etc/afpd/status.c:525:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(options->signature, options->signatureopt, len);
data/netatalk-3.1.12~ds/etc/afpd/status.c:532:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(options->sigconffile, "r")) != NULL) { /* read open? */
data/netatalk-3.1.12~ds/etc/afpd/status.c:652:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, obj->dsi->status, obj->dsi->statuslen);
data/netatalk-3.1.12~ds/etc/afpd/uam.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN + 1], *p;
data/netatalk-3.1.12~ds/etc/afpd/uam.c:202:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char username[256];
data/netatalk-3.1.12~ds/etc/afpd/uam.c:203:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char user[256];
data/netatalk-3.1.12~ds/etc/afpd/uam.c:204:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pwname[256];
data/netatalk-3.1.12~ds/etc/afpd/uam.c:305:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/urandom", O_RDONLY)) < 0) {
data/netatalk-3.1.12~ds/etc/afpd/uam.c:315:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + i, &result, sizeof(result));
data/netatalk-3.1.12~ds/etc/afpd/uam.c:395:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hbuf[NI_MAXHOST];
data/netatalk-3.1.12~ds/etc/afpd/volume.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/netatalk-3.1.12~ds/etc/afpd/volume.c:78:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NULL_LOGSTR( file = fopen(path, "r"),
data/netatalk-3.1.12~ds/etc/afpd/volume.c:334:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry( &ad, ADEID_NAME ), slash,
data/netatalk-3.1.12~ds/etc/afpd/volume.c:406:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:412:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:418:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:427:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:434:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( aint ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:439:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &vol->v_vid, sizeof( vol->v_vid ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:445:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &bfree, sizeof( bfree ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:451:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &btotal, sizeof( btotal ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:458:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &xbfree, sizeof( xbfree ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:464:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &xbtotal, sizeof( xbtotal ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:476:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &bsize, sizeof(bsize));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:491:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nameoff, &ashort, sizeof( ashort ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:531:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &bitmap, sizeof( bitmap ));
data/netatalk-3.1.12~ds/etc/afpd/volume.c:591:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, namebuf, len );
data/netatalk-3.1.12~ds/etc/afpd/volume.c:606:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &aint, sizeof( uint32_t));
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd.c:120:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char logbuffer[1024];
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd.c:197:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cdir = open(".", O_RDONLY)) < 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwdbuf[MAXPATHLEN+1];
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stamp[CNID_DEV_LEN];
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:66:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pname[MAXPATHLEN] = "../";
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:73:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mpath[ MAXPATHLEN + 2]; /* for convert_charset dest_len parameter +2 */
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eaname[MAXPATHLEN];
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:776:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (cwd = open(".", O_RDONLY))) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/cnid_metad.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[8];
data/netatalk-3.1.12~ds/etc/cnid_dbd/cnid_metad.c:176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[8];
data/netatalk-3.1.12~ds/etc/cnid_dbd/cnid_metad.c:270:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1, "%i", sv[1]);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cnid_metad.c:271:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%i", rqstfd);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cnid_metad.c:313:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmd_argv[4];
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char key[MAXKEYLEN + 1];
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:98:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char val[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:99:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pfn[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:110:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(pfn, "r")) == NULL) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.h:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usock_file[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_add.c:39:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.data, &rply->cnid, sizeof(rply->cnid));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_add.c:76:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[ROOTINFO_DATALEN];
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_add.c:94:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, (char *)rootinfo_data.data, ROOTINFO_DATALEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_add.c:128:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CNID_TYPE_OFS, &hint, sizeof(hint));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_get.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start[CNID_DID_LEN + MAXPATHLEN + 1], *buf;
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_get.c:39:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &rqst->did, sizeof(rqst->did));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_get.c:41:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, rqst->name, rqst->namelen);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_lookup.c:170:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&id_devino, devdata.data, sizeof(rply->cnid));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_lookup.c:188:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&id_didname, diddata.data, sizeof(rply->cnid));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_rebuild_add.c:41:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.data, &rqst->cnid, sizeof(cnid_t));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_rebuild_add.c:65:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, (char *) data.data + CNID_TYPE_OFS, sizeof(cnid_t));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_rebuild_add.c:71:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) data.data + CNID_TYPE_OFS, &rqst->cnid, sizeof(cnid_t));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_resolve.c:51:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rply->did, (char *) data.data + CNID_DID_OFS, sizeof(cnid_t));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_search.c:25:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resbuf[DBD_MAX_SRCH_RSLTS * sizeof(cnid_t)];
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbd_update.c:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.data, &rqst->cnid, sizeof(rqst->cnid));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:46:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cwd = open(".", O_RDONLY)) < 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:65:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &st.st_ctime, sizeof(st.st_ctime));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ROOTINFO_DATALEN];
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ROOTINFO_DATA, ROOTINFO_DATALEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CNID_TYPE_OFS, &uint32, sizeof(uint32));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CNID_DID_OFS, &uint32, sizeof(uint32));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:148:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(version, (char *)data.data + CNID_DID_OFS, sizeof(uint32_t));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)data.data + CNID_DID_OFS, &v, sizeof(v));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:250:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cwd = open(".", O_RDONLY)) < 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:262:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dbd->db_errlog = fopen(DB_ERRLOGFILE, "a")) == NULL)
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:294:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cwd = open(".", O_RDONLY)) < 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:410:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ret = dbd->db_env->open(dbd->db_env, dbd->db_envhome, dbenv_oflags | DB_PRIVATE, 0))) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:467:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ret = dbd->db_env->open(dbd->db_env, dbd->db_envhome, dbenv_oflags, 0))) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:520:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cwd = open(".", O_RDONLY)) < 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:587:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dbd->db_table[i].db->open(dbd->db_table[i].db,
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:744:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ret = dbd->db_env->open(dbd->db_env,
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:940:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cnids, pkey.data, sizeof(cnid_t));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:941:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cnid, pkey.data, sizeof(cnid_t));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *typestring[2] = {"f", "d"};
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[64];
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1127:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cnid, key.data, 4);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1134:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stamp, (char *)data.data + CNID_DEV_OFS, sizeof(time_t));
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1135:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lastid, (char *)data.data + CNID_TYPE_OFS, CNID_TYPE_LEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1137:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&version, (char *)data.data + CNID_DID_OFS, CNID_DID_LEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1145:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dev, (char *)data.data + CNID_DEV_OFS, 8);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1148:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ino, (char *)data.data + CNID_INO_OFS, 8);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1151:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&type, (char *)data.data + CNID_TYPE_OFS, 4);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1154:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&did, (char *)data.data + CNID_DID_OFS, 4);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1197:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cnid, data.data, CNID_LEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1203:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dev, key.data, CNID_DEV_LEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1206:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ino, (char *)key.data + CNID_DEV_LEN, CNID_INO_LEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1242:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cnid, data.data, CNID_LEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1248:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&did, key.data, CNID_LEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/dbif.c:1309:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cnid, key.data, sizeof(cnid_t));
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockpath[PATH_MAX];
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:138:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((lockfd = open(lockpath, O_RDWR | O_CREAT, 0644)) < 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:219:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1( cwd = open(".", O_RDONLY) );
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[64];
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:294:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char namebuf[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:510:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clntfd = atoi(optarg);
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:513:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctrlfd = atoi(optarg);
data/netatalk-3.1.12~ds/etc/cnid_dbd/pack.c:79:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[MAXPATHLEN +2];
data/netatalk-3.1.12~ds/etc/cnid_dbd/pack.c:110:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char start[CNID_HEADER_LEN + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/cnid_dbd/pack.c:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &i, sizeof(i));
data/netatalk-3.1.12~ds/etc/cnid_dbd/pack.c:122:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buf = memcpy(buf, &rqst->did, sizeof(rqst->did));
data/netatalk-3.1.12~ds/etc/cnid_dbd/pack.c:124:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buf = memcpy(buf, rqst->name, rqst->namelen);
data/netatalk-3.1.12~ds/etc/netatalk/afp_avahi.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXINSTANCENAMELEN+1];
data/netatalk-3.1.12~ds/etc/netatalk/afp_avahi.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[256];
data/netatalk-3.1.12~ds/etc/netatalk/afp_avahi.c:92:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(ctx->obj->options.port);
data/netatalk-3.1.12~ds/etc/netatalk/afp_mdns.c:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXINSTANCENAMELEN+1];
data/netatalk-3.1.12~ds/etc/netatalk/afp_mdns.c:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[256];
data/netatalk-3.1.12~ds/etc/netatalk/afp_mdns.c:213:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(obj->options.port);
data/netatalk-3.1.12~ds/etc/netatalk/netatalk.c:311:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myargv[MYARVSIZE];
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_pam.c:276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &uint16, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_pam.c:292:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &uint16, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_pam.c:359:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, ibuf, len );
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_pam.c:398:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, uname +2, len );
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_pam.c:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serverNonce_bin[16];
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_pam.c:501:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &uint16, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_pam.c:508:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf+16, serverNonce_bin, 16);
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_pam.c:732:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&retID, ibuf, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_passwd.c:213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &uint16, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_passwd.c:228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &uint16, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_passwd.c:295:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, ibuf, len );
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_passwd.c:334:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, uname +2, len );
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_passwd.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serverNonce_bin[16];
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_passwd.c:442:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &uint16, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_passwd.c:449:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf+16, serverNonce_bin, 16);
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_passwd.c:593:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&retID, ibuf, sizeof(uint16_t));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_pam.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_pam.c:278:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &sessid, sizeof(sessid));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_pam.c:298:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &randbuf, sizeof(randbuf));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_pam.c:311:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf + KEYSIZE, buf, KEYSIZE);
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_pam.c:375:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, ibuf, len );
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_pam.c:415:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, uname +2, len );
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_passwd.c:167:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &sessid, sizeof(sessid));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_passwd.c:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &randbuf, sizeof(randbuf));
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_passwd.c:192:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf + KEYSIZE, name, KEYSIZE);
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_passwd.c:233:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, ibuf, len );
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_passwd.c:274:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, uname +2, len );
data/netatalk-3.1.12~ds/etc/uams/uams_dhx_passwd.c:341:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256];
data/netatalk-3.1.12~ds/etc/uams/uams_gss.c:228:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sinfo->cryptedkey, wrap_buff.value, wrap_buff.length);
data/netatalk-3.1.12~ds/etc/uams/uams_gss.c:320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &auth_len, sizeof(auth_len));
data/netatalk-3.1.12~ds/etc/uams/uams_gss.c:325:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, authenticator_buff.value, authenticator_buff.length);
data/netatalk-3.1.12~ds/etc/uams/uams_gss.c:354:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &temp16, sizeof(temp16));
data/netatalk-3.1.12~ds/etc/uams/uams_gss.c:607:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char principal[255];
data/netatalk-3.1.12~ds/etc/uams/uams_guest.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, p, MIN( UAM_USERNAMELEN, q - p ));
data/netatalk-3.1.12~ds/etc/uams/uams_pam.c:228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, ibuf, len );
data/netatalk-3.1.12~ds/etc/uams/uams_pam.c:261:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, uname +2, len );
data/netatalk-3.1.12~ds/etc/uams/uams_pam.c:279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pw[PASSWDLEN + 1];
data/netatalk-3.1.12~ds/etc/uams/uams_pam.c:285:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pw, ibuf, PASSWDLEN);
data/netatalk-3.1.12~ds/etc/uams/uams_pam.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[PASSWDLEN + 1] = "\0";
data/netatalk-3.1.12~ds/etc/uams/uams_pam.c:369:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, p, MIN(UAM_USERNAMELEN, q - p) );
data/netatalk-3.1.12~ds/etc/uams/uams_pam.c:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(password, p, MIN(PASSWDLEN, (q - p)) );
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256];
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:157:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, ibuf, len );
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, uname +2, len );
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pw[PASSWDLEN + 1], *p;
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:220:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pw, ibuf, PASSWDLEN);
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[PASSWDLEN + 1] = "\0";
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:287:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, p, MIN( UAM_USERNAMELEN, q - p ));
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:296:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(password, p, MIN(PASSWDLEN, q - p) );
data/netatalk-3.1.12~ds/etc/uams/uams_pgp.c:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, ibuf, len );
data/netatalk-3.1.12~ds/etc/uams/uams_pgp.c:99:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf + KEYSIZE, name, KEYSIZE);
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:56:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fd = open(path, (set) ? O_WRONLY : O_RDONLY)) < 0 ) {
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN + 1], *p;
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:133:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(path, (set) ? "r+" : "r")) == NULL) {
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:141:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ".key");
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:142:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keyfd = open(buf, O_RDONLY);
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:209:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, key, sizeof(key));
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:225:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(passwd, p, len);
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:314:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &sessid, sizeof(sessid));
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:319:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, randbuf, sizeof(randbuf));
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:494:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, ibuf, len );
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:529:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, uname +2, len );
data/netatalk-3.1.12~ds/include/atalk/adouble.h:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ad_filler[16];
data/netatalk-3.1.12~ds/include/atalk/adouble.h:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ad_data[AD_DATASZ_MAX];
data/netatalk-3.1.12~ds/include/atalk/byteorder.h:110:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define CVAL(buf,pos) ((unsigned)(((const unsigned char *)(buf))[pos]))
data/netatalk-3.1.12~ds/include/atalk/byteorder.h:111:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define CVAL_NC(buf,pos) (((unsigned char *)(buf))[pos]) /* Non-const version of CVAL */
data/netatalk-3.1.12~ds/include/atalk/cnid_bdb_private.h:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stamp[ADEDLEN_PRIVSYN]; /* db timestamp */
data/netatalk-3.1.12~ds/include/atalk/dsi.h:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[1400];
data/netatalk-3.1.12~ds/include/atalk/fce_api.h:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fcep_magic[8];
data/netatalk-3.1.12~ds/include/atalk/fce_api.h:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fcep_user[MAXPATHLEN];
data/netatalk-3.1.12~ds/include/atalk/fce_api.h:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fcep_path1[MAXPATHLEN];
data/netatalk-3.1.12~ds/include/atalk/fce_api.h:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fcep_path2[MAXPATHLEN];
data/netatalk-3.1.12~ds/include/atalk/globals.h:111:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signature[16];
data/netatalk-3.1.12~ds/include/atalk/globals.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[MAXUSERLEN];
data/netatalk-3.1.12~ds/include/atalk/globals.h:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldtmp[AFPOBJ_TMPSIZ + 1], newtmp[AFPOBJ_TMPSIZ + 1];
data/netatalk-3.1.12~ds/include/atalk/logger.h:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char processname[16];
data/netatalk-3.1.12~ds/include/atalk/spotlight.h:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sl_uuid[16];
data/netatalk-3.1.12~ds/include/atalk/uuid.h:21:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char atalk_uuid_t[UUID_BINSIZE];
data/netatalk-3.1.12~ds/include/atalk/volume.h:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char em_creator[4];
data/netatalk-3.1.12~ds/include/atalk/volume.h:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char em_type[4];
data/netatalk-3.1.12~ds/include/atalk/volume.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v_stamp[ADEDLEN_PRIVSYN];
data/netatalk-3.1.12~ds/libatalk/acl/cache.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[200];
data/netatalk-3.1.12~ds/libatalk/acl/cache.c:156:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, inuuid, UUID_BINSIZE);
data/netatalk-3.1.12~ds/libatalk/acl/cache.c:238:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, entry->uuid, UUID_BINSIZE);
data/netatalk-3.1.12~ds/libatalk/acl/cache.c:328:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, inuuid, UUID_BINSIZE);
data/netatalk-3.1.12~ds/libatalk/acl/ldap.c:227:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*result, attribute_values[0]->bv_val, attribute_values[0]->bv_len + 1);
data/netatalk-3.1.12~ds/libatalk/acl/ldap.c:279:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filter[MAX_FILTER_SIZE];
data/netatalk-3.1.12~ds/libatalk/acl/ldap.c:280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stripped[MAX_FILTER_SIZE];
data/netatalk-3.1.12~ds/libatalk/acl/ldap.c:283:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ldap_bytes[LDAP_BIN_UUID_LEN];
data/netatalk-3.1.12~ds/libatalk/acl/ldap.c:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter[256]; /* this should really be enough. we don't want to malloc everything! */
data/netatalk-3.1.12~ds/libatalk/acl/ldap_config.c:37:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free(*((char **)(ldap_prefs[i].pref)));
data/netatalk-3.1.12~ds/libatalk/acl/ldap_config.c:38:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*((char **)(ldap_prefs[i].pref)) = NULL;
data/netatalk-3.1.12~ds/libatalk/acl/ldap_config.c:59:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *)(ldap_prefs[i].pref)) = atoi(val);
data/netatalk-3.1.12~ds/libatalk/acl/ldap_config.c:62:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*((const char **)(ldap_prefs[i].pref)) = strdup(val);
data/netatalk-3.1.12~ds/libatalk/acl/unix.c:109:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_aces[i], &aces1[i], sizeof(ace_t));
data/netatalk-3.1.12~ds/libatalk/acl/unix.c:117:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_aces[j], &aces2[i], sizeof(ace_t));
data/netatalk-3.1.12~ds/libatalk/acl/unix.c:152:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_aces[j], &aces[i], sizeof(ace_t));
data/netatalk-3.1.12~ds/libatalk/acl/unix.c:191:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_aces[j], &aces[i], sizeof(ace_t));
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:58:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, local_group_uuid, 12);
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:62:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, local_user_uuid, 12);
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 12, &tmp, 4);
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:111:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char uuidstring[64];
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:128:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(uuidstring + i, "%02X", c);
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nulluuid[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0};
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:187:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, nulluuid, 16);
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:200:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, nulluuid, 16);
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:253:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, uuidp + 12, sizeof(uint32_t));
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:271:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, uuidp + 12, sizeof(uint32_t));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:25:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr, ad_entry(ad, ADEID_AFPFILEI) + AFPFILEIOFF_ATTR, 2);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:28:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fflags, ad_entry(ad, ADEID_FINDERI) + FINDERINFO_FRFLAGOFF, 2);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:64:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry(ad, ADEID_AFPFILEI) + AFPFILEIOFF_ATTR, &attr, sizeof(attr));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:67:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fflags, ad_entry(ad, ADEID_FINDERI) + FINDERINFO_FRFLAGOFF, 2);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:80:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry(ad, ADEID_FINDERI) + FINDERINFO_FRFLAGOFF, &fflags, 2);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:98:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry( adp, ADEID_PRIVID ), &tmp, sizeof(tmp));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:104:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry( adp, ADEID_PRIVDEV ), &dev, sizeof(dev_t));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry( adp, ADEID_PRIVINO ), &ino, sizeof(ino_t));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry( adp, ADEID_DID ), &did, sizeof(did));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry( adp, ADEID_PRIVSYN ), stamp, ADEDLEN_PRIVSYN);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:129:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dev, ad_entry(adp, ADEID_PRIVDEV), sizeof(dev_t));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:130:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ino, ad_entry(adp, ADEID_PRIVINO), sizeof(ino_t));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:131:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a_did, ad_entry(adp, ADEID_DID), sizeof(cnid_t));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:172:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry( ad, ADEID_NAME ), path, len);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_conv.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char emptyfilad[32] = {0,0,0,0,0,0,0,0,
data/netatalk-3.1.12~ds/libatalk/adouble/ad_conv.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char emptydirad[32] = {0,0,0,0,0,0,0,0,
data/netatalk-3.1.12~ds/libatalk/adouble/ad_conv.c:210:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXPATHLEN];
data/netatalk-3.1.12~ds/libatalk/adouble/ad_date.c:23:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry(ad, ADEID_FILEDATESI) + dateoff, &date, sizeof(date));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_date.c:39:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(date, ad_entry(ad, ADEID_FILEDATESI) + dateoff, sizeof(uint32_t));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:69:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:73:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:84:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:88:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:92:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:97:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nentp, &nent, sizeof( nent ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:129:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:133:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:137:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:142:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nentp, &nent, sizeof( nent ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:165:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, AD_FILLER_NETATALK, strlen(AD_FILLER_NETATALK));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:172:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &nent, sizeof( nent ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:185:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(adbuf + ADEDOFF_FINDERI_OSX, ad_entry(ad, ADEID_FINDERI), ADEDLEN_FINDERI);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:192:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:196:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &temp, sizeof( temp ));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:230:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ad_entry( add, eid ), ad_entry( ads, eid ), len );
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:238:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&id, ad_entry(add, ADEID_PRIVID), sizeof(cnid_t));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:240:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry(add, ADEID_PRIVID), &id, sizeof(cnid_t));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:288:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1_LOG( cwd = open(".", O_RDONLY) );
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:345:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adbuf[AD_DATASZ_OSX];
data/netatalk-3.1.12~ds/libatalk/adouble/ad_lock.c:128:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lock, lock + ad->adf_lockcount - i, sizeof(adf_lock_t));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_lock.c:313:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[LTYPE2STRBUFSIZ];
data/netatalk-3.1.12~ds/libatalk/adouble/ad_lock.c:455:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&adflock->lock, &lock, sizeof(lock));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_lock.c:480:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&adflock->lock, &lock, sizeof(lock));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:175:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[ADFLAGS2LOGSTRBUFSIZ];
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:263:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[OPENFLAGS2LOGSTRBUFSIZ];
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:370:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry(ad, ADEID_FINDERI) + FINDERINFO_FRTYPEOFF,"\0\0\0\0", 4);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:371:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry(ad, ADEID_FINDERI) + FINDERINFO_FRCREATOFF,"\0\0\0\0", 4);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:381:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry(ad, ADEID_FINDERI) + FINDERINFO_FRFLAGOFF, &ashort, sizeof(ashort));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:533:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1( fd = open(path, O_RDONLY) );
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:631:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ad_entry(&adea, ADEID_FINDERI),
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1017:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ad->ad_data_fork.adf_fd = open(path, oflags, admode);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1027:52: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1( ad->ad_data_fork.adf_fd = open(path, oflags, admode) );
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1101:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ad_meta_fileno(ad) = open(ad_p, nocreatflags);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1113:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1( ad_meta_fileno(ad) = open(ad_p, nocreatflags) );
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1142:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1( ad_meta_fileno(ad) = open(ad_p, oflags, admode) );
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1231:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1(ad_meta_fileno(ad) = open(path, oflags));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1438:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ad_reso_fileno(ad) = open(rfpath, oflags)) == -1) {
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1450:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ad_reso_fileno(ad) = open(rfpath, oflags)) == -1) {
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1463:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1_LOG( ad_reso_fileno(ad) = open(rfpath, oflags, mode) );
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1571:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pathbuf[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, *slash, buf[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1606:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pathbuf[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1624:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pathbuf, path, l);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1643:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char modebuf[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1659:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( modebuf, path, len );
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:1955:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((cwdfd = open(".", O_RDONLY)) == -1) || (fchdir(dirfd) != 0)) {
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:2039:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((cwdfd = open(".", O_RDONLY)) == -1) || (fchdir(dirfd) != 0))
data/netatalk-3.1.12~ds/libatalk/adouble/ad_read.c:76:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ad->ad_data_fork.adf_syml, cc);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_write.c:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixedbuf[8192];
data/netatalk-3.1.12~ds/libatalk/bstring/bstradd.c:48:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bstr__memcpy(d,s,l) memcpy ((d), (s), (l))
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:42:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bstr__memcpy(d,s,l) memcpy ((d), (s), (l))
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:705:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (b0->data[i] != ((const unsigned char *) blk)[i]) {
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:707:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
downcase (((const unsigned char *) blk)[i])) return 0;
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:816:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (b0->data[i] != ((const unsigned char *) blk)[i]) return BSTR_OK;
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:1285:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct charField { unsigned char content[CFCLEN]; };
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:47:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char start[CNID_HEADER_LEN + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:59:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &i, sizeof(i));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &did, sizeof(did));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, name, len);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:81:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,&t, sizeof(time_t));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ROOTINFO_DATALEN];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stamp[CNID_DEV_LEN];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ROOTINFO_DATA, ROOTINFO_DATALEN);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:136:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)rootinfo_data.data +CNID_TYPE_OFS, &hint, sizeof(hint));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:141:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)rootinfo_data.data +CNID_DEV_OFS, stamp, sizeof(stamp));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:206:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.data, &hint, sizeof(hint));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_add.c:284:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, (char*)data.data + CNID_DEV_OFS, len);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_get.c:11:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start[CNID_DID_LEN + MAXPATHLEN + 1], *buf;
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_get.c:25:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &did, sizeof(did));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_get.c:27:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, name, len);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_lookup.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[CNID_DEV_LEN];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_lookup.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ino[CNID_INO_LEN];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_lookup.c:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev, buf + CNID_DEV_OFS, CNID_DEV_LEN);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_lookup.c:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ino, buf + CNID_INO_OFS, CNID_INO_LEN);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_lookup.c:61:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&id_devino, devdata.data, sizeof(cnid_t));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_lookup.c:79:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&id_didname, diddata.data, sizeof(cnid_t));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:106:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return p->open(p, NULL, f, d, t, flags, mode);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:108:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return p->open(p, f, d, t, flags, mode);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:242:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rc = db->dbenv->open(db->dbenv, path, DBOPTIONS, 0666 & ~vol->v_umask)) != 0) {
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:255:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rc = db->dbenv->open(db->dbenv, path, DB_INIT_MPOOL, 0666 & ~vol->v_umask)) != 0) {
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:258:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rc = db->dbenv->open(db->dbenv, path, 0, 0666 & ~vol->v_umask)) != 0) {
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_private.h:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[50];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_private.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock_file[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_rebuild_add.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ROOTINFO_DATALEN];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_rebuild_add.c:36:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, (char *)rootinfo_data.data, ROOTINFO_DATALEN);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_rebuild_add.c:41:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ROOTINFO_DATA, ROOTINFO_DATALEN);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_rebuild_add.c:44:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CNID_DEV_OFS, &t, sizeof(time_t));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_rebuild_add.c:46:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CNID_TYPE_OFS, &id, sizeof(id));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_rebuild_add.c:59:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + CNID_TYPE_OFS, &hint, sizeof(hint));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_rebuild_add.c:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.data, &hint, sizeof(hint));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_resolve.c:41:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(id, (char *)data.data +CNID_DID_OFS, sizeof(cnid_t));
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_update.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getbuf[CNID_HEADER_LEN + MAXPATHLEN +1];
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_update.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.data, &id, sizeof(id));
data/netatalk-3.1.12~ds/libatalk/cnid/cnid.c:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAXPATHLEN];
data/netatalk-3.1.12~ds/libatalk/cnid/cnid.c:269:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &t, sizeof(time_t));
data/netatalk-3.1.12~ds/libatalk/cnid/dbd/cnid_dbd.c:517:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stamp[ADEDLEN_PRIVSYN];
data/netatalk-3.1.12~ds/libatalk/cnid/dbd/cnid_dbd.c:530:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db->client_stamp, stamp, ADEDLEN_PRIVSYN);
data/netatalk-3.1.12~ds/libatalk/cnid/dbd/cnid_dbd.c:531:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db->stamp, stamp, ADEDLEN_PRIVSYN);
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stmt_param_name[MAXPATHLEN];
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lookup_result_name[MAXPATHLEN];
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:646:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = htonl(atoi(row[0]));
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:683:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*id = htonl(atoi(row[0]));
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:735:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, row[0], len);
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:820:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stripped[33];
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:873:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stamp[8];
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:875:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stamp, &now, sizeof(time_t));
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:876:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blob[16+1];
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:909:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int depleted = atoi(row[0]);
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_add.c:44:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char start[CNID_HEADER_LEN + MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_add.c:56:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &i, sizeof(i));
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_add.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &did, sizeof(did));
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_add.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, name, len);
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_add.c:122:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hint, data.dptr, sizeof(cnid_t));
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_add.c:197:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.dptr, &hint, sizeof(hint));
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_get.c:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char start[CNID_DID_LEN + MAXPATHLEN + 1], *buf;
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_get.c:25:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &did, sizeof(did));
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_get.c:27:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, name, len);
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_lookup.c:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[CNID_DEV_LEN];
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_lookup.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ino[CNID_INO_LEN];
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_lookup.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev, buf + CNID_DEV_OFS, CNID_DEV_LEN);
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_lookup.c:43:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ino, buf + CNID_INO_OFS, CNID_INO_LEN);
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_lookup.c:59:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&id_devino, devdata.dptr, sizeof(cnid_t));
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_lookup.c:83:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&id_didname, diddata.dptr, sizeof(cnid_t));
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_open.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_resolve.c:27:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(id, (char *)data.dptr + +CNID_DID_OFS, sizeof(cnid_t));
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_update.c:76:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.dptr, &id, sizeof(id));
data/netatalk-3.1.12~ds/libatalk/compat/getusershell.c:102:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(SHELLS, "r")) == (FILE *)0)
data/netatalk-3.1.12~ds/libatalk/compat/mktemp.c:38:1: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
mkstemp(path)
data/netatalk-3.1.12~ds/libatalk/compat/mktemp.c:93:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0)
data/netatalk-3.1.12~ds/libatalk/compat/strlcpy.c:46:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, s, len);
data/netatalk-3.1.12~ds/libatalk/compat/strlcpy.c:69:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d+len1, s, len2);
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_attn.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[DSI_BLOCKSIZ + sizeof(AFPUserBytes)];
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_attn.c:50:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block + 2, &id, sizeof(id));
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_attn.c:52:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block + 8, &nlen, sizeof(nlen));
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_attn.c:53:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block + 16, &flags, sizeof(flags));
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_getstat.c:25:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dsi->commands, dsi->status, dsi->statuslen);
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_opensess.c:52:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dsi->attn_quantum, &dsi->commands[i], option_len);
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_opensess.c:77:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dsi->commands + 2, &servquant, sizeof(servquant));
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_opensess.c:84:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dsi->commands + offs + 2, &replcsize, sizeof(replcsize));
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c:47:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 2, &dsi->header.dsi_requestID, sizeof(dsi->header.dsi_requestID));
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c:48:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, &dsi->header.dsi_data.dsi_code, sizeof(dsi->header.dsi_data.dsi_code));
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 8, &dsi->header.dsi_len, sizeof(dsi->header.dsi_len));
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 12, &dsi->header.dsi_reserved, sizeof(dsi->header.dsi_reserved));
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c:154:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, dsi->start, nbe);
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[DSI_BLOCKSIZ];
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c:524:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[DSI_BLOCKSIZ];
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c:571:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
iov[0].iov_base = (char *) iov[0].iov_base + len;
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c:579:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
iov[0].iov_base = (char *) iov[0].iov_base + len;
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_stream.c:600:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[DSI_BLOCKSIZ];
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_tcp.c:285:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sa->sin_port = htons(atoi(port));
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_tcp.c:383:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dsi->server, p->ai_addr, p->ai_addrlen);
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_tcp.c:509:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipv6loopb[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1};
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_tcp.c:517:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dsi->server, p->ai_addr, p->ai_addrlen);
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_tickle.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[DSI_BLOCKSIZ];
data/netatalk-3.1.12~ds/libatalk/dsi/dsi_tickle.c:33:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block + 2, &id, sizeof(id));
data/netatalk-3.1.12~ds/libatalk/iniparser/dictionary.c:47:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXKEYSIZE];
data/netatalk-3.1.12~ds/libatalk/iniparser/dictionary.c:68:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newptr, ptr, size);
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:55:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char l[ASCIILINESZ+1];
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keym[ASCIILINESZ+1];
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[ASCIILINESZ+1];
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:532:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line [ASCIILINESZ+1] ;
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:533:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section [ASCIILINESZ+1] ;
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:534:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key [ASCIILINESZ+1] ;
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:535:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val [ASCIILINESZ+1] ;
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:544:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((inifile=fopen(ininame, "r"))==NULL) {
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:605:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((include = fopen(val, "r")) == NULL) {
data/netatalk-3.1.12~ds/libatalk/talloc/dalloc.c:141:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(talloc_chunk, obj, size);
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:671:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char debugbuf[ MAXPATHLEN +1 ];
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:683:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(q, "%2.2x.", *p);
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:736:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:738:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf + sizeof(ucs2_t), &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:740:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf + 2 * sizeof(ucs2_t), &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:789:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h[MAXPATHLEN];
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:824:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:826:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf + sizeof(ucs2_t), &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:828:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf + 2 * sizeof(ucs2_t), &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:836:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, &slash, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:844:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:858:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:860:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf + sizeof(ucs2_t), &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:862:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf + 2 * sizeof(ucs2_t), &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:871:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:879:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, &ucs2, sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/generic_cjk.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*outbuf, buf, n);
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/generic_cjk.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*outbuf, buf, n * sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/generic_cjk.c:151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf + i, sizeof(buf) - sizeof(*buf) * i);
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_centraleurope.h:63:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_centraleurope_page00[224] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_centraleurope.h:94:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_centraleurope_page20[48] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_centraleurope.h:102:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_centraleurope_page22[32] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_centraleurope.h:108:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_centraleurope_page22_1[8] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_cyrillic.h:63:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_cyrillic_page00[32] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_cyrillic.h:69:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_cyrillic_page04[96] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_cyrillic.h:83:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_cyrillic_page20[24] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_cyrillic.h:88:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_cyrillic_page21[24] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_cyrillic.h:93:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_cyrillic_page22[104] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_greek.h:52:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_greek_page00[96] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_greek.h:66:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_greek_page03[80] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_greek.h:78:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_greek_page20[40] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_greek.h:85:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_greek_page22[32] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_hebrew.h:67:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_hebrew_page00[96] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_hebrew.h:83:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_hebrew_page05[64] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_hebrew.h:95:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_hebrew_page20[24] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_hebrew.h:102:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_hebrew_pagefb[56] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_roman.h:23:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_roman_page00[96] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_roman.h:37:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_roman_page01[104] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_roman.h:52:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_roman_page02[32] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_roman.h:58:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_roman_page20[56] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_roman.h:67:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_roman_page21[8] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_roman.h:70:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_roman_page22[104] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_roman.h:85:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_roman_pagefb[8] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_turkish.h:70:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_turkish_page00[96] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_turkish.h:84:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_turkish_page01[128] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_turkish.h:102:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_turkish_page02[32] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_turkish.h:108:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_turkish_page20[40] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_turkish.h:115:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_turkish_page21[8] = {
data/netatalk-3.1.12~ds/libatalk/unicode/charsets/mac_turkish.h:118:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mac_turkish_page22[104] = {
data/netatalk-3.1.12~ds/libatalk/unicode/iconv.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvtbuf[2048];
data/netatalk-3.1.12~ds/libatalk/unicode/util_unistr.c:354:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, len * sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/util_unistr.c:408:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest[start], src, len*sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/unicode/util_unistr.c:425:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest[start], src, len*sizeof(ucs2_t));
data/netatalk-3.1.12~ds/libatalk/util/bprint.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xout[ BPXLEN ], aout[ BPALEN ];
data/netatalk-3.1.12~ds/libatalk/util/cnid.c:82:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1_LOG(cwd = open(".", O_RDONLY));
data/netatalk-3.1.12~ds/libatalk/util/ftw.c:49:46: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define mempcpy(D, S, N) ((void *) ((char *) memcpy (D, S, N) + (N)))
data/netatalk-3.1.12~ds/libatalk/util/ftw.c:699:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cwdfd = open (".", O_RDONLY);
data/netatalk-3.1.12~ds/libatalk/util/logger.c:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/netatalk-3.1.12~ds/libatalk/util/logger.c:261:36: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
type_configs[logtype].fd = mkstemp(tmp);
data/netatalk-3.1.12~ds/libatalk/util/logger.c:266:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
type_configs[logtype].fd = open(filename,
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], uuid[UUID_PRINTABLE_STRING_LENGTH], *p;
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:85:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(obj->options.uuidconf, "r")) != NULL) { /* read open? */
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:139:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((fp = fopen(obj->options.uuidconf, "a+")) == NULL) { /* not found */
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EABUFSZ];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN + 1], *p, *b;
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:478:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mask_int = atoi(mask_char); /* apply_ip_mask does range checking on it */
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:601:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[AFPVOL_U8MNAMELEN+1];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:602:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:604:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[6]; /* max is #FFFF */
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:944:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpname, "???");
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:970:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpname, "???");
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volname[AFPVOL_U8MNAMELEN + 1];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN + 1], tmp[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1179:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[256];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5], creator[5];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1364:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NULL_LOGSTR( fp = fopen(file, "r"), "Couldn't open extension maping file %s", file);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1539:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(obj->options.configfile, O_RDONLY);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1715:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volname[AFPVOL_U8MNAMELEN + 1];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1716:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abspath[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1717:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volpath[MAXPATHLEN + 1], *realvolpath = NULL;
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1718:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1781:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1898:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[MAXVAL];
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:62:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&pid, ipc->msg, sizeof(pid_t));
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:95:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (clientid, p, idlen);
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&child->afpch_state, ipc->msg, sizeof(uint16_t));
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPC_MAXMSGSIZE], *p;
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:267:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[IPC_MAXMSGSIZE], *p;
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:278:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &command, sizeof(command));
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:282:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &pid, sizeof(pid_t));
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:291:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &uid, sizeof(uid_t));
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:294:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &len, 4);
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:297:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, msg, len);
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:45:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pf = fopen(pidfile, "r"))) {
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:46:52: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (fgets(buf, sizeof(buf), pf) && !kill(pid = atol(buf), 0)) {
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:55:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pf = fopen(pidfile, "w")) == NULL) {
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:75:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open( "/dev/null", O_RDWR );
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:76:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open( "/dev/null", O_RDWR );
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:77:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
i = open( "/dev/null", O_RDWR );
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:80:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (( i = open( "/dev/tty", O_RDWR )) >= 0 ) {
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:114:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pf = fopen(pidfile, "r"))) {
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:115:56: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (fgets(buf, sizeof(buf), pf) && !kill(pid = atol(buf), 0)) {
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:141:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pf = fopen(pidfile, "w")) == NULL) {
data/netatalk-3.1.12~ds/libatalk/util/socket.c:294:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ip4[INET_ADDRSTRLEN];
data/netatalk-3.1.12~ds/libatalk/util/socket.c:295:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ip6[INET6_ADDRSTRLEN];
data/netatalk-3.1.12~ds/libatalk/util/socket.c:631:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CMSG_SPACE(sizeof(int))];
data/netatalk-3.1.12~ds/libatalk/util/socket.c:632:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[80];
data/netatalk-3.1.12~ds/libatalk/util/unix.c:143:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null",O_RDWR);
data/netatalk-3.1.12~ds/libatalk/util/unix.c:181:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/util/unix.c:197:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wd[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/util/unix.c:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN+1];
data/netatalk-3.1.12~ds/libatalk/util/unix.c:326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[MAXPATHLEN+1];
data/netatalk-3.1.12~ds/libatalk/util/unix.c:402:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/urandom", O_RDONLY)) != -1) {
data/netatalk-3.1.12~ds/libatalk/util/unix.c:473:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAXPATHLEN+1];
data/netatalk-3.1.12~ds/libatalk/util/unix.c:544:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char groupsstr[GROUPSTR_BUFSIZE];
data/netatalk-3.1.12~ds/libatalk/vfs/acl.c:64:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_aces[new_aces_count], &old_aces[i], sizeof(ace_t));
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:77:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char upath[ MAXPATHLEN + 2]; /* for convert_charset dest_len parameter +2 */
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uint32, buf, sizeof(uint32_t));
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:140:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uint16, buf, sizeof(uint16_t));
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uint16, buf, sizeof(uint16_t));
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:167:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uint32, buf, 4); /* EA size */
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:247:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ea->ea_data + EA_COUNT_OFF, &uint16, 2);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:260:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &uint32, 4);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:401:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(uname, O_RDWR | O_CREAT | O_EXCL, 0666 & ~ea->vol->v_umask)) == -1) {
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:416:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &uint32, sizeof(uint32_t));
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:420:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &uint16, sizeof(uint16_t));
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:481:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(eaname, O_RDWR | O_CREAT | O_EXCL, 0666 & ~ea->vol->v_umask)) == -1) {
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:615:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pathbuf[MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:749:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ea->ea_fd = open(eaname, (ea->ea_flags & EA_RDWR) ? O_RDWR : O_RDONLY)) == -1) {
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:845:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((cwdfd = open(".", O_RDONLY)) == -1) || (fchdir(dirfd) != 0)) {
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:1026:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &uint32, 4);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:1092:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(eafile, O_RDONLY)) == -1) {
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:1107:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &uint32, 4);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:1347:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((cwd = open(".", O_RDONLY)) == -1) || (fchdir(dirfd) != 0)) {
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:1386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srceapath[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:1502:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srceapath[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/vfs/ea_sys.c:129:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &attrsize, 4);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_sys.c:250:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &attrsize, 4);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_sys.c:392:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eabuf, ibuf, attrsize);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_sys.c:538:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((cwd = open(".", O_RDONLY)) == -1) {
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:81:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char attr_name[256 +5] = "user.";
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:373:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char attr_buffer[ATTR_MAX_VALUELEN];
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:950:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((filedes = open(path, O_RDONLY | (oflag & O_NOFOLLOW), mode)) == -1) {
data/netatalk-3.1.12~ds/libatalk/vfs/unix.c:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filebuf[NETATALK_DIOSZ_STACK];
data/netatalk-3.1.12~ds/libatalk/vfs/unix.c:180:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sfd = open(src, O_RDONLY);
data/netatalk-3.1.12~ds/libatalk/vfs/unix.c:188:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dfd = open(dst, O_WRONLY | O_CREAT | O_TRUNC, mode)) < 0) {
data/netatalk-3.1.12~ds/libatalk/vfs/unix.c:234:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1_LOG( sfd = open(src, O_RDONLY) );
data/netatalk-3.1.12~ds/libatalk/vfs/unix.c:236:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EC_NEG1_LOG( dfd = open(dst, O_WRONLY, mode) );
data/netatalk-3.1.12~ds/libatalk/vfs/unix.c:350:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (((cwd = open(".", O_RDONLY)) == -1) || (fchdir(dirfd) != 0)) {
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adsrc[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:370:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:390:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:617:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adsrc[ MAXPATHLEN + 1];
data/netatalk-3.1.12~ds/libevent/arc4random.c:79:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[256];
data/netatalk-3.1.12~ds/libevent/arc4random.c:151:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ADD_ENTROPY];
data/netatalk-3.1.12~ds/libevent/arc4random.c:181:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ADD_ENTROPY];
data/netatalk-3.1.12~ds/libevent/arc4random.c:218:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ADD_ENTROPY];
data/netatalk-3.1.12~ds/libevent/arc4random.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/arc4random.c:260:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char entropy[64];
data/netatalk-3.1.12~ds/libevent/arc4random.c:302:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ADD_ENTROPY];
data/netatalk-3.1.12~ds/libevent/buffer.c:780:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp->buffer, chain->buffer + chain->misalign,
data/netatalk-3.1.12~ds/libevent/buffer.c:1061:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, chain->buffer + chain->misalign, chain->off);
data/netatalk-3.1.12~ds/libevent/buffer.c:1071:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, chain->buffer + chain->misalign, datlen);
data/netatalk-3.1.12~ds/libevent/buffer.c:1248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, chain->buffer + chain->misalign, chain->off);
data/netatalk-3.1.12~ds/libevent/buffer.c:1260:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, chain->buffer + chain->misalign, size);
data/netatalk-3.1.12~ds/libevent/buffer.c:1440:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&it2, &it, sizeof(it));
data/netatalk-3.1.12~ds/libevent/buffer.c:1563:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chain->buffer + chain->misalign + chain->off,
data/netatalk-3.1.12~ds/libevent/buffer.c:1574:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chain->buffer + chain->off, data, datlen);
data/netatalk-3.1.12~ds/libevent/buffer.c:1596:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chain->buffer + chain->misalign + chain->off,
data/netatalk-3.1.12~ds/libevent/buffer.c:1606:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp->buffer, data, datlen);
data/netatalk-3.1.12~ds/libevent/buffer.c:1649:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chain->buffer + chain->misalign - datlen,
data/netatalk-3.1.12~ds/libevent/buffer.c:1658:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chain->buffer,
data/netatalk-3.1.12~ds/libevent/buffer.c:1681:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp->buffer + tmp->misalign, data, datlen);
data/netatalk-3.1.12~ds/libevent/buffer.c:1803:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp->buffer, chain->buffer + chain->misalign,
data/netatalk-3.1.12~ds/libevent/buffer.c:2642:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define va_copy(dst, src) memcpy(&(dst), &(src), sizeof(va_list))
data/netatalk-3.1.12~ds/libevent/bufferevent_ratelim.c:168:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&r->tick_timeout, tick_len, sizeof(struct timeval));
data/netatalk-3.1.12~ds/libevent/bufferevent_sock.c:465:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portbuf[10];
data/netatalk-3.1.12~ds/libevent/evdns.c:214:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[HOST_NAME_MAX];
data/netatalk-3.1.12~ds/libevent/evdns.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[1];
data/netatalk-3.1.12~ds/libevent/evdns.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/netatalk-3.1.12~ds/libevent/evdns.c:527:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&timeout, &ns->base->global_nameserver_probe_initial_timeout,
data/netatalk-3.1.12~ds/libevent/evdns.c:545:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[128];
data/netatalk-3.1.12~ds/libevent/evdns.c:561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[128];
data/netatalk-3.1.12~ds/libevent/evdns.c:619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[128];
data/netatalk-3.1.12~ds/libevent/evdns.c:829:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d->reply, reply, sizeof(struct reply));
data/netatalk-3.1.12~ds/libevent/evdns.c:848:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[128];
data/netatalk-3.1.12~ds/libevent/evdns.c:879:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/netatalk-3.1.12~ds/libevent/evdns.c:940:53: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define GET32(x) do { if (j + 4 > length) goto err; memcpy(&_t32, packet + j, 4); j += 4; x = ntohl(_t32); } while (0)
data/netatalk-3.1.12~ds/libevent/evdns.c:941:53: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define GET16(x) do { if (j + 2 > length) goto err; memcpy(&_t, packet + j, 2); j += 2; x = ntohs(_t); } while (0)
data/netatalk-3.1.12~ds/libevent/evdns.c:976:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, packet + j, label_len);
data/netatalk-3.1.12~ds/libevent/evdns.c:997:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_name[256], cmp_name[256]; /* used by the macros */
data/netatalk-3.1.12~ds/libevent/evdns.c:1099:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&reply.data.a.addresses[reply.data.a.addrcount],
data/netatalk-3.1.12~ds/libevent/evdns.c:1116:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[HOST_NAME_MAX];
data/netatalk-3.1.12~ds/libevent/evdns.c:1137:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&reply.data.aaaa.addresses[reply.data.aaaa.addrcount],
data/netatalk-3.1.12~ds/libevent/evdns.c:1198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_name[256]; /* used by the macros */
data/netatalk-3.1.12~ds/libevent/evdns.c:1225:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&server_req->addr, addr, addrlen);
data/netatalk-3.1.12~ds/libevent/evdns.c:1248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->name, tmp_name, namelen+1);
data/netatalk-3.1.12~ds/libevent/evdns.c:1353:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[128];
data/netatalk-3.1.12~ds/libevent/evdns.c:1460:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[128];
data/netatalk-3.1.12~ds/libevent/evdns.c:1589:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + j, &_t, 2); \
data/netatalk-3.1.12~ds/libevent/evdns.c:1596:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + j, &_t32, 4); \
data/netatalk-3.1.12~ds/libevent/evdns.c:1616:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + j, start, label_len);
data/netatalk-3.1.12~ds/libevent/evdns.c:1627:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + j, start, label_len);
data/netatalk-3.1.12~ds/libevent/evdns.c:1796:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->data, data, datalen);
data/netatalk-3.1.12~ds/libevent/evdns.c:1831:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/netatalk-3.1.12~ds/libevent/evdns.c:1871:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1500];
data/netatalk-3.1.12~ds/libevent/evdns.c:1934:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+len_idx, &_t, 2);
data/netatalk-3.1.12~ds/libevent/evdns.c:1939:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+j, item->data, item->datalen);
data/netatalk-3.1.12~ds/libevent/evdns.c:1959:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->response, buf, req->response_len);
data/netatalk-3.1.12~ds/libevent/evdns.c:2129:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sa, &(req->addr), req->addrlen);
data/netatalk-3.1.12~ds/libevent/evdns.c:2272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[128];
data/netatalk-3.1.12~ds/libevent/evdns.c:2437:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[128];
data/netatalk-3.1.12~ds/libevent/evdns.c:2475:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ns->address, address, addrlen);
data/netatalk-3.1.12~ds/libevent/evdns.c:2678:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[256];
data/netatalk-3.1.12~ds/libevent/evdns.c:2697:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char randbits[(sizeof(namebuf)+7)/8];
data/netatalk-3.1.12~ds/libevent/evdns.c:2868:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/netatalk-3.1.12~ds/libevent/evdns.c:2903:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[73];
data/netatalk-3.1.12~ds/libevent/evdns.c:2918:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, "ip6.arpa", strlen("ip6.arpa")+1);
data/netatalk-3.1.12~ds/libevent/evdns.c:3026:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ((u8 *) sdomain) + sizeof(struct search_domain), domain, domain_len);
data/netatalk-3.1.12~ds/libevent/evdns.c:3078:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[HOST_NAME_MAX + 1], *domainname;
data/netatalk-3.1.12~ds/libevent/evdns.c:3103:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newname, base_name, base_len);
data/netatalk-3.1.12~ds/libevent/evdns.c:3105:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newname + base_len + need_to_append_dot, postfix, postfix_len);
data/netatalk-3.1.12~ds/libevent/evdns.c:3371:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&base->global_timeout, &tv, sizeof(struct timeval));
data/netatalk-3.1.12~ds/libevent/evdns.c:3378:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&base->global_getaddrinfo_allow_skew, &tv,
data/netatalk-3.1.12~ds/libevent/evdns.c:3422:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&base->global_nameserver_probe_initial_timeout, &tv,
data/netatalk-3.1.12~ds/libevent/evdns.c:3502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH+1];
data/netatalk-3.1.12~ds/libevent/evdns.c:3595:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, addr, ips-addr);
data/netatalk-3.1.12~ds/libevent/evdns.c:4035:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&he->addr, &ss, socklen);
data/netatalk-3.1.12~ds/libevent/evdns.c:4036:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(he->hostname, hostname, namelen+1);
data/netatalk-3.1.12~ds/libevent/evdns.c:4060:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/netatalk-3.1.12~ds/libevent/evdns.c:4377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addrp, ((char*)addresses)+i*addrlen, addrlen);
data/netatalk-3.1.12~ds/libevent/event.c:475:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char environment[64];
data/netatalk-3.1.12~ds/libevent/event.c:1188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tv, duration, sizeof(struct timeval));
data/netatalk-3.1.12~ds/libevent/event.c:1955:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/netatalk-3.1.12~ds/libevent/event.c:2645:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, str, ln+1);
data/netatalk-3.1.12~ds/libevent/event.c:2705:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/netatalk-3.1.12~ds/libevent/evrpc.c:219:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(constructed_uri, EVRPC_URI_PREFIX, strlen(EVRPC_URI_PREFIX));
data/netatalk-3.1.12~ds/libevent/evrpc.c:220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(constructed_uri + strlen(EVRPC_URI_PREFIX), uri, strlen(uri));
data/netatalk-3.1.12~ds/libevent/evrpc.c:1049:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(meta->data, data, data_size);
data/netatalk-3.1.12~ds/libevent/evthread.c:101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, cbs, sizeof(_evthread_lock_fns));
data/netatalk-3.1.12~ds/libevent/evthread.c:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target, cbs, sizeof(_evthread_cond_fns));
data/netatalk-3.1.12~ds/libevent/evthread.c:279:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&_original_lock_fns, &_evthread_lock_fns,
data/netatalk-3.1.12~ds/libevent/evthread.c:281:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&_evthread_lock_fns, &cbs,
data/netatalk-3.1.12~ds/libevent/evthread.c:284:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&_original_cond_fns, &_evthread_cond_fns,
data/netatalk-3.1.12~ds/libevent/evutil.c:83:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/netatalk-3.1.12~ds/libevent/evutil.c:100:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, flags, (mode_t)mode);
data/netatalk-3.1.12~ds/libevent/evutil.c:102:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, flags);
data/netatalk-3.1.12~ds/libevent/evutil.c:560:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/evutil.c:678:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res->ai_addr, sa, socklen);
data/netatalk-3.1.12~ds/libevent/evutil.c:1022:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addrp, ent->h_addr_list[i], ent->h_length);
data/netatalk-3.1.12~ds/libevent/evutil.c:1172:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ai_new, ai, sizeof(*ai_new));
data/netatalk-3.1.12~ds/libevent/evutil.c:1304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/netatalk-3.1.12~ds/libevent/evutil.c:1310:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/netatalk-3.1.12~ds/libevent/evutil.c:1607:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64], *cp;
data/netatalk-3.1.12~ds/libevent/evutil.c:1797:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/evutil.c:1818:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ip_as_string+1, len);
data/netatalk-3.1.12~ds/libevent/evutil.c:1835:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ip_as_string, cp-ip_as_string);
data/netatalk-3.1.12~ds/libevent/evutil.c:1848:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(port_part);
data/netatalk-3.1.12~ds/libevent/evutil.c:1871:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &sin6, sizeof(sin6));
data/netatalk-3.1.12~ds/libevent/evutil.c:1890:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &sin, sizeof(sin));
data/netatalk-3.1.12~ds/libevent/evutil.c:1899:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[128];
data/netatalk-3.1.12~ds/libevent/evutil.c:1983:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char EVUTIL_TOUPPER_TABLE[256] = {
data/netatalk-3.1.12~ds/libevent/evutil.c:2001:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char EVUTIL_TOLOWER_TABLE[256] = {
data/netatalk-3.1.12~ds/libevent/evutil.c:2114:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char LOOPBACK_S6[16] =
data/netatalk-3.1.12~ds/libevent/evutil.c:2167:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR path[MAX_PATH];
data/netatalk-3.1.12~ds/libevent/evutil_rand.c:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, &u, n_bytes);
data/netatalk-3.1.12~ds/libevent/evutil_rand.c:81:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, &u, n);
data/netatalk-3.1.12~ds/libevent/http.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpserv[16];
data/netatalk-3.1.12~ds/libevent/http.c:287:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, replaced, len);
data/netatalk-3.1.12~ds/libevent/http.c:461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[22];
data/netatalk-3.1.12~ds/libevent/http.c:498:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[50];
data/netatalk-3.1.12~ds/libevent/http.c:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len[22];
data/netatalk-3.1.12~ds/libevent/http.c:1501:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
req->response_code = atoi(number);
data/netatalk-3.1.12~ds/libevent/http.c:1775:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newval + old_len, line, line_len + 1);
data/netatalk-3.1.12~ds/libevent/http.c:2632:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char uri_chars[256] = {
data/netatalk-3.1.12~ds/libevent/http.c:2726:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[3];
data/netatalk-3.1.12~ds/libevent/http.c:3613:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->host_cache, host, len);
data/netatalk-3.1.12~ds/libevent/http.c:3684:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
http->base, NULL, hostname, atoi(portname));
data/netatalk-3.1.12~ds/libevent/http.c:3776:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ntop[NI_MAXHOST];
data/netatalk-3.1.12~ds/libevent/http.c:3777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/netatalk-3.1.12~ds/libevent/http.c:3854:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/netatalk-3.1.12~ds/libevent/http.c:4032:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/netatalk-3.1.12~ds/libevent/http.c:4037:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s+1, n_chars);
data/netatalk-3.1.12~ds/libevent/http.c:4100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uri->host, cp, eos-cp);
data/netatalk-3.1.12~ds/libevent/include/event2/dns_struct.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1];
data/netatalk-3.1.12~ds/libevent/listener.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[1];
data/netatalk-3.1.12~ds/libevent/log.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/netatalk-3.1.12~ds/libevent/poll.c:147:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pop->event_set_copy, pop->event_set,
data/netatalk-3.1.12~ds/libevent/poll.c:308:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pop->event_set[i], &pop->event_set[pop->nfds],
data/netatalk-3.1.12~ds/libevent/sample/dns-example.c:43:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/netatalk-3.1.12~ds/libevent/sample/dns-example.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/sample/event-test.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/netatalk-3.1.12~ds/libevent/sample/event-test.c:112:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket = open(fifo, O_RDWR | O_NONBLOCK, 0);
data/netatalk-3.1.12~ds/libevent/sample/event-test.c:114:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket = open(fifo, O_RDONLY | O_NONBLOCK, 0);
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:53:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri_root[512];
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[128];
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:226:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pattern, whole_path, dirlen);
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:277:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(whole_path, O_RDONLY)) < 0) {
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[128];
data/netatalk-3.1.12~ds/libevent/sample/le-proxy.c:232:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int p = atoi(argv[i]);
data/netatalk-3.1.12~ds/libevent/select.c:152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sop->event_readset_out, sop->event_readset_in,
data/netatalk-3.1.12~ds/libevent/select.c:154:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sop->event_writeset_out, sop->event_writeset_in,
data/netatalk-3.1.12~ds/libevent/signal.c:132:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char signals[1024];
data/netatalk-3.1.12~ds/libevent/test/bench.c:145:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_pipes = atoi(optarg);
data/netatalk-3.1.12~ds/libevent/test/bench.c:148:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_active = atoi(optarg);
data/netatalk-3.1.12~ds/libevent/test/bench.c:151:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_writes = atoi(optarg);
data/netatalk-3.1.12~ds/libevent/test/bench_cascade.c:147:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_pipes = atoi(optarg);
data/netatalk-3.1.12~ds/libevent/test/regress.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wbuf[4096];
data/netatalk-3.1.12~ds/libevent/test/regress.c:81:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rbuf[4096];
data/netatalk-3.1.12~ds/libevent/test/regress.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/netatalk-3.1.12~ds/libevent/test/regress.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/netatalk-3.1.12~ds/libevent/test/regress.c:262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/test/regress.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/test/regress.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/netatalk-3.1.12~ds/libevent/test/regress.c:1439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/netatalk-3.1.12~ds/libevent/test/regress.c:1627:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/netatalk-3.1.12~ds/libevent/test/regress.c:1744:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)EVBUFFER_DATA(tmp))[1] = '\xff';
data/netatalk-3.1.12~ds/libevent/test/regress.c:1905:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[256];
data/netatalk-3.1.12~ds/libevent/test/regress.c:1917:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[256];
data/netatalk-3.1.12~ds/libevent/test/regress.c:1945:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varbuf[128];
data/netatalk-3.1.12~ds/libevent/test/regress.c:2203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, "{[<guardedram>]}", 16);
data/netatalk-3.1.12~ds/libevent/test/regress.gen.c:882:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->some_bytes_data, value, len);
data/netatalk-3.1.12~ds/libevent/test/regress.gen.c:890:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->fixed_bytes_data, value, 24);
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:171:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[512], *tmp;
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4096];
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:992:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[32];
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1032:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test3[EVBUFFER_INITIAL_LENGTH];
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charbuf[128];
data/netatalk-3.1.12~ds/libevent/test/regress_bufferevent.c:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8333];
data/netatalk-3.1.12~ds/libevent/test/regress_bufferevent.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[65000];
data/netatalk-3.1.12~ds/libevent/test/regress_bufferevent.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8333];
data/netatalk-3.1.12~ds/libevent/test/regress_bufferevent.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/netatalk-3.1.12~ds/libevent/test/regress_bufferevent.c:675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN+1];
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:250:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr6[17] = "abcdefghijklmnop";
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN+1];
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:419:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resolve_addr6.s6_addr,
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrs_buf[256];
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:483:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res->addrs_buf, addresses, len);
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:676:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[64], buf2[64];
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:829:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:1056:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:1208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strport[NI_MAXSERV];
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:932:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[64];
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:2000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url_tmp[4096];
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:3362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char long_str[8192];
data/netatalk-3.1.12~ds/libevent/test/regress_iocp.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[1024];
data/netatalk-3.1.12~ds/libevent/test/regress_iocp.c:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/test/regress_main.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfilename[32];
data/netatalk-3.1.12~ds/libevent/test/regress_main.c:117:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpfilename, "/tmp/eventtmp.XXXXXX");
data/netatalk-3.1.12~ds/libevent/test/regress_main.c:118:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(tmpfilename);
data/netatalk-3.1.12~ds/libevent/test/regress_main.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfilepath[MAX_PATH];
data/netatalk-3.1.12~ds/libevent/test/regress_main.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfilename[MAX_PATH];
data/netatalk-3.1.12~ds/libevent/test/regress_ssl.c:173:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(line);
data/netatalk-3.1.12~ds/libevent/test/regress_testutils.c:159:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int err = atoi(tab->ans);
data/netatalk-3.1.12~ds/libevent/test/regress_testutils.c:163:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int err = atoi(tab->ans);
data/netatalk-3.1.12~ds/libevent/test/regress_thread.c:334:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&alerted[5].delay, &tv_timeout, sizeof(tv_timeout));
data/netatalk-3.1.12~ds/libevent/test/regress_thread.c:335:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&alerted[6].delay, &tv_timeout, sizeof(tv_timeout));
data/netatalk-3.1.12~ds/libevent/test/regress_util.c:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char written[128];
data/netatalk-3.1.12~ds/libevent/test/regress_util.c:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char written[128];
data/netatalk-3.1.12~ds/libevent/test/regress_util.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[128];
data/netatalk-3.1.12~ds/libevent/test/regress_util.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/netatalk-3.1.12~ds/libevent/test/regress_util.c:515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/test/regress_util.c:605:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/netatalk-3.1.12~ds/libevent/test/regress_util.c:774:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/test/regress_util.c:826:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[32];
data/netatalk-3.1.12~ds/libevent/test/regress_util.c:827:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[32];
data/netatalk-3.1.12~ds/libevent/test/regress_util.c:882:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/netatalk-3.1.12~ds/libevent/test/regress_zlib.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8333];
data/netatalk-3.1.12~ds/libevent/test/test-eof.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/netatalk-3.1.12~ds/libevent/test/test-ratelim.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/netatalk-3.1.12~ds/libevent/test/tinytest.c:70:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char commandname[MAX_PATH+1];
data/netatalk-3.1.12~ds/libevent/test/tinytest.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[LONGEST_TEST_NAME+256];
data/netatalk-3.1.12~ds/libevent/test/tinytest.c:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[1];
data/netatalk-3.1.12~ds/libevent/test/tinytest.c:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[1];
data/netatalk-3.1.12~ds/libevent/test/tinytest.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[LONGEST_TEST_NAME];
data/netatalk-3.1.12~ds/libevent/util-internal.h:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss_padding[128];
data/netatalk-3.1.12~ds/libevent/win32select.c:258:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->fd_array, in->fd_array, in->fd_count * (sizeof(SOCKET)));
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rbuf[rbufsize];
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((p), (val), (size)); \
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:60:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &type, sizeof(type)); \
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:94:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufsize];
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufsize];
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufsize];
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufsize];
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufsize];
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufsize];
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:214:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &bitmap, 2);
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:220:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, name, len);
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:232:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bitmap, p, 2);
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:238:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vid, p, 2);
data/netatalk-3.1.12~ds/test/afpd/subtests.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[20];
data/netatalk-3.1.12~ds/test/afpd/subtests.c:49:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dirname, "dir%04u", start);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:253:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to.p_end = to.p_path + strlen(to.p_path);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:323:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = ~umask(0777);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:324:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(~mask);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:410:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base = strlen(path);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:414:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(path) - base;
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:424:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void)strncat(target_mid, p, nlen);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:492:28: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t omask = umask(0);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:538:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:567:28: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t omask = umask(0);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:605:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:662:28: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
checkch = ch = getchar();
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:664:22: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getchar();
data/netatalk-3.1.12~ds/bin/ad/ad_cp.c:745:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rcount = read(from_fd, buf, bufsize)) > 0) {
data/netatalk-3.1.12~ds/bin/ad/ad_find.c:123:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(argv[optind]),
data/netatalk-3.1.12~ds/bin/ad/ad_find.c:134:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(namebuf),
data/netatalk-3.1.12~ds/bin/ad/ad_ls.c:485:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwdpath, "/");
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:188:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[argc - 1]) > sizeof(path) - 1)
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:192:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
baselen = strlen(path);
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:204:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = *argv + strlen(*argv);
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:210:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((baselen + (len = strlen(p))) >= PATH_MAX) {
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:258:26: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
first = ch = getchar();
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:260:22: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getchar();
data/netatalk-3.1.12~ds/bin/ad/ad_mv.c:345:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cnid_update(dvolume.vol->v_cdb, cnid, &sb, newdid, name, strlen(name)) != 0) {
data/netatalk-3.1.12~ds/bin/ad/ad_util.c:166:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outlen = strlen(upath);
data/netatalk-3.1.12~ds/bin/ad/ad_util.c:225:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bname, strlen(bname),
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:81:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(keyfd, key, sizeof(key));
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:125:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) < sizeof(buf) - 5) {
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:135:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == (p - buf) &&
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:153:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(buf, strlen(buf), 1, fp);
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:233:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pwd->pw_name) + FORMAT_LEN > sizeof(buf) - 1)
data/netatalk-3.1.12~ds/bin/afppasswd/afppasswd.c:237:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/netatalk-3.1.12~ds/bin/misc/netacnv.c:95:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string, strlen(string),
data/netatalk-3.1.12~ds/etc/afpd/afs.c:114:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*rbuflen = strlen( vi.out ) + 1;
data/netatalk-3.1.12~ds/etc/afpd/afs.c:249:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( name ) < 2 || strlen( name ) > 18 ) {
data/netatalk-3.1.12~ds/etc/afpd/afs.c:249:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( name ) < 2 || strlen( name ) > 18 ) {
data/netatalk-3.1.12~ds/etc/afpd/appl.c:94:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (( cc = read( sfd, buf, sizeof(appltag) + sizeof( u_short ))) > 0 ) {
data/netatalk-3.1.12~ds/etc/afpd/appl.c:99:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (( cc = read( sa.sdt_fd, p, len )) < len ) {
data/netatalk-3.1.12~ds/etc/afpd/appl.c:132:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p -= strlen( path );
data/netatalk-3.1.12~ds/etc/afpd/appl.c:133:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( p, path, strlen( path ));
data/netatalk-3.1.12~ds/etc/afpd/appl.c:411:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (( cc = read( sa.sdt_fd, buf, sizeof( appltag )
data/netatalk-3.1.12~ds/etc/afpd/appl.c:417:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (( cc = read( sa.sdt_fd, p, len )) < len ) {
data/netatalk-3.1.12~ds/etc/afpd/auth.c:84:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( afp_versions[ i ].av_name );
data/netatalk-3.1.12~ds/etc/afpd/auth.c:112:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( uams->uam_name);
data/netatalk-3.1.12~ds/etc/afpd/auth.c:283:11: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void)umask(obj->options.umask);
data/netatalk-3.1.12~ds/etc/afpd/auth.c:283:30: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void)umask(obj->options.umask);
data/netatalk-3.1.12~ds/etc/afpd/auth.c:864:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = MIN(sizeof(username) - 1, strlen(obj->username));
data/netatalk-3.1.12~ds/etc/afpd/auth.c:1008:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!path || !*path || !list || (len = strlen(path)) > sizeof(name) - 2)
data/netatalk-3.1.12~ds/etc/afpd/auth.c:1019:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(name, "/");
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:275:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = get_id(vol, adp, &path->st, path->d_dir->d_did, path->u_name, strlen(path->u_name));
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:308:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (size_t)(-1) == (len = convert_charset( CH_UTF8_MAC, CH_UCS2, CH_UTF8, path->m_name, strlen(path->m_name), convbuf, 512, &flags))) {
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:606:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unlen = strlen(path.u_name);
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:735:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(uname),
data/netatalk-3.1.12~ds/etc/afpd/catsearch.c:749:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(uname),
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:75:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp( deskp->d_name, ".." ) == 0 || strlen( deskp->d_name ) > 2 ) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:79:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( modbuf, "/" );
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:169:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( deskp->d_name ) > 2 ) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:173:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( modbuf, "/" );
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:393:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (( cc = read( si.sdt_fd, irh, sizeof( irh ))) > 0 ) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:546:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( read( si.sdt_fd, ih, sizeof( ih )) != sizeof( ih )) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:618:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (( rc = read( si.sdt_fd, ih, sizeof( ih ))) > 0 ) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:682:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buflen = read(si.sdt_fd, rbuf, *rbuflen);
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:704:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( read( si.sdt_fd, rbuf, rc ) < rc ) {
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:762:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(upath, ".");
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:777:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inplen = strlen(m);
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:802:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outlen = strlen(upath);
data/netatalk-3.1.12~ds/etc/afpd/desktop.c:828:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = mangle(vol, u, strlen(u), upath, id, (utf8)?3:1);
data/netatalk-3.1.12~ds/etc/afpd/dircache.c:380:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AFP_ASSERT(len == strlen(name));
data/netatalk-3.1.12~ds/etc/afpd/directory.c:147:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(dir)) +2 > sizeof(path))
data/netatalk-3.1.12~ds/etc/afpd/directory.c:155:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/netatalk-3.1.12~ds/etc/afpd/directory.c:163:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(de->d_name) > remain) {
data/netatalk-3.1.12~ds/etc/afpd/directory.c:200:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((slen = strlen(src)) > sizeof(spath) - 2) ||
data/netatalk-3.1.12~ds/etc/afpd/directory.c:201:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((dlen = strlen(dst)) > sizeof(dpath) - 2) ||
data/netatalk-3.1.12~ds/etc/afpd/directory.c:213:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(spath, "/");
data/netatalk-3.1.12~ds/etc/afpd/directory.c:218:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dpath, "/");
data/netatalk-3.1.12~ds/etc/afpd/directory.c:228:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(de->d_name) > srem) {
data/netatalk-3.1.12~ds/etc/afpd/directory.c:235:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(de->d_name) > drem) {
data/netatalk-3.1.12~ds/etc/afpd/directory.c:324:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mtoUTF8(vol, ret->m_name, strlen(ret->m_name), temp, MAXPATHLEN) == (size_t)-1) {
data/netatalk-3.1.12~ds/etc/afpd/directory.c:838:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cdir = dircache_search_by_name(vol, dir, path->u_name, strlen(path->u_name))) != NULL) {
data/netatalk-3.1.12~ds/etc/afpd/directory.c:1253:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int unamelen = strlen(ret.u_name);
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2202:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((dir = dir_add(vol, curdir, s_path, strlen(s_path->u_name))) == NULL) {
data/netatalk-3.1.12~ds/etc/afpd/directory.c:2449:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( name );
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:59:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(de->d_name);
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:121:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(m_name) > vol->max_filename)
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:369:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_path.id = cnid_lookup(vol->v_cdb, &s_path.st, curdir->d_did, sd.sd_last, strlen(sd.sd_last));
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:373:119: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cnid_up_ret = cnid_update(vol->v_cdb, s_path.id, &s_path.st, curdir->d_did, (char *)convname, strlen(convname));
data/netatalk-3.1.12~ds/etc/afpd/enumerate.c:393:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s_path.u_name);
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:181:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attrbuflen += strlen(ea_finderinfo) + 1;
data/netatalk-3.1.12~ds/etc/afpd/extattrs.c:191:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attrbuflen += strlen(ea_resourcefork) + 1;
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:245:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint16 = strlen(user);
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:250:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(p, user, strlen(user));
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:251:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(user);
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:252:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen += strlen(user);
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:256:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((pathlen = strlen(path)) >= MAXPATHLEN)
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:269:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((pathlen = strlen(oldpath)) >= MAXPATHLEN)
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:461:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(last_close_event.path, path, MAXPATHLEN);
data/netatalk-3.1.12~ds/etc/afpd/fce_api.c:581:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target_ip, target, sizeof(target_ip) -1);
data/netatalk-3.1.12~ds/etc/afpd/fce_util.c:135:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(fh->fce_h_path, path, strlen(fh->fce_h_path)))
data/netatalk-3.1.12~ds/etc/afpd/fce_util.c:143:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(fh->fce_h_path, path, strlen(fh->fce_h_path)))
data/netatalk-3.1.12~ds/etc/afpd/fce_util.c:157:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fce_history_list[oldest_entry_idx].fce_h_path, path, MAXPATHLEN);
data/netatalk-3.1.12~ds/etc/afpd/file.c:131:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aint = strlen( name );
data/netatalk-3.1.12~ds/etc/afpd/file.c:145:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aint = strlen(m);
data/netatalk-3.1.12~ds/etc/afpd/file.c:320:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(upath);
data/netatalk-3.1.12~ds/etc/afpd/file.c:759:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((id = get_id(vol, &ad, &st, dir->d_did, upath, strlen(upath))) == CNID_INVALID) {
data/netatalk-3.1.12~ds/etc/afpd/file.c:910:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fp, symbuf, MAXPATHLEN);
data/netatalk-3.1.12~ds/etc/afpd/file.c:1007:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((id = get_id(vol, adp, &path->st, curdir->d_did, upath, strlen(upath))) == CNID_INVALID) {
data/netatalk-3.1.12~ds/etc/afpd/file.c:1222:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( newname, ibuf, plen );
data/netatalk-3.1.12~ds/etc/afpd/file.c:1225:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) != plen) {
data/netatalk-3.1.12~ds/etc/afpd/file.c:1245:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( newname, ibuf, plen );
data/netatalk-3.1.12~ds/etc/afpd/file.c:1247:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newname) != plen) {
data/netatalk-3.1.12~ds/etc/afpd/file.c:1471:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((id = get_id(d_vol, &add, &stdest, d_dir->d_did, dst, strlen(dst))) == CNID_INVALID) {
data/netatalk-3.1.12~ds/etc/afpd/file.c:1620:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = cnid_get(vol->v_cdb, curdir->d_did, file, strlen(file));
data/netatalk-3.1.12~ds/etc/afpd/file.c:1700:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = cnid_lookup(vol->v_cdb, st, did, upath, len = strlen(upath));
data/netatalk-3.1.12~ds/etc/afpd/file.c:1736:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aint = cnid_add(vol->v_cdb, &path.st, did, de->d_name, strlen(de->d_name), 0); /* ignore errors */
data/netatalk-3.1.12~ds/etc/afpd/file.c:2100:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sid = cnid_lookup(vol->v_cdb, &srcst, sdir->d_did, supath,slen = strlen(supath));
data/netatalk-3.1.12~ds/etc/afpd/file.c:2145:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
did = cnid_lookup(vol->v_cdb, &destst, curdir->d_did, upath, dlen = strlen(upath));
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:250:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id = cnid_get(vol->v_cdb, sdir->d_did, oldunixname, strlen(oldunixname));
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:391:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cnid_update(vol->v_cdb, id, st, curdir->d_did, upath, strlen(upath));
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:619:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((deldir = dircache_search_by_name(vol, curdir, upath, strlen(upath)))) {
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:625:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delcnid = cnid_get(vol->v_cdb, curdir->d_did, upath, strlen(upath));
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:662:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cachedfile = dircache_search_by_name(vol, dir, upath, strlen(upath)))) {
data/netatalk-3.1.12~ds/etc/afpd/filedir.c:697:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pathbuf, cfrombstr(path), blength(path) + 1);
data/netatalk-3.1.12~ds/etc/afpd/fork.c:400:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((id = get_id(vol, ofork->of_ad, st, dir->d_did, upath, strlen(upath))) == CNID_INVALID) {
data/netatalk-3.1.12~ds/etc/afpd/hash.c:863:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)data);
data/netatalk-3.1.12~ds/etc/afpd/hash.c:939:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sz = strlen(str) + 1;
data/netatalk-3.1.12~ds/etc/afpd/main.c:208:29: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
obj.options.save_mask = umask(obj.options.umask);
data/netatalk-3.1.12~ds/etc/afpd/main.c:208:47: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
obj.options.save_mask = umask(obj.options.umask);
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:35:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vol->v_maccharset, p, strlen(p),
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:76:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uname, strlen(uname), buffer, MAXPATHLEN, &flags)) ) {
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:80:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mfilenamelen = strlen(mfilename);
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:120:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uname, strlen(uname), buffer, MAXPATHLEN, &flags)) ) {
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:164:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*t != 0 && *t != '.') || strlen(t) > MAX_EXT_LENGTH || id < 17) {
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:272:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vol->v_maccharset, uname, strlen(uname),
data/netatalk-3.1.12~ds/etc/afpd/mangle.c:283:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(m, ext, ext_len);
data/netatalk-3.1.12~ds/etc/afpd/messages.c:80:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((( c=fgetc(message)) != EOF) && (i < (maxmsgsize - 1))) {
data/netatalk-3.1.12~ds/etc/afpd/messages.c:161:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msglen = strlen(message);
data/netatalk-3.1.12~ds/etc/afpd/ofork.c:287:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pathname + 3, cfrombstr(path->d_dir->d_u_name), len + 1);
data/netatalk-3.1.12~ds/etc/afpd/quota.c:628:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (( vol->v_gvs = (char *)malloc( strlen( p ) + 1 )) == NULL ) {
data/netatalk-3.1.12~ds/etc/afpd/quota.c:650:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (( vol->v_gvs = (char *)malloc( strlen( p ) + 1 )) == NULL ) {
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:870:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl_query, strlen(sl_query), slq_host, MAXPATHLEN,
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:1417:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(vol->v_path) + 1;
data/netatalk-3.1.12~ds/etc/afpd/spotlight.c:1418:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rbuf + 8, vol->v_path, len);
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:331:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:346:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + offset, s, len);
data/netatalk-3.1.12~ds/etc/afpd/spotlight_marshalling.c:643:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = dalloc_strndup(query, tmp, strlen(tmp));
data/netatalk-3.1.12~ds/etc/afpd/status.c:111:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = MIN(strlen(Obj), 31);
data/netatalk-3.1.12~ds/etc/afpd/status.c:157:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(machine) + strlen(VERSION)) <= AFPSTATUS_MACHLEN) {
data/netatalk-3.1.12~ds/etc/afpd/status.c:157:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(machine) + strlen(VERSION)) <= AFPSTATUS_MACHLEN) {
data/netatalk-3.1.12~ds/etc/afpd/status.c:160:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(VERSION) > AFPSTATUS_MACHLEN) {
data/netatalk-3.1.12~ds/etc/afpd/status.c:164:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)snprintf(buf + AFPSTATUS_MACHLEN - strlen(VERSION),
data/netatalk-3.1.12~ds/etc/afpd/status.c:165:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(VERSION) + 1,
data/netatalk-3.1.12~ds/etc/afpd/status.c:280:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(options->fqdn);
data/netatalk-3.1.12~ds/etc/afpd/status.c:506:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(options->signatureopt);
data/netatalk-3.1.12~ds/etc/afpd/status.c:579:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(fp) != '\n') fputc('\n', fp); /* last char is \n? */
data/netatalk-3.1.12~ds/etc/afpd/uam.c:124:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((uam = auth_uamfind(type, name, strlen(name)))) {
data/netatalk-3.1.12~ds/etc/afpd/uam.c:184:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uam = auth_uamfind(type, name, strlen(name));
data/netatalk-3.1.12~ds/etc/afpd/uam.c:223:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(pwent->pw_name);
data/netatalk-3.1.12~ds/etc/afpd/uam.c:225:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name,pwent->pw_name, MAXUSERLEN);
data/netatalk-3.1.12~ds/etc/afpd/uam.c:318:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buf, len);
data/netatalk-3.1.12~ds/etc/afpd/uam.c:347:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(obj->options.guest);
data/netatalk-3.1.12~ds/etc/afpd/uam.c:357:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(obj->options.passwdfile);
data/netatalk-3.1.12~ds/etc/afpd/uam.c:388:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(obj->options.hostname);
data/netatalk-3.1.12~ds/etc/afpd/uam.c:415:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = (*buf)?strlen(*buf):0;
data/netatalk-3.1.12~ds/etc/afpd/uam.c:420:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = (*buf)?strlen(*buf):0;
data/netatalk-3.1.12~ds/etc/afpd/uam.c:425:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = (*buf)?strlen(*buf):0;
data/netatalk-3.1.12~ds/etc/afpd/volume.c:180:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(entry->d_name) == (p + strlen("sparsebundle") - entry->d_name))) {
data/netatalk-3.1.12~ds/etc/afpd/volume.c:180:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(entry->d_name) == (p + strlen("sparsebundle") - entry->d_name))) {
data/netatalk-3.1.12~ds/etc/afpd/volume.c:333:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ad_setentrylen( &ad, ADEID_NAME, strlen( slash ));
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd.c:223:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(obj.username, username, MAXUSERLEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:83:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outlen = strlen(upath);
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:145:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((id = cnid_lookup(vol->v_cdb, sp, did, (char *)oldname, strlen(oldname))) == CNID_INVALID)
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:150:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cnid_update(vol->v_cdb, id, sp, did, (char *)newname, strlen(newname)) < 0)
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:591:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((db_cnid = cnid_add(vol->v_cdb, st, did, (char *)name, strlen(name), ad_cnid)) == CNID_INVALID)
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:618:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) < 3)
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:739:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (S_ISREG(st.st_mode) && (strncmp(ep->d_name, "._", strlen("._")) == 0)) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:773:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwdbuf, "/");
data/netatalk-3.1.12~ds/etc/cnid_dbd/cmd_dbd_scanvol.c:823:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:41:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dir);
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:42:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len + 1 + strlen(fn) > maxlen)
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:46:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:49:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn) > maxlen)
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:112:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(params.usock_file) == 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/db_param.c:171:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(params.usock_file) == 0) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:130:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(dbpath) + strlen(LOCKFILENAME+1)) > (PATH_MAX - 1) ) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:130:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(dbpath) + strlen(LOCKFILENAME+1)) > (PATH_MAX - 1) ) {
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:134:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lockpath, dbpath, PATH_MAX - 1);
data/netatalk-3.1.12~ds/etc/cnid_dbd/main.c:135:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(lockpath, "/");
data/netatalk-3.1.12~ds/etc/cnid_dbd/pack.c:62:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)skey->data + CNID_DID_LEN);
data/netatalk-3.1.12~ds/etc/cnid_dbd/pack.c:87:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)pdata->data + CNID_NAME_OFS),
data/netatalk-3.1.12~ds/etc/cnid_dbd/pack.c:95:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
skey->size = strlen(skey->data);
data/netatalk-3.1.12~ds/etc/cnid_dbd/usockfd.c:48:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, usock_fn, sizeof(addr.sun_path) - 1);
data/netatalk-3.1.12~ds/etc/netatalk/afp_mdns.c:52:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
data/netatalk-3.1.12~ds/etc/netatalk/afp_mdns.c:77:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
data/netatalk-3.1.12~ds/etc/uams/uams_dhx2_pam.c:707:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(utfpass, 0, strlen(utfpass));
data/netatalk-3.1.12~ds/etc/uams/uams_gss.c:172:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cnblen = strlen(client_name_buffer.value);
data/netatalk-3.1.12~ds/etc/uams/uams_gss.c:493:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(principal);
data/netatalk-3.1.12~ds/etc/uams/uams_gss.c:511:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(obj->options.k5principal + 2, principal, len);
data/netatalk-3.1.12~ds/etc/uams/uams_gss.c:541:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(obj->options.k5realm),
data/netatalk-3.1.12~ds/etc/uams/uams_guest.c:118:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
append(out, loginok, strlen(loginok));
data/netatalk-3.1.12~ds/etc/uams/uams_pam.c:383:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (( pwd = uam_getname(NULL, username, strlen(username))) == NULL ) {
data/netatalk-3.1.12~ds/etc/uams/uams_pam.c:438:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
append(out, loginok, strlen(loginok));
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:301:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ulen = strlen(username);
data/netatalk-3.1.12~ds/etc/uams/uams_passwd.c:351:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
append(out, loginok, strlen(loginok));
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:83:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, passwd, len) < 0) {
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:149:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(pwd->pw_name) == (p - buf) &&
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:177:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(keyfd, key, sizeof(key));
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:180:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = j = 0; i < strlen((char *) key); i += 2, j++)
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:247:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(file);
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:251:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(pwd->pw_dir) + i - 1) > MAXPATHLEN)
data/netatalk-3.1.12~ds/etc/uams/uams_randnum.c:255:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/" );
data/netatalk-3.1.12~ds/include/atalk/bstrlib.h:218:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(t).slen = ((t).data) ? ((int) (strlen) ((char *)(t).data)) : 0; \
data/netatalk-3.1.12~ds/include/atalk/globals.h:117:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t umask;
data/netatalk-3.1.12~ds/libatalk/acl/cache.c:134:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = malloc(strlen(inname)+1);
data/netatalk-3.1.12~ds/libatalk/acl/cache.c:286:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*name = malloc(strlen(entry->name)+1);
data/netatalk-3.1.12~ds/libatalk/acl/cache.c:306:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = malloc(strlen(inname)+1);
data/netatalk-3.1.12~ds/libatalk/acl/uuid.c:125:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (i < strlen(uuidmask)) {
data/netatalk-3.1.12~ds/libatalk/adouble/ad_attr.c:168:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(path)) > ADEDLEN_NAME)
data/netatalk-3.1.12~ds/libatalk/adouble/ad_flush.c:168:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(buf, AD_FILLER_NETATALK, strlen(AD_FILLER_NETATALK));
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:536:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EC_NEG1( header_len = read(fd, buf, AD_DATASZ_OSX) );
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:553:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(AD_FILLER_NETATALK)) != 0)
data/netatalk-3.1.12~ds/libatalk/adouble/ad_open.c:621:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) < 3)
data/netatalk-3.1.12~ds/libatalk/adouble/ad_read.c:49:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (( cc = read( ad_fd->adf_fd, buf, count )) < 0 ) {
data/netatalk-3.1.12~ds/libatalk/adouble/ad_read.c:72:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(ad->ad_data_fork.adf_syml);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_recvfile.c:91:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_ret = read(fromfd, buffer, toread);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_size.c:23:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(ad->ad_data_fork.adf_syml);
data/netatalk-3.1.12~ds/libatalk/adouble/ad_write.c:280:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cc = read(sfd, filebuf, buflen)) < 0) {
data/netatalk-3.1.12~ds/libatalk/bstring/bstradd.c:83:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(str);
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:189:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (strlen) (str);
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:217:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (strlen) (str);
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:381:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return bcatblk (b, (const void *) s, (int) strlen (s));
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:516:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str + i);
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:2783:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((n = (int) (2*strlen (fmt))) < START_VSNBUFF) n = START_VSNBUFF;
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:2795:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff->slen = (int) (strlen) ((char *) buff->data);
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:2831:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((n = (int) (2*strlen (fmt))) < START_VSNBUFF) n = START_VSNBUFF;
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:2843:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff->slen = (int) (strlen) ((char *) buff->data);
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:2878:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((n = (int) (2*strlen (fmt))) < START_VSNBUFF) n = START_VSNBUFF;
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:2890:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff->slen = (int) (strlen) ((char *) buff->data);
data/netatalk-3.1.12~ds/libatalk/bstring/bstrlib.c:2938:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n >= (l = b->slen + (int) (strlen) ((const char *) b->data + b->slen))) {
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:72:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)skey->data + CNID_DID_LEN);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:157:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:159:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:191:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(vol->v_path)) > (MAXPATHLEN - DBHOMELEN - DBLEN - 2)) {
data/netatalk-3.1.12~ds/libatalk/cnid/cdb/cnid_cdb_open.c:210:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/netatalk-3.1.12~ds/libatalk/cnid/dbd/cnid_dbd.c:248:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len[0] = strlen(vol->v_configname) + 1;
data/netatalk-3.1.12~ds/libatalk/cnid/dbd/cnid_dbd.c:249:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len[1] = strlen(vol->v_path) + 1;
data/netatalk-3.1.12~ds/libatalk/cnid/dbd/cnid_dbd.c:250:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len[2] = strlen(vol->v_obj->username);
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:115:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EC_ZERO_LOG( mysql_stmt_prepare(db->cnid_lookup_stmt, sql, strlen(sql)) );
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:151:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EC_ZERO_LOG( mysql_stmt_prepare(db->cnid_add_stmt, sql, strlen(sql)) );
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:191:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EC_ZERO_LOG( mysql_stmt_prepare(db->cnid_put_stmt, sql, strlen(sql)) );
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:332:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stmt_param_name, name, sizeof(stmt_param_name));
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:392:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stmt_param_name, name, sizeof(stmt_param_name));
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:545:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stmt_param_name, name, sizeof(stmt_param_name));
data/netatalk-3.1.12~ds/libatalk/cnid/mysql/cnid_mysql.c:684:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, row[1], len);
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_open.c:76:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(vol->v_path)) > (MAXPATHLEN - DBLEN - 1)) {
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_open.c:83:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/netatalk-3.1.12~ds/libatalk/cnid/tdb/cnid_tdb_open.c:98:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/netatalk-3.1.12~ds/libatalk/compat/strlcpy.c:37:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/netatalk-3.1.12~ds/libatalk/compat/strlcpy.c:58:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = strlen(d);
data/netatalk-3.1.12~ds/libatalk/compat/strlcpy.c:59:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = strlen(s);
data/netatalk-3.1.12~ds/libatalk/iniparser/dictionary.c:88:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = malloc(strlen(s)+1) ;
data/netatalk-3.1.12~ds/libatalk/iniparser/dictionary.c:116:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:63:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last = l + strlen(l);
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:207:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
seclen = (int)strlen(secname);
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:466:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(line);
data/netatalk-3.1.12~ds/libatalk/iniparser/iniparser.c:573:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(line)-1;
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:258:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen((const char *)src);
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:549:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_len = strlen(src);
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:565:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_len = strlen(src);
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:603:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_len = strlen(src);
data/netatalk-3.1.12~ds/libatalk/unicode/charcnv.c:717:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src) + 1;
data/netatalk-3.1.12~ds/libatalk/util/cnid.c:120:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(volpath);
data/netatalk-3.1.12~ds/libatalk/util/ftw.c:32:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NAMLEN(dirent) strlen ((dirent)->d_name)
data/netatalk-3.1.12~ds/libatalk/util/ftw.c:207:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (a + strlen(a));
data/netatalk-3.1.12~ds/libatalk/util/ftw.c:535:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
startp = data->dirbuf + strlen(data->dirbuf);
data/netatalk-3.1.12~ds/libatalk/util/ftw.c:659:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data.dirbufsize = MAX (2 * strlen (dir), PATH_MAX);
data/netatalk-3.1.12~ds/libatalk/util/gettok.c:155:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buf, "/" );
data/netatalk-3.1.12~ds/libatalk/util/logger.c:259:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strcmp(filename + strlen(filename) - 6, "XXXXXX") == 0) {
data/netatalk-3.1.12~ds/libatalk/util/logger.c:394:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(log_config.processname, processname, 15);
data/netatalk-3.1.12~ds/libatalk/util/module.c:31:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((underscore = (char *) malloc(strlen(name) + 2)) == NULL)
data/netatalk-3.1.12~ds/libatalk/util/module.c:33:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(underscore, "_");
data/netatalk-3.1.12~ds/libatalk/util/module.c:60:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((underscore = (char *) malloc(strlen(name) + 2)) == NULL)
data/netatalk-3.1.12~ds/libatalk/util/module.c:63:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(underscore, "_");
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:112:17: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(p, "%36s", uuid) == 1 ) {
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:151:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(fp) != '\n') fputc('\n', fp); /* last char is \n? */
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:192:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sys_setxattr(vol->v_path, eaname, eacontent, strlen(eacontent) + 1, 0)) == 0) {
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:383:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = MIN(p == q ? 2 : strlen(q), destlen);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:384:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, q, len);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:394:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, len);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:669:36: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
volume->v_umask = obj->options.umask;
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:697:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(name);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:956:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpvlen = strlen(tmpname);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:989:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpvlen = strlen(tmpname);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1367:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
initline(strlen(buf), buf);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1670:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(path, hdir, strlen(hdir)) != 0)
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1741:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
abspath_len = strlen(abspath);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1748:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t v_path_len = strlen(tmp->v_path);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1750:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (v_path_len < strlen(path) && path[v_path_len] != '/') {
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1794:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpbuf, path + match[0].rm_so, match[0].rm_eo - match[0].rm_so);
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:1878:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(name, tmp->v_configname, strlen(tmp->v_configname)) == 0) {
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:2014:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EC_NULL_LOG( options->k5keytab = malloc(strlen(p) + 14) );
data/netatalk-3.1.12~ds/libatalk/util/netatalk_conf.c:2015:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(options->k5keytab, strlen(p) + 14, "KRB5_KTNAME=%s", p);
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:177:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ret = read(fd, buf, IPC_HEADERLEN)) != IPC_HEADERLEN) {
data/netatalk-3.1.12~ds/libatalk/util/server_ipc.c:208:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ret = read(fd, buf, ipc.len)) != (int) ipc.len) {
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:43:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask(022);
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:60:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mask);
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:140:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask(022);
data/netatalk-3.1.12~ds/libatalk/util/server_lock.c:146:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mask);
data/netatalk-3.1.12~ds/libatalk/util/unix.c:226:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(p) - 1;
data/netatalk-3.1.12~ds/libatalk/util/unix.c:404:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, n) != n) {
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:94:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inplen = strlen(m);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:176:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*(ea->ea_entries))[count].ea_namelen = strlen((*(ea->ea_entries))[count].ea_name);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:353:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*(ea->ea_entries))[ea->ea_count].ea_namelen = strlen(attruname);
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:773:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(ea->ea_fd, ea->ea_data, ea->ea_size) != (ssize_t)ea->ea_size) {
data/netatalk-3.1.12~ds/libatalk/vfs/ea_ad.c:1111:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, rbuf, toread) != (ssize_t)toread) {
data/netatalk-3.1.12~ds/libatalk/vfs/ea_sys.c:317:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ptr);
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:393:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ent_size = strlen(ae->a_name) + sizeof("user.");
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:395:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(bp, "user.", sizeof("user."));
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:396:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(bp, ae->a_name, ent_size - sizeof("user."));
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:419:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ent_size = strlen(ae->a_name) + sizeof("system.");
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:421:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(bp, "system.", sizeof("system."));
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:422:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(bp, ae->a_name, ent_size - sizeof("system."));
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:453:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ptr1) +1;
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:887:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(attrfd, value, sbuf.st_size);
data/netatalk-3.1.12~ds/libatalk/vfs/extattr.c:911:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
listlen = strlen(de->d_name);
data/netatalk-3.1.12~ds/libatalk/vfs/unix.c:142:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc = read(sfd, filebuf, sizeof(filebuf)))) {
data/netatalk-3.1.12~ds/libatalk/vfs/vfs.c:488:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(name, "._", strlen("._")) == 0) {
data/netatalk-3.1.12~ds/libevent/arc4random.c:131:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, buf+numread, count-numread);
data/netatalk-3.1.12~ds/libevent/arc4random.c:266:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, buf, sizeof(buf));
data/netatalk-3.1.12~ds/libevent/buffer.c:2138:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, p, howmuch);
data/netatalk-3.1.12~ds/libevent/buffer.c:2208:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read((int)fd, v[0].iov_base, (unsigned int)v[0].iov_len);
data/netatalk-3.1.12~ds/libevent/buffer.c:2215:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read((int)fd, v[1].iov_base, (unsigned int)v[1].iov_len);
data/netatalk-3.1.12~ds/libevent/buffer.c:2833:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ev_ssize_t read;
data/netatalk-3.1.12~ds/libevent/buffer.c:2856:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
length -= read;
data/netatalk-3.1.12~ds/libevent/bufferevent_openssl.c:224:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return bio_bufferevent_write(b, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/evdns.c:1242:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = (int)strlen(tmp_name);
data/netatalk-3.1.12~ds/libevent/evdns.c:1898:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = dnsname_to_labels(buf, buf_len, j, s, strlen(s), &table);
data/netatalk-3.1.12~ds/libevent/evdns.c:1917:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = dnsname_to_labels(buf, buf_len, j, item->name, strlen(item->name), &table);
data/netatalk-3.1.12~ds/libevent/evdns.c:1929:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = dnsname_to_labels(buf, buf_len, j, item->data, strlen(item->data), &table);
data/netatalk-3.1.12~ds/libevent/evdns.c:2671:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t name_len = strlen(name);
data/netatalk-3.1.12~ds/libevent/evdns.c:2917:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EVUTIL_ASSERT(cp + strlen("ip6.arpa") < buf+sizeof(buf));
data/netatalk-3.1.12~ds/libevent/evdns.c:2918:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(cp, "ip6.arpa", strlen("ip6.arpa")+1);
data/netatalk-3.1.12~ds/libevent/evdns.c:3017:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
domain_len = strlen(domain);
data/netatalk-3.1.12~ds/libevent/evdns.c:3091:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t base_len = strlen(base_name);
data/netatalk-3.1.12~ds/libevent/evdns.c:3343:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t optlen = strlen(optionname);
data/netatalk-3.1.12~ds/libevent/evdns.c:3344:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(s1);
data/netatalk-3.1.12~ds/libevent/evdns.c:3509:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_out = strlen(path)+strlen(hostfile);
data/netatalk-3.1.12~ds/libevent/evdns.c:3509:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_out = strlen(path)+strlen(hostfile);
data/netatalk-3.1.12~ds/libevent/evdns.c:4029:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(hostname);
data/netatalk-3.1.12~ds/libevent/event.c:2642:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ln = strlen(str);
data/netatalk-3.1.12~ds/libevent/event.c:2692:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, (void*) &msg, sizeof(msg));
data/netatalk-3.1.12~ds/libevent/event.c:2711:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fd, (char*)buf, sizeof(buf)) > 0)
data/netatalk-3.1.12~ds/libevent/event_tagging.c:292:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evtag_marshal(buf, tag, string, (ev_uint32_t)strlen(string));
data/netatalk-3.1.12~ds/libevent/evrpc.c:215:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
constructed_uri_len = strlen(EVRPC_URI_PREFIX) + strlen(uri) + 1;
data/netatalk-3.1.12~ds/libevent/evrpc.c:215:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
constructed_uri_len = strlen(EVRPC_URI_PREFIX) + strlen(uri) + 1;
data/netatalk-3.1.12~ds/libevent/evrpc.c:219:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(constructed_uri, EVRPC_URI_PREFIX, strlen(EVRPC_URI_PREFIX));
data/netatalk-3.1.12~ds/libevent/evrpc.c:220:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(constructed_uri + strlen(EVRPC_URI_PREFIX), uri, strlen(uri));
data/netatalk-3.1.12~ds/libevent/evrpc.c:220:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(constructed_uri + strlen(EVRPC_URI_PREFIX), uri, strlen(uri));
data/netatalk-3.1.12~ds/libevent/evutil.c:84:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/netatalk-3.1.12~ds/libevent/evutil.c:163:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((r = read(fd, mem+read_so_far, N_TO_READ(st.st_size - read_so_far))) > 0) {
data/netatalk-3.1.12~ds/libevent/evutil.c:1628:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > len)
data/netatalk-3.1.12~ds/libevent/evutil.c:1664:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp);
data/netatalk-3.1.12~ds/libevent/evutil.c:1670:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > len)
data/netatalk-3.1.12~ds/libevent/evutil.c:1709:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eow = src+strlen(src);
data/netatalk-3.1.12~ds/libevent/evutil.c:2170:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n == 0 || n + _tcslen(library_name) + 2 >= MAX_PATH)
data/netatalk-3.1.12~ds/libevent/http.c:208:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EVUTIL_ASSERT(strlen(del) == 1);
data/netatalk-3.1.12~ds/libevent/http.c:265:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_size = strlen(html);
data/netatalk-3.1.12~ds/libevent/http.c:870:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) == 0) {
data/netatalk-3.1.12~ds/libevent/http.c:1768:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_len = strlen(header->value);
data/netatalk-3.1.12~ds/libevent/http.c:1769:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len = strlen(line);
data/netatalk-3.1.12~ds/libevent/http.c:2675:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = uri+strlen(uri);
data/netatalk-3.1.12~ds/libevent/http.c:2746:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ret = mm_malloc(strlen(uri) + 1)) == NULL) {
data/netatalk-3.1.12~ds/libevent/http.c:2748:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long)(strlen(uri) + 1));
data/netatalk-3.1.12~ds/libevent/http.c:2752:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evhttp_decode_uri_internal(uri, strlen(uri),
data/netatalk-3.1.12~ds/libevent/http.c:2764:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ret = mm_malloc(strlen(uri) + 1)) == NULL) {
data/netatalk-3.1.12~ds/libevent/http.c:2766:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long)(strlen(uri) + 1));
data/netatalk-3.1.12~ds/libevent/http.c:2770:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = evhttp_decode_uri_internal(uri, strlen(uri),
data/netatalk-3.1.12~ds/libevent/http.c:2809:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!query_part || !strlen(query_part)) {
data/netatalk-3.1.12~ds/libevent/http.c:2830:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((decoded_value = mm_malloc(strlen(value) + 1)) == NULL) {
data/netatalk-3.1.12~ds/libevent/http.c:2834:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evhttp_decode_uri_internal(value, strlen(value),
data/netatalk-3.1.12~ds/libevent/http.c:2874:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(path);
data/netatalk-3.1.12~ds/libevent/http.c:3603:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = host + strlen(host) - 1;
data/netatalk-3.1.12~ds/libevent/http.c:4146:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp);
data/netatalk-3.1.12~ds/libevent/http.c:4341:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _URI_ADD(f) evbuffer_add(tmp, uri->f, strlen(uri->f))
data/netatalk-3.1.12~ds/libevent/http.c:4450:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (scheme && !scheme_ok(scheme, scheme+strlen(scheme)))
data/netatalk-3.1.12~ds/libevent/http.c:4459:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (userinfo && !userinfo_ok(userinfo, userinfo+strlen(userinfo)))
data/netatalk-3.1.12~ds/libevent/http.c:4469:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! bracket_addr_ok(host, host+strlen(host)))
data/netatalk-3.1.12~ds/libevent/http.c:4472:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! regname_ok(host, host+strlen(host)))
data/netatalk-3.1.12~ds/libevent/http.c:4494:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path && end_of_cpath(path, PART_PATH, uri->flags) != path+strlen(path))
data/netatalk-3.1.12~ds/libevent/http.c:4503:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (query && end_of_cpath(query, PART_QUERY, uri->flags) != query+strlen(query))
data/netatalk-3.1.12~ds/libevent/http.c:4511:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fragment && end_of_cpath(fragment, PART_FRAGMENT, uri->flags) != fragment+strlen(fragment))
data/netatalk-3.1.12~ds/libevent/log.c:181:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/netatalk-3.1.12~ds/libevent/sample/event-test.c:58:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf) - 1);
data/netatalk-3.1.12~ds/libevent/sample/hello-world.c:105:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, MESSAGE, strlen(MESSAGE));
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:192:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(decoded_path)+strlen(docroot)+2;
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:192:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(decoded_path)+strlen(docroot)+2;
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:220:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(path) || path[strlen(path)-1] != '/')
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:220:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(path) || path[strlen(path)-1] != '/')
data/netatalk-3.1.12~ds/libevent/sample/http-server.c:224:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirlen = strlen(whole_path);
data/netatalk-3.1.12~ds/libevent/test/regress.c:98:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read(fd,buf,len) recv((fd),(buf),(int)(len),0)
data/netatalk-3.1.12~ds/libevent/test/regress.c:114:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/netatalk-3.1.12~ds/libevent/test/regress.c:134:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/netatalk-3.1.12~ds/libevent/test/regress.c:171:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = write(fd, TEST1, strlen(TEST1) + 1);
data/netatalk-3.1.12~ds/libevent/test/regress.c:217:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, rbuf + roff, sizeof(rbuf) - roff);
data/netatalk-3.1.12~ds/libevent/test/regress.c:265:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/netatalk-3.1.12~ds/libevent/test/regress.c:319:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(pair[0], TEST1, strlen(TEST1)+1) < 0) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:364:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(pair[0], TEST1, strlen(TEST1)+1) < 0) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:820:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(pair[0], TEST1, strlen(TEST1)+1) < 0) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:862:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(pair[0], TEST1, strlen(TEST1)+1) < 0) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:879:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(pair[0], TEST1, strlen(TEST1)+1) < 0) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:1297:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int towrite = (int)strlen(TEST1)+1;
data/netatalk-3.1.12~ds/libevent/test/regress.c:1443:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, sizeof(buf)) < 0) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:1606:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(pair[1], TEST1, strlen(TEST1)+1) < 0) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:1630:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/netatalk-3.1.12~ds/libevent/test/regress.c:1636:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(pair[0], TEST1, strlen(TEST1)+1) < 0) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:1656:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(pair[0], TEST1, strlen(TEST1)+1) < 0) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:2053:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(data->pair[1], TEST1, strlen(TEST1)+1) < 0) {
data/netatalk-3.1.12~ds/libevent/test/regress.c:2136:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("Hello world")), >, 0);
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:187:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_drain(evb, strlen("hello/"));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:573:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_int_op(len, ==, strlen(data));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:589:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_assert(evbuffer_add_reference(src, data, strlen(data),
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:592:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_reserve_space(dst, strlen(data), v, 1);
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:604:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(data) - 10) != -1);
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:606:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v[0].iov_len = strlen(data);
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:614:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_assert(!memcmp(evbuffer_pullup(dst, strlen(data)),
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:615:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data, strlen(data)));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:671:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datalen = strlen(data);
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:689:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_int_op(evbuffer_read(src, pair[1], (int)strlen(data)), ==, datalen);
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:725:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!cp || sz != strlen(content) || strcmp(cp, content)) { \
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:732:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(evb, s, strlen(s)+2);
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:744:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(evb, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:760:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(evb, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:790:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(evb, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:815:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(evb, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:835:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(evb, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:860:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(evb_tmp, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:865:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(evb_tmp, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:870:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(evb_tmp, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:899:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(evb_tmp, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:939:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(buf, s, strlen(s));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:991:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 1; j < strlen(abc); ++j) {
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1037:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(buf, (u_char*)test1, strlen(test1));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1039:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_drain(buf, strlen(test1));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1041:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(buf, (u_char*)test2, strlen(test2));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1050:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_drain(buf, strlen(test2));
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1296:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = strlen(chunk1), len2=strlen(chunk2);
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1296:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = strlen(chunk1), len2=strlen(chunk2);
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1433:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_int_op((v)->iov_len, ==, strlen(s)); \
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1434:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_assert(!memcmp((v)->iov_base, (s), strlen(s)))
data/netatalk-3.1.12~ds/libevent/test/regress_buffer.c:1558:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
evbuffer_add(buf, string, strlen(string));
data/netatalk-3.1.12~ds/libevent/test/regress_dns.c:474:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(addresses)+1;
data/netatalk-3.1.12~ds/libevent/test/regress_et.c:107:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(pair[0], test, (int)strlen(test)+1, 0);
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:178:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t s_sz = strlen(s);
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:200:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = evbuffer_search(buf, s, strlen(s), NULL);
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:272:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp("END", multi + strlen(multi) - 3) == 0)
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:353:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:388:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:415:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:438:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:574:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:608:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:689:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:754:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev1, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:771:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev2, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:788:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev3, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:803:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_assert(!strncmp(result1, "HTTP/1.1 501 ", strlen("HTTP/1.1 501 ")));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:807:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_assert(!strncmp(result2, "HTTP/1.1 200 ", strlen("HTTP/1.1 200 ")));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:811:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_assert(!strncmp(result3, "HTTP/1.1 501 ", strlen("HTTP/1.1 501 ")));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1136:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (evbuffer_get_length(evhttp_request_get_input_buffer(req)) != strlen(what)) {
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1308:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1395:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (evbuffer_get_length(evhttp_request_get_input_buffer(req)) != strlen(what)) {
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1397:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long)evbuffer_get_length(evhttp_request_get_input_buffer(req)), (unsigned long)strlen(what));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1534:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (evbuffer_get_length(evhttp_request_get_input_buffer(req)) != strlen(POST_DATA)) {
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1536:98: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long) evbuffer_get_length(evhttp_request_get_input_buffer(req)), (unsigned long) strlen(POST_DATA));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1577:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (evbuffer_get_length(evhttp_request_get_input_buffer(req)) != strlen(what)) {
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1579:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long)evbuffer_get_length(evhttp_request_get_input_buffer(req)), (unsigned long)strlen(what));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1652:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (evbuffer_get_length(evhttp_request_get_input_buffer(req)) != strlen(PUT_DATA)) {
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1654:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long)evbuffer_get_length(evhttp_request_get_input_buffer(req)), (unsigned long)strlen(PUT_DATA));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1695:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (evbuffer_get_length(evhttp_request_get_input_buffer(req)) != strlen(what)) {
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1697:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned long)evbuffer_get_length(evhttp_request_get_input_buffer(req)), (unsigned long)strlen(what));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:1747:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:2390:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_int_op(sz,==,strlen(from)); \
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:2400:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tt_int_op(sz,==,strlen(want)); \
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:2503:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:2584:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:2793:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:2959:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_http_stream_in_test(arg, "/test", strlen(BASIC_REQUEST_BODY),
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:3271:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_start_request, strlen(http_start_request));
data/netatalk-3.1.12~ds/libevent/test/regress_http.c:3547:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bev, http_request, strlen(http_request));
data/netatalk-3.1.12~ds/libevent/test/regress_iocp.c:328:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferevent_write(bea1, "Hello world", strlen("Hello world")+1);
data/netatalk-3.1.12~ds/libevent/test/regress_thread.c:409:22: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define SLEEP_MS(ms) usleep((ms) * 1000)
data/netatalk-3.1.12~ds/libevent/test/test-eof.c:109:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(pair[0], test, (int)strlen(test)+1, 0);
data/netatalk-3.1.12~ds/libevent/test/test-weof.c:68:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = send(fd, test, (int)strlen(test) + 1, 0);
data/netatalk-3.1.12~ds/libevent/test/tinytest.c:186:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = (int)read(outcome_pipe[0], b, 1);
data/netatalk-3.1.12~ds/libevent/win32select.c:119:76: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
do_fd_set(struct win32op *op, struct idx_info *ent, evutil_socket_t s, int read)
data/netatalk-3.1.12~ds/libevent/win32select.c:121:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct win_fd_set *set = read ? op->readset_in : op->writeset_in;
data/netatalk-3.1.12~ds/libevent/win32select.c:122:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/netatalk-3.1.12~ds/libevent/win32select.c:133:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
set = read ? op->readset_in : op->writeset_in;
data/netatalk-3.1.12~ds/libevent/win32select.c:136:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/netatalk-3.1.12~ds/libevent/win32select.c:145:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct win32op *op, struct idx_info *ent, int read)
data/netatalk-3.1.12~ds/libevent/win32select.c:148:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct win_fd_set *set = read ? op->readset_in : op->writeset_in;
data/netatalk-3.1.12~ds/libevent/win32select.c:149:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/netatalk-3.1.12~ds/libevent/win32select.c:167:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:68:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(name);
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:100:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PUSHVAL(p, uint16_t, ntohs(strlen(name)), len);
data/netatalk-3.1.12~ds/test/afpd/afpfunc_helpers.c:207:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char len = strlen(name);
data/netatalk-3.1.12~ds/test/afpd/test.h:54:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alignok(strlen(#a)); \
data/netatalk-3.1.12~ds/test/afpd/test.h:60:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alignok(strlen(#a)); \
data/netatalk-3.1.12~ds/test/afpd/test.h:68:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alignok(strlen(#a)); \
ANALYSIS SUMMARY:
Hits = 1975
Lines analyzed = 162971 in approximately 5.02 seconds (32485 lines/second)
Physical Source Lines of Code (SLOC) = 115318
Hits@level = [0] 479 [1] 507 [2] 1202 [3] 57 [4] 185 [5] 24
Hits@level+ = [0+] 2454 [1+] 1975 [2+] 1468 [3+] 266 [4+] 209 [5+] 24
Hits/KSLOC@level+ = [0+] 21.2803 [1+] 17.1266 [2+] 12.73 [3+] 2.30667 [4+] 1.81238 [5+] 0.20812
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.